-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsubov88r.go
103 lines (88 loc) · 2.26 KB
/
subov88r.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package main
import (
"bufio"
"flag"
"fmt"
"net"
"net/http"
"os"
"os/exec"
"regexp"
"strings"
)
// ANSI color codes
const (
Red = "\033[0;31m"
Blue = "\033[0;34m"
Green = "\033[0;32m"
NC = "\033[0m" // No Color
)
func main() {
// Parse command-line arguments
filepath := flag.String("f", "", "Path to the subdomains file")
flag.Parse()
// Check for provided subdomains file
if *filepath == "" {
fmt.Println("Usage: subov88r -f subdomains.txt")
os.Exit(88)
}
// Open subdomains file
file, err := os.Open(*filepath)
if err != nil {
fmt.Println("Error while opening file:", err)
os.Exit(1)
}
defer file.Close()
// Loop over the list of subdomains
scanner := bufio.NewScanner(file)
for scanner.Scan() {
subdomain := scanner.Text()
// Get the CNAME record for the subdomain
cname, _ := net.LookupCNAME(subdomain)
// Get the status of the subdomain
status, err := getStatus(subdomain)
if err != nil {
fmt.Printf("Error getting status for %s: %v\n", subdomain, err)
continue
}
isVuln := azureSTO(cname, status)
if isVuln {
fmt.Printf("[%v, %v, %v] Possiply Vulnerable to subdomain takeover vulnerability", subdomain, cname, status)
}
// Print results with ANSI colors
fmt.Printf("%sSubdomain: %s %s, %sCNAME: %s %s, %sStatus: %s%s\n", Red, subdomain, NC, Blue, cname, NC, Green, status, NC)
}
}
// getStatus gets the status from the dig output
func getStatus(subdomain string) (string, error) {
cmd := exec.Command("dig", subdomain)
digResult, err := cmd.CombinedOutput()
if err != nil {
return "", err
}
digOutput := string(digResult)
status := ""
lines := strings.Split(digOutput, "\n")
for _, line := range lines {
if strings.Contains(line, "status:") {
fields := strings.Fields(line)
if len(fields) >= 4 {
status = fields[5]
break
}
}
}
return status, nil
}
// function that check for subdomain takeover in azure services
func azureSTO(cname string, status string) bool {
azureRegex := regexp.MustCompile(`(?i)^(?:[a-z0-9-]+\.)?(?:cloudapp\.net|azurewebsites\.net|cloudapp\.azure\.com)$`)
if strings.Contains(status, "NXDOMAIN") && azureRegex.MatchString(cname) {
url := fmt.Sprintf("https://%s", cname)
_, err := http.Get(url)
if err != nil {
return true
}
}
return false
}