Last updated: April 30, 2020 | 83 views Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by c
Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by crawling the application and collecting URLs (and other data) that match specific rules or respond in a specific way.
Using Second Order Subdomain Takeover Scanner Tool
Command line options:
Base link to start scraping from (default “http://127.0.0.1”)
Configuration file (default “config.json”)
Print visited links in real–time to stdout
Directory to save results in (default “output”)
go run second–order.go –base https://example.com -config config.json -output example.com -concurrency 10
Config File for Second Order Subdomain Takeover Scanner Tool
Example configuration file included (config.json)
- Headers: A map of headers that will be sent with every request.
- Depth: Crawling depth.
- LogCrawledURLs: If this is set to true, Second Order will log the URL of every crawled page.
- LogQueries: A map of tag-attribute queries that will be searched for in crawled pages. For example, “a”: “href” means log every href attribute of every a tag.
- LogURLRegex: A list of regular expressions that will be matched against the URLs that are extracted using the queries in LogQueries; if left empty, all URLs will be logged.
- LogNon200Queries: A map of tag-attribute queries that will be searched for in crawled pages, and logged only if they don’t return a 200 status code.
- ExcludedURLRegex: A list of regular expressions whose matching URLs will not be accessed by the tool.
- ExcludedStatusCodes: A list of status codes; if any page responds with one of these, it will be excluded from the results of LogNon200Queries; if left empty, all non-200 pages’ URLs will be logged.
- LogInlineJS: If this is set to true, Second Order will log the contents of every script tag that doesn’t have a src attribute.
You can download Second Order here:
Or read more here.
Posted in: Networking Hacking Tools
Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
April 30, 2020 – 18 Shares
Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
April 15, 2020 – 315 Shares
zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
March 31, 2020 – 295 Shares
Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
March 29, 2020 – 398 Shares
Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target’s name as the stem argument (e.g. shopify).
March 24, 2020 – 207 Shares
Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
February 27, 2020 – 678 Shares