Skip to content

NetSPI/crossdomainscanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
README.md
README.md
 
 
TLD.txt
TLD.txt
 
 
requirements.txt
requirements.txt
 
 
scanner.py
scanner.py
 
 

Repository files navigation

crossdomainscanner

Python tool to check for expired domains still allowed in crossdomain.xml files.

For more on this tool please go here.

Installation

~$ git clone https://github.com/NetSPI/crossdomainscanner
~$ cd crossdomainScanner
~$ pip install -r requirements.txt
[follow the example below for runtime usage]

Example:

~$ python scanner.py https://jakereynolds.co -v -o output.txt
~$ cat output.txt
Searching crossdomain.xml on https://jakereynolds.co for unregistered domains

=============================================================

Crossdomain contents:
 - asdaasdasfwkjhcjhbwrgkljsv.com
 - thisisanexpireddomainaswell.es
 - thishasaninvalidTLD.invalidtld
  - Invalid TLD: invalidtld
 - jakereynoldsexpireddomain.com

Possible expired domains:
asdaasdasfwkjhcjhbwrgkljsv.com
thisisanexpireddomainaswell.es
jakereynoldsexpireddomain.com

This means that https://jakereynolds.co allows http://jakereynoldsexpireddomain.com in their crossdomain.xml file. However, the latter is not registered to any DNS. An attacker could now buy that domain and get full cross-domain access to https://jakereynolds.co

This tool is created for Ethical Hacking purposes, any illicit use is not related to its creator.

About

Python tool for expired domain discovery in crossdomain.xml files

Resources

Readme
Activity
Custom properties

Stars

23 stars

Watchers

5 watching

Forks

16 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages