Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/NetSPI/crossdomainscanner

Python tool for expired domain discovery in crossdomain.xml files
https://github.com/NetSPI/crossdomainscanner

Last synced: about 1 month ago
JSON representation

Python tool for expired domain discovery in crossdomain.xml files

Awesome Lists containing this project

README 

        
# crossdomainscanner

Python tool to check for expired domains still allowed in crossdomain.xml files.



For more on this tool please go [here](https://blog.netspi.com/defeating-csrf-protections-expired-cross-domain-xml-domains/).

## Installation

```

~$ git clone https://github.com/NetSPI/crossdomainscanner

~$ cd crossdomainScanner

~$ pip install -r requirements.txt

[follow the example below for runtime usage]

```

## Example:



```

~$ python scanner.py https://jakereynolds.co -v -o output.txt

~$ cat output.txt

Searching crossdomain.xml on https://jakereynolds.co for unregistered domains



=============================================================



Crossdomain contents:

 - asdaasdasfwkjhcjhbwrgkljsv.com

 - thisisanexpireddomainaswell.es

 - thishasaninvalidTLD.invalidtld

  - Invalid TLD: invalidtld

 - jakereynoldsexpireddomain.com



Possible expired domains:

asdaasdasfwkjhcjhbwrgkljsv.com

thisisanexpireddomainaswell.es

jakereynoldsexpireddomain.com

```



This means that https://jakereynolds.co allows http://jakereynoldsexpireddomain.com in their crossdomain.xml file.  However, the latter is not registered to any DNS.  An attacker could now buy that domain and get full cross-domain access to https://jakereynolds.co



This tool is created for Ethical Hacking purposes, any illicit use is not related to its creator.