-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsubtakeover.py
118 lines (105 loc) · 5.2 KB
/
subtakeover.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
import os,sys
import requests
from argparse import ArgumentParser
fingers = ["Sorry, this page is no longer available.",
"If this is your website and you've just created it, try refreshing in a minute",
"The specified bucket does not exist",
"Repository not found",
"Trying to access your account?",
"404 Not Found",
"Domain uses DO name serves with no records in DO.",
"404: This page could not be found.",
"The thing you were looking for is no longer here, or never was",
"There isn't a Github Pages site here.",
"404 Blog is not found",
"We could not find what you're looking for.",
"No settings were found for this company:",
"Uh oh. That page doesn't exist.",
"is not a registered InCloud YouTrack",
"No Site For Domain",
"It looks like you may have taken a wrong turn somewhere. Don't worry...it happens to all of us.",
"Tunnel *.ngrok.io not found",
"404 error unknown site!",
"This public report page has not been activated by the user",
"Project doesnt exist... yet!",
"This job board website is either expired or its domain name is invalid.",
"page not found",
"project not found",
"Non-hub domain, The URL you've accessed does not provide a hub.",
"This UserVoice subdomain is currently available!",
"Do you want to register *.wordpress.com?",
"Hello! Sorry, but the website you’re looking for doesn’t exist.",
"The requested URL was not found on this server.",
"Please renew your subscription",
"Whatever you were looking for doesn't currently exist at this address",
"Sorry, this shop is currently unavailable.",
"Unrecognized domain",
"No such app",
"Fastly error: unknown domain:"]
parser = ArgumentParser(description="Subdomain Takeover Tool", epilog="Usage : python3 subtake.py -f file.txt")
parser.add_argument('-f','--file',dest="subfile",metavar='',help="Subdomains file",required=True)
args = parser.parse_args()
#colors....
red = "\033[1;31m"
green = "\033[1;32m"
reset = "\033[0m"
def check_bug(url):
try:
r = requests.post(url,timeout=5).text
for finger in fingers:
if finger in r:
print(f"\033[1;32m[ Vulnerable ] \033[0m {url}")
print(f"\033[1;31m[ Not Vulnerable ] \033[0m {url}")
except KeyboardInterrupt:
print("\033[1;31m[-] \033[1;0mYou pressed CTRL + C")
exit(1)
except requests.exceptions.SSLError:
print(f"\033[1;31m[ SSL ERROR ] \033[1;0m{url}")
except requests.exceptions.ConnectionError:
print(f"\033[1;31m[ HTTP ERROR ] \033[1;0m{url}")
except requests.exceptions.InvalidURL:
print(f"\033[1;31m[ INVALID URL ] \033[1;0m{url}")
except requests.exceptions.ReadTimeout:
print(f"\033[1;31m[ TIME OUT ] \033[1;0m{url}")
def check(file):
f = open(file,"r")
sites = f.readlines()
for line in sites:
site = line.strip()
check_bug(site)
def add_protocol(subfile):
readWords = open(subfile,'r')
proto_added = open("validurls.txt","w")
for words in readWords:
if not words.isspace():
words = words.rstrip()
words = words.replace("https://","")
words = words.replace("http://","")
words = words.replace("https://www.","")
words = words.replace("http://www/","")
words = words.replace("/","")
words = "http://{}".format(words)
proto_added.write("{}\n".format(words))
proto_added.close()
filename = "validurls.txt"
check(filename)
def banner():
print("-------------------------------------------------------------------------------------------------------")
#print("\n")
print(" ###### ## ## ######## ######## ### ## ## ######## ####### ## ## ######## ######## ")
print("## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ")
print("## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ")
print(" ###### ## ## ######## ## ## ## ##### ###### ## ## ## ## ###### ########")
print(" ## ## ## ## ## ## ######### ## ## ## ## ## ## ## ## ## ## ")
print("## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ")
print(" ###### ####### ######## ## ## ## ## ## ######## ####### ### ######## ## ##")
#print("\n")
print("----------------------------------------------------------------@Mr_3rr0r_501--------------------------")
if __name__ == "__main__":
banner()
print("\n\033[1;32m[+] Subdomain takeover started....\n \033[1;0m")
if os.path.isfile(args.subfile):
add_protocol(args.subfile)
else:
print(f"\033[1;31m[ File Not Found ]\033[1;0m {args.subfile}")
print("\n🔥\033[1;32m|------|💀Takeover Done💀|------|\033[1;0m🔥\n")