{"id":13542382,"url":"https://github.com/mhmdiaa/second-order","last_synced_at":"2025-04-05T20:06:24.254Z","repository":{"id":22120580,"uuid":"95256324","full_name":"mhmdiaa/second-order","owner":"mhmdiaa","description":"Second-order subdomain takeover scanner","archived":false,"fork":false,"pushed_at":"2023-03-06T23:01:47.000Z","size":92,"stargazers_count":386,"open_issues_count":3,"forks_count":65,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-03-29T19:04:25.892Z","etag":null,"topics":["crawler","crawling","infosec","mapping","penetration-testing","penetration-testing-tools","pentesting","recon","reconnaissance","security","security-tools","web-application-security","wordlist","wordlist-generator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mhmdiaa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-06-23T21:03:27.000Z","updated_at":"2025-03-24T05:35:33.000Z","dependencies_parsed_at":"2024-01-14T08:06:35.513Z","dependency_job_id":null,"html_url":"https://github.com/mhmdiaa/second-order","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhmdiaa%2Fsecond-order","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhmdiaa%2Fsecond-order/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhmdiaa%2Fsecond-order/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhmdiaa%2Fsecond-order/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mhmdiaa","download_url":"https://codeload.github.com/mhmdiaa/second-order/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247393569,"owners_count":20931812,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crawler","crawling","infosec","mapping","penetration-testing","penetration-testing-tools","pentesting","recon","reconnaissance","security","security-tools","web-application-security","wordlist","wordlist-generator"],"created_at":"2024-08-01T10:01:05.946Z","updated_at":"2025-04-05T20:06:24.229Z","avatar_url":"https://github.com/mhmdiaa.png","language":"Go","readme":"# Second Order\n\nScans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain rules, or respond in a certain way.\n\n## Installation\n### From binary\nDownload a prebuilt binary from the [releases page](https://github.com/mhmdiaa/second-order/releases/latest) and unzip it.\n\n### From source\nGo version 1.17 is recommended.\n```\ngo install -v github.com/mhmdiaa/second-order@latest\n```\n\n### Docker\n```\ndocker pull mhmdiaa/second-order\n```\n\n## Command line options\n```\n  -target string\n        Target URL\n  -config string\n        Configuration file (default \"config.json\")\n  -depth int\n        Depth to crawl (default 1)\n  -header value\n    \tHeader name and value separated by a colon 'Name: Value' (can be used more than once)\n  -insecure\n        Accept untrusted SSL/TLS certificates\n  -output string\n        Directory to save results in (default \"output\")\n  -threads int\n        Number of threads (default 10)\n```\n\n## Configuration File\n**Example configuration files are in [config](/config/)**\n- `LogQueries`: A map of tag-attribute queries that will be searched for in crawled pages. For example, `\"a\": \"href\"` means log every `href` attribute of every `a` tag.\n- `LogNon200Queries`: A map of tag-attribute queries that will be searched for in crawled pages, and logged only if they contain a valid URL that doesn't return a `200` status code.\n- `LogInline`: A list of tags whose inline content (between the opening and closing tags) will be logged, like `title` and `script`\n\n## Output\nAll results are saved in JSON files that specify what and where data was found\n\n- The results of `LogQueries` are saved in `attributes.json`\n```\n{\n    \"https://example.com/\": {\n        \"input[name]\": [\n            \"user\",\n            \"id\",\n            \"debug\"\n        ]\n    }\n}\n```\n- The results of `LogNon200Queries` are saved in `non-200-url-attributes.json`\n```\n{\n    \"https://example.com/\": {\n        \"script[src]\": [\n            \"https://cdn.old_abandoned_domain.com/app.js\",\n        ]\n    }\n}\n```\n- The results of `LogInline` are saved in `inline.json`\n```\n{\n    \"https://example.com/\": {\n        \"title\": [\n            \"Example - Home\"\n        ]\n    },\n      \"https://example.com/login\": {\n        \"title\": [\n            \"Example - login\"\n        ]\n    }\n}\n```\n\n## Usage Ideas\nThis is a list of tips and ideas (not necessarily related to second-order subdomain takeover) on what to use Second Order for.\n- Check for second-order subdomain takeover: [takeover.json](config/takeover.json). (Duh!)\n- Collect inline and imported JS code: [javascript.json](config/javascript.json).\n- Find where a target hosts static files [cdn.json](config/cdn.json). (S3 buckets, anyone?)\n- Collect `\u003cinput\u003e` names to build a tailored parameter bruteforcing wordlist: [parameters.json](config/parameters.json).\n- Feel free to contribute more ideas!\n\n## References\nhttps://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/#secondorder\n\nhttps://edoverflow.com/2017/broken-link-hijacking/\n","funding_links":[],"categories":["Miscellaneous","Go","信息搜集"],"sub_categories":["Subdomain Takeover"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhmdiaa%2Fsecond-order","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmhmdiaa%2Fsecond-order","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhmdiaa%2Fsecond-order/lists"}