From 7ecceefe1358871a390230d3ac4197e8f6a0ac2f Mon Sep 17 00:00:00 2001 From: Nemesis <83503290+Nemesis0U@users.noreply.github.com> Date: Fri, 10 Nov 2023 03:40:11 +0300 Subject: [PATCH] Add files via upload --- LICENSE | 21 +++ README.md | 95 ++++++++++ banner.png | Bin 0 -> 11626 bytes fingerprint.json | 482 +++++++++++++++++++++++++++++++++++++++++++++++ go.mod | 16 ++ go.sum | 19 ++ subhunter.go | 355 ++++++++++++++++++++++++++++++++++ 7 files changed, 988 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 banner.png create mode 100644 fingerprint.json create mode 100644 go.mod create mode 100644 go.sum create mode 100644 subhunter.go diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..deb9588 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 Nemesis + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..4e3db3d --- /dev/null +++ b/README.md @@ -0,0 +1,95 @@ +# Subhunter +## A fast subdomain takeover tool + + + +## Description: + +Subdomain takeover is a common vulnerability that allows an attacker to gain control over a subdomain of a target domain and redirect users intended for an organization's domain to a website that performs malicious activities, such as phishing campaigns, +stealing user cookies, etc. It occurs when an attacker gains control over a subdomain of a target domain. +Typically, this happens when the subdomain has a CNAME in the DNS, but no host is providing content for it. +Subhunter takes a given list of subdomains and scans them to check this vulnerability. + +## Features: + +- Auto update +- Uses random user agents +- Built in Go +- Uses a fork of fingerprint data from well known sources ([can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz/blob/master/README.md)) + +## Installation: + +### Option 1: + +[Download](https://github.com/Nemesis0U/Subhunter/releases) from releases + +### Option 2: +Build from source: + + $ git clone https://github.com/Nemesis0U/Subhunter.git + $ go build subhunter.go + +## Usage: + +### Options: + +``` +Usage of subhunter: + -l string + File including a list of hosts to scan + -o string + File to save results + -t int + Number of threads for scanning (default 50) + -timeout int + Timeout in seconds (default 20) +``` + +### Demo (Added fake fingerprint for POC): + +``` +./Subhunter -l subdomains.txt -o test.txt + + ____ _ _ _ + / ___| _ _ | |__ | |__ _ _ _ __ | |_ ___ _ __ + \___ \ | | | | | '_ \ | '_ \ | | | | | '_ \ | __| / _ \ | '__| + ___) | | |_| | | |_) | | | | | | |_| | | | | | | |_ | __/ | | + |____/ \__,_| |_.__/ |_| |_| \__,_| |_| |_| \__| \___| |_| + + +A fast subdomain takeover tool + +Created by Nemesis + +Loaded 88 fingerprints for current scan + +----------------------------------------------------------------------------- + +[+] Nothing found at www.ubereats.com: Not Vulnerable +[+] Nothing found at testauth.ubereats.com: Not Vulnerable +[+] Nothing found at apple-maps-app-clip.ubereats.com: Not Vulnerable +[+] Nothing found at about.ubereats.com: Not Vulnerable +[+] Nothing found at beta.ubereats.com: Not Vulnerable +[+] Nothing found at ewp.ubereats.com: Not Vulnerable +[+] Nothing found at edgetest.ubereats.com: Not Vulnerable +[+] Nothing found at guest.ubereats.com: Not Vulnerable +[+] Google Cloud: Possible takeover found at testauth.ubereats.com: Vulnerable +[+] Nothing found at info.ubereats.com: Not Vulnerable +[+] Nothing found at learn.ubereats.com: Not Vulnerable +[+] Nothing found at merchants.ubereats.com: Not Vulnerable +[+] Nothing found at guest-beta.ubereats.com: Not Vulnerable +[+] Nothing found at merchant-help.ubereats.com: Not Vulnerable +[+] Nothing found at merchants-beta.ubereats.com: Not Vulnerable +[+] Nothing found at merchants-staging.ubereats.com: Not Vulnerable +[+] Nothing found at messages.ubereats.com: Not Vulnerable +[+] Nothing found at order.ubereats.com: Not Vulnerable +[+] Nothing found at restaurants.ubereats.com: Not Vulnerable +[+] Nothing found at payments.ubereats.com: Not Vulnerable +[+] Nothing found at static.ubereats.com: Not Vulnerable + +Subhunter exiting... +Results written to test.txt + + +``` + diff --git a/banner.png b/banner.png new file mode 100644 index 0000000000000000000000000000000000000000..d293b4a886e4116a1f3a0476eb95580fc74f3b1a GIT binary patch literal 11626 zcmZ{K2|SeR_xP0JmLj)BS#P>gmn@AX!&pLY5wfp?#Msw{8f&Q(;&zoK1|>0!LH5xg z3O5X87Q1W>?`tc)WElRh>fZ0YpWo;I&gb(!=RMDP&U2pgoadSIoafv#Gcnw|TVyu^ zf!KTgcYSjNVuvvTvF*!G+hI&$vjU7j@Lo1D)JJS?{c@=VDG0Y z!|bLPy03Vc@7i_BQg7jchVsFEmr#fF6Jv6p#suyw*F7O6MaZ*Mul!x%rc~qM1JBND zoY)tCb>^tf_FsQ}mX@)~75Z5z*m$e~>=_;Vuzz1futo<~LUV)E0L+o<+Dkxprn-jQcq4|BSB5 z*LLi0{;C%gG@9D&jX`=5r zxiz&vo|s1-01S4#N|F5=_5UrKBK(eM{Lo45VNPYtn@L~?BC9PH#+9|x<$g4jHDxJ& z13L^lRR6~;<@BM0h?wJ3mkw>=Xoh+HuU}qmG7tW=9TBtbdeg_JUn5|=u+iAJCQVtM zfAS&@XYidy^ofW4{tXAez6$Zuf51xx1wVfSrSl)b8b!oZ0YmA2Og zk{@in}{$G2wB zU1n}teH{L;g?y_)#PpYM$b1L?^KLS>T^9Ne2G+cYCDCU?zq#a=IPtLvh4;sKU=c9Bo zitP}cf8Mzq3Hm_Pdr9K2j|1oSi`V9x5EUGUpwICRiAdW_H@Xy z^F>0p(H$d?ig{}0iciP$KcmMyOjd4{k8Ho9FIWMxy@acVPPoN1w-zlmr_b7j9RZ&cb?BBe?oH&Go(0FK{m6NVCcr$rFueokRO6XZ^G{N9X3d8UoWs zIu(-pIQ4c8-rcBL0j-sQP=+CZgHlo66$-s~#IOcY6frVZPpplaqKHwtCn}-_F*}TKeFMX&AJPzH* zpC1nD|4l5tGnL|wF3@rgAm%uJ7HUTR_TF~Cpm-^gFFn%_*Maxv+E9z<$u_Qg;^KYi?{rXV)?%l4}w9BC6wX^{V+~=TJ4? zl3E~PzLrebljt8lOdN6OCUqnd_H_2AQUaVJXO&~F516YJrqSyGY@3Nk2rtrGDxZhw8d&>3wRyZUyi(yUlzu78g`pi?%R>fwy0l7CaLn1 zp2#vBK#Y7LGOztep9C}rb>1G$k~s8snN!apmiM~k$vs0?QGrWUICy|Ub5_wdE20|r zt@2@NCvY|Or(0cvH5j5_CN6lCGSa7xm>95EDAu@7XuV)Qxn~BCOV<)hr&j@=suudZ znr^A8PhTlTRaSRP3%l55_2w+~x)qe;52(l1IZ`R|+Myz4^m#v_?WwGfhM&0J!&i9k zAv&g-@b2Q8p(3*99v~A>LANNYFeg$MUcMCr>5KkUrn*elRz>m^`Y@L|!w%Em9#B7~ za51QW(p`I`$+2@RGZeyqo$cPvKQ4ibgLQf6l@qAz#xA>H{k;81NJ$PAD92?8A!81{ zsG4`?OCs=gwnafb??i!^on=^V9s92_lJNuNb3T@75`l;GXDoOFwvLdHHqM)G%%%VZ zh1pFn{{CMLXqC$)e0CCiyj4|EgHTpg&^^4FxMHYClhoG|{=ti{c-=FfwP!H(Kn~2I zm`%YImxsjE)rAk^X2oI*%1qH0kfZyo8{0Ex3a%Ip*Hm|XK2Vlj%_>bK@FaLyEpP>u z4&G-}jrQ%5OLH!jO(wMLw&k*yGD7EvtD+)OKe-aPXVLbXn!;s8lJ|0m&SaZJLhEbh z^_jtvB|qebZe(L9?Ng!!DmUqf%8e9Yt;#Le)4``ZWOJx~IZL;rqXD;x=Kz@bk8V&x zRtCNY@65E5ss|>YD5Qnct3#qa#!xsjagEFmftRWi7X!=lB`}+|GPJeMmcHUp#`%hS zFIoG7Lg_^0HMbfT2KTYYRiRUx5eYoJPVnC;=ENt+X~+p#7%UJV4btZTEcjSYn6gsb zNR-?o5;A-uSh^;;Yp?Ckl4J+Q@)L*5YI-)#Y`8G0cwY6(PIsf>$`MshPrB7?&O9r$)=oOU~o~Mh$oiMWsD<%lVo-V5I?cEcumQKCzTh$nB>% zQ|mCNd)8-8;Zg>Q+Fc2b1@krv@Io^{M)JJ_N-JLX(MUEd8}K6T_R;MdmQK$b)btA> z*qnN*IWtFYq06-_4e4vZSJd^I*owBpasr~|6(g21tYW@_iq*$eP7|`=6(96-j732* zVVB|!K{^*Gsal~wiJ}OYPa5m?w%(F=(pJ6NS;IhsEFb`|fV%iIql%hc%eh8q&)oU6 zSdSs+-Tc!cPz-GL(#zTS&-;R^S&Tb(E2%h*+1TS{pAHN z?dg!N@G*Yd-$sj%6$k`3A?}e%)iuw`(N4K34#qj)J{%4ge?c)J)+7^nB!p3}(gbluG&ZK6X3ny#1>iuW3nacIiYa>2~?gQF@#hh~>6J*o&QJ>=Z7 zY5^h$3#)ho33Qf+*kbn|Qui5Au6L_7ozvoZbK`c^M?WdW{9?ueypt*3h}@$p`e@8M zrBBIGuycwp9^PcM4Frtm{-At<_wh_zK9NOy94vZA1^&l*P2+6nJR#e#4#R@ycE|=Z zlfxncZI~H6M$`5df_>@~nuK&34z|bFcF?06t+T_GWDR{WTb)6G((B~TjJPuU=Vx+P zb1AEnxk4ys5vle8cu{&{xotg4f<Gd_Sadi z2R8K5?yWJq8K$gD&>V^!Wrj5o4>cs<=ew1lIgUr9$JB_>q1SmpcU*1lENN3s2UT`r zxzGYQ2pQsfp6OPzoSA4j&Gy^D0g_$SoG$!^&O0sJQSlRW{A1?_75LG*=n_f#4dmUI zVNL~PWNbV8OnHNK8xsq*KpC9G<={JkQ>aP_$8Z6mxo|vScPgBogsRR)IYrY5U@Ei_ zJGFDq2M(0WX&KwzP#UG^SgCSld;4TkNito$&BSdxAN_uD$co}>FxOBVBU$KXsZs37 z?6qGebufp4C%B5S=7#XQ{>HW^*p(~PA_*s(Eai3y2#Ygy-q#mHzyX~%7wl{bC5yx9 zRA8XRV8m`gM1BAd>vsx=iyJ_NidaxQoGRuWoJne|1n@*Y&AZOr$&a^V#jnJOZUyk- z(kSz}ue!7G;zeBp_0`=giR{Bu&l15k=pp{q0ik(wZMy|=xnrrVBW^NfR|N_)85ul# zl?tmF$9*p!*pFPe|JH zRIThD>fsM!5d|a2Q6z>E^<2v=yxV7FJ_DCQS#_kndAd4?w-nc$84IW9fyXL*pL!?_ z*ZMmdGB9q~7eNJ#ur?pf;Q}qi_r!uv@hG=hu~dQ-_O~{c5zuYz^N7L&CWB#M5cIi! zNY}75(9(|I--a4GpI{hJqSm#NNUG=sjzBk0{sw3;O<5XujN^|7_Hugq)Qvyn;S%8e zL~69CrH$sglk~o2^$e!|sgJXmnL=S0>tY-2$|1`${PV9ljqrM_SpLlEJP;R9Y{)v! zYsBZ_Idg7*BB+l0+^0@Lz)n(wZMV2aTz{PvwJ{1it8A-Q8fbWBZBv=hO1g069)KJ`v|Dqe@03;U%Ru%}qeE(P*o zwdD2LDHQI1em5|IvfwgP7HD0V7WQc{xb4#`{MQTAcl@wg%LJKJpi%lv@b!kT4nQ3) z6L$9>MdW9z!J2s*M%O4vSnNT0raRi6=~#*hEZ1yZXe|K3fb{ZSTXcNZSme`rYeWC# zvV6|?f=#r$(Dpkafx{!vU6ty*4LoI+7psJCPpW{TjC0W_Ndb06FNl14a{0E1wETw- zT;`*ZUn@DzP#NrTx%(E|(D!?<^<^~KYGDEh^39Sg_d9>>OpjBbI{_2$0io!eT(Igu zNcpojJu^@{#V|5>*4P7fXDa=bLq$l5um=zQ%2g*7_kt&J?+*ycJ2$GqyQwd?k)juQ zeOB4J?`KUDIff#6DcooH$wqDiDpa~6uns@lr(SlUnssdM=O&Rgb81w4OATGpZc6gd z$PtJIEkPx)q4^n^P0H0zfY+fAXqt0vPD~@mb-2VIR#AP`Gx3;Nr(}{|s|nA!pip$4 zNv2eDJ}3wq;o*@spaCkJX_)c7C51JC_i0i%{V0?yOE0g8=5F+<&oa%!5ac=@@H`GG z?~S<>fdi`Oo9(B4%Kk_qW9d#{SC!lB73K{oEV;od+F7vBnK)X)Vi=}2R(wvvO~G1w z<5-Zb1y5AG6J*n?@@d{#P!cvKgmW>LH4OA{XnlW?lKtQvDanLvN|yo3P-XtsYK1w4 zKCEq3(N0gvXF~rJ4b$NUq=XzEP+-gfk!}UsmclHlwG!$Ew+xy5e)X?J243j!sE0Cw zpxdaINrl}>gl-Y@$;8=P_%Q0)(B_c68nKwEi>sp;i`%X-Fjee2ZP6Nb9Uo?V=(E>3 z2{Y5e3hbdAl}a15$%7UO9*?eFCVW{8L4{?B z-r&RN;pb?cB`1RqbtIvJZ{F8ecrSsQq38`)`#Y$mzq0<-hMY+^j1%aHX>gY5{AD(E z05b^uT-Dt(;T%o&*BmwI>n?O-pRvUIIK2?aV$Ik}wJ}HOIVM75uF!i9$K^=5PL$cG zbJ6bQ7^@i@&61=Ng0}ep!K#4n1r4K$8q5uuabTiS?_}Ho_2K|*Wa)@)012SMcIW0N z{zY!Zd{VA#v(TaY^u`FTixSSo4_~V_$NHdiH?HM+3WHxLu95DT0*$t1ytz1PH08yC zYzsj$k2HGS9J-6I)LMQNa&5T4L|o&($`?u8CTG0Qt1Re{gsnzEX+3i|&fmHYJE!8Q z!&}*%IFW5K2P-8NdpHc{hz`~!8Z?CQtv zbBOwtQ(MO#kwO+|4HZ#3_dQ7$G@w1khYuHRxYow7%3BAnGruw;LaF)wm{QRbAFKcm zp4${#xBF8P;d@r$y4dx_@XQ;NAA-aMR7DSzpOG~NleV4TXK5oDu|!o)4Gm4 z7M}&-EYYaTQ!M13@psG@5;Y7KF4ZVLz6VvCiaRG~lmGglxyD)o+v0wD zV|+4r8p$&!ADvfs>Q?ukU(LC1=(=RHG_hZVZLI@H(K+Lb9n4KKXzOubC6w0u`=(uT z>BOC%u9;E$c@g}k5A^B*72Icf5ZT36NO$9M;&5@UTCDJ?t2oE0)r?NfZe??~;_rZ-*;`g$A`1f=!c;iFIn z^!~q>+@`Q} zo-p70mWs!VMNR8fxdFed3I6d@@ka}bfEQjC+t0k*fWr>*4{@uuzsWH4z`~Tu z3ESapTLXbjzhlK*jIv;!V-K0AZLeixMh$NXH{B)-Is>0zD~qB=T^Bz3omRWjkf4Rz zw?!)fQD>w`{>c3aKHIc$16!3q8f2Sj~Xa_*w7) zXZ9h7io)MD3uojo(XgTXazK5(XGCvSwvkA2=gb)@s9{)(UlQDNPU{>pa=VAULM9`@ z&KW7+QrW#J9na^GxJWqEqTaT&QhpokbR9{&C&DxYKH=W)dm?YqT?h&a#m}6C6<#d( zPNSS?hwgPYBV$-usP-#l72GZ8Wbkr2Ud?olSrOPu?_FFbWeUJtoqT|IMc9i@6ZhS* zXjiY4oD3EGtn+)5_MIzl@nbqGk9}B1iC)fowkF?1Z|JycmH68)XmvGmY=OY(8W`E~ zc>%v-`^5u(6tzK9Kg+N?jQ^z{bnEDNM3go9=#r25 zwRvfUx~4ar-(kb@AMt}~a1%$*DjhKpKwr=8Z&~P{Y?(f(H}s^2CD~n$#BSop_sJ?} zof&FgPw+KDhu)2A&^<&QyV-DB{}1>mE+~YJ6(DNt5n?xbSWR{Y1WrAGKGzZUFk3|d zb$Hb{Qm+E}Vd?4c{>Jsc z`HHv{El6+2*i9{!9`@oVs6y{`ovj*48(vCneDO%KFnms+ZL{v|hn}G>=X%x@vb$>P zGnY;TGY6hP!c~#Eo`(J#H)clpP>=%4jdwRrD5^q&^4CJ=ZQSLEFHbkv@wGT^&e8GN z_bEtZ8v_f6fTGdi%MN;u)!9}o2`PHe65)WFMh@9#D`1*!0o26RUs$(C<8sY>?~xCUeZhk+1t}SWlp}D%@SqdfW&#i&l7_78CUcrlp94)OTd7kP_DmkU8g z2xwrj@a1#fh{fm;`GIp;=rs#pVh6LE*#VSMfWQaZx$PPG$*gxR2K5Hi=Mq+FA}2mH z;70M0+-99^#l65>i-E(AQZaJXPhT%7NRWlbEVz4mf%5 zkkVkqa!DrRm`B;U^+x(9y*4p8>Hy#e`n(h+dleS`YMmo#7iH2<#oY}}!J7=%M=2r> zzSDxU2KH~|0_ZEtGtZ(k6!NKH9xlJU_b_Yid7ma|0lnftM|-^*@%m`eh{FOonWY9i z+$&Za?NlB0)ZZbD$mQ(<#1=;9#@`{cvqM(hC90w)`*x9Drm>#rg@L0*{#MS!FnS!o zk6Y)BheMoAoN|iQaMazsMEU7iPUewY;=`_x504*j)6M$x!;~Zu&!p*yEbCFH0i~w} z^hkgQ_vYx+VPdv_6z%1S;ODr|$Pj8m76BSMDKKi)P1Fz=b~X1a&MD3jMa?SH3L6O> zAIcwn%6FIVPJNRGNCG3syAk*CzoW14K9E_yhhKrul+9tFyR3aZ|oKM2F9cd9ba(@;8b`-u;=yBX*`@QdHwH@!=3}*}*^V-MQfT7? zm%7WRI;5%IvpbltqnSSNxm7^RycFizuYSGOZ@@KBwhY^x00i*ut}>*)Agh@v%O^_3 z5hJ{FOQyA)6~v@yQW`He{NM;f2Nv89-==6~pMKLx$q&S%Lyl)x$~R|%+FP3p!wX`! z47Uju33t2XYH441&@xFYV(+c|y}ci5euUWx$54FXV7iFW6&vbRhU9tSx6zEH)KHJb zbL&pr30O-5C!sWWVav{@fh5BUUlsp+YqQ-zKooan*u6n8H>aeYImo`& zsw-v_CVBP3_|F;7mDrOUKZhgo=>?1c#z{E3U{^}iVBCYJhk^~bELpMB@9yn4D-Stw zH_pyoQXmZq9M}u<`+SGu6d5wlMiMkppg}WK+KBA{b>MEXNe0j>iUak^783r&yK{u7;C|a-|!G`d}jq=gpIy7t|5^ z`>Z5MgDefJGYNC`&>x%KYb}ul1}ckzrw4b~>IC zjl{sy6+T*2z&r|-x?zK}6ZQ{s6)2$)cd#L6LsKb zMC7b7ts-yZi2$*!%je?5{G}SVMCCgwU*dIzk6yDy2iAImUW0wR6z`tmsg8{~lW$YACv7#BqfL&g~F< zWC6w|fRt=1>7Qy++ydUE=!u(aJJ^t^Y~1pGFb__gn3KYtICZ-MtcAlKq!G7>fzxYe z(d8ISqgfn%FVM7&m)CcCe-P~vu!s+#Vh51qgfuwR`~eQ8{i3JpbDFdO`!*A}xuZ}0 ziqlvM@>lYf%;B3sAEP<-P=Wm#@ZIDBvmS5;omwttX2udA8Xh}m)94sh>cBkc;{%5r zQX)O(3Xxzt-iBJDrRuo2cR*_eDKJGs)ti(Y1MlJ^BLh@r9&d<`hCFk>S|F+X68EgL z5u;EjOuqq=X=zhKUV;gTS1(hl5V;om|%qeOOtgH8VFg*uk#+JM7{Jkvmx?;aID7T z96c*?zW%zoc*uP5ml@8q%Syrdtlq$|_t$p$_9UT-X(S6^5W3AVk1W(Wy|&9p<9YbK zt0ceT)W;=gigJOV^lohJKI;D0ejJ-Z)0ceY2mh7((KX)K0ELuJ{nY?s1t8lZ zQ{|OYI^jKfX+b)#uXH(My2%Y_r?foNGq0gnqrBt!XRmBjZIoqOV2!yY{Wbpff<$dm z=_=^*W~r;MU3T?y$oxKyw3lUdwhmE~*qf=JLohi`3Gcp!WxLNH#Xv^pN1s}^S(NLz zS{S=8L2{m{UXzNZaYHJ?9xrKW@?XmzQ1xODO34|&z&%yBWLG{o)ht>*yBap{wn9ON zUtAr_nT;$BWh7l%m>7(^R@!Z!ZmPiVJ1qa(_tdQ>#V;z&!Ji2KWPaKDx88u$(d1+x zu`P=?(qB8$S<@ciL zF|vPOx>DMaZ=WuAt{VKiI^6k$p6rhQVO4$7h0f#6SFFj=LZJ z_4`*-Q7^Ld#nO>G$3GedW)d+~AODxCD97VQfaz_myfJ?>`7nOOYezAy=G!cM zN4nJPsrjE2FfPW*mHErx4GCh{D$UppJtUPY@L@(L@)A`>3 zsUX2Vx^+Mq{#M++Q~huBR;j0G`nQ$2*q?LRLXniaw6{tGGH=&bk|r}F^~WrH!y-KX zT0i(5+Iln7-c|niD*O3c&ZNur!pm@jk7rkRB4)D-{+)K|azFjTH(ri0cfL*3ooCd0 zQ{(&jjhm~s%)&**Yvo^k*>30kCr=k_`F+=qeqvUYtpBeOxg4rqZ_n8xndnj7rYLRW zx&^yz^P>DMK@9Qm&5FgB28xHBw-O&!FDm`baf=esADgmM;a$xW4(tSx+J zrs~P9a_ez9mZ(BGfe}ZNo such app" + ] + }, + { + "service": "Unbounce", + "cname": ["unbouncepages.com"], + "fingerprint": [ + "The requested URL / was not found on this server.", + "The requested URL was not found on this server" + ] + }, + { + "service": "Tumblr", + "cname": ["tumblr.com"], + "fingerprint": [ + "There's nothing here.", + "Whatever you were looking for doesn't currently exist at this address." + ] + }, + { + "service": "Shopify", + "cname": ["myshopify.com"], + "fingerprint": [ + "Sorry, this shop is currently unavailable.", + "Only one step left!" + ] + }, + { + "service": "Instapage", + "cname": ["pageserve.co", "secure.pageserve.co", "https://instapage.com/"], + "fingerprint": ["You've Discovered A Missing Link. Our Apologies!"] + }, + { + "service": "Desk", + "cname": ["desk.com"], + "fingerprint": [ + "Please try again or try Desk.com free for 14 days.", + "Sorry, We Couldn't Find That Page" + ] + }, + { + "service": "Tictail", + "cname": ["tictail.com", "domains.tictail.com"], + "fingerprint": [ + "Building a brand of your own?", + "to target URL: Trying to access your account?" + ] + }, + { + "service": "Cargo Collective", + "cname": ["cargocollective.com"], + "fingerprint": ["404 Not Found"] + }, + { + "service": "Statuspage", + "cname": ["statuspage.io"], + "fingerprint": ["Better Status Communication", "You are being redirected"] + }, + { + "service": "Amazon AWS", + "cname": ["amazonaws.com"], + "fingerprint": ["NoSuchBucket", "The specified bucket does not exist"] + }, + { + "service": "Cloudfront", + "cname": ["cloudfront.net"], + "fingerprint": ["The request could not be satisfied", "ERROR: The request could not be satisfied"] + }, + { + "service": "Bitbucket", + "cname": ["bitbucket.org"], + "fingerprint": ["The page you have requested does not exist"] + }, + { + "service": "Smartling", + "cname": ["smartling.com"], + "fingerprint": ["Domain is not configured"] + }, + { + "service": "Acquia", + "cname": ["acquia.com"], + "fingerprint": ["If you are an Acquia Cloud customer and expect to see your site at this address"] + }, + { + "service": "Fastly", + "cname": ["fastly.net"], + "fingerprint": ["Please check that this domain has been added to a service", "Fastly error: unknown domain"] + }, + { + "service": "Pantheon", + "cname": ["pantheonsite.io"], + "fingerprint": ["The gods are wise", "The gods are wise, but do not know of the site which you seek."] + }, + { + "service": "Zendesk", + "cname": ["zendesk.com"], + "fingerprint": ["Help Center Closed | Zendesk", "Help Center Closed"] + }, + { + "service": "UserVoice", + "cname": ["uservoice.com"], + "fingerprint": ["This UserVoice subdomain is currently available!"] + }, + { + "service": "Ghost", + "cname": ["ghost.io"], + "fingerprint": ["The thing you were looking for is no longer here", "The thing you were looking for is no longer here, or never was"] + }, + { + "service": "Pingdom", + "cname": ["stats.pingdom.com"], + "fingerprint": ["pingdom"] + }, + { + "service": "Tilda", + "cname": ["tilda.ws"], + "fingerprint": ["Domain has been assigned"] + }, + { + "service": "Wordpress", + "cname": ["wordpress.com"], + "fingerprint": ["Do you want to register"] + }, + { + "service": "Teamwork", + "cname": ["teamwork.com"], + "fingerprint": ["Oops - We didn't find your site."] + }, + { + "service": "Help Juice", + "cname": ["helpjuice.com"], + "fingerprint": ["We could not find what you're looking for."] + }, + { + "service": "Help Scout", + "cname": ["helpscoutdocs.com"], + "fingerprint": ["No settings were found for this company:"] + }, + { + "service": "Cargo Collective", + "cname": ["cargocollective.com"], + "fingerprint": ["If you're moving your domain away from Cargo you must make this configuration through your registrar's DNS control panel."] + }, + { + "service": "Feedpress", + "cname": ["redirect.feedpress.me"], + "fingerprint": ["The feed has not been found."] + }, + { + "service": "Surge", + "cname": ["surge.sh"], + "fingerprint": ["project not found"] + }, + { + "service": "SurveyGizmo", + "cname": ["privatedomain.sgizmo.com", "privatedomain.surveygizmo.eu", "privatedomain.sgizmoca.com"], + "fingerprint": ["data-html-name"] + }, + { + "service": "Mashery", + "cname": ["mashery.com"], + "fingerprint": ["Unrecognized domain "] + }, + { + "service": "Intercom", + "cname": ["custom.intercom.help"], + "fingerprint": ["This page is reserved for artistic dogs.", "

Uh oh. That page doesn’t exist.

"] + }, + { + "service": "Webflow", + "cname": ["proxy.webflow.io"], + "fingerprint": ["

The page you are looking for doesn't exist or has been moved.

"] + }, + { + "service": "Kajabi", + "cname": ["endpoint.mykajabi.com"], + "fingerprint": ["

The page you were looking for doesn't exist.

"] + }, + { + "service": "Thinkific", + "cname": ["thinkific.com"], + "fingerprint": ["You may have mistyped the address or the page may have moved."] + }, + { + "service": "Tave", + "cname": ["clientaccess.tave.com"], + "fingerprint": ["

Error 404: Page Not Found

"] + }, + { + "service": "Wishpond", + "cname": ["wishpond.com"], + "fingerprint": ["https://www.wishpond.com/404?campaign=true"] + }, + { + "service": "AfterShip", + "cname": ["aftership.com"], + "fingerprint": ["Oops.

The page you're looking for doesn't exist."] + }, + { + "service": "Aha", + "cname": ["ideas.aha.io"], + "fingerprint": ["There is no portal here ... sending you back to Aha!"] + }, + { + "service": "Brightcove", + "cname": ["brightcovegallery.com", "gallery.video", "bcvp0rtal.com"], + "fingerprint": ["

Error Code: 404

"] + }, + { + "service": "Bigcartel", + "cname": ["bigcartel.com"], + "fingerprint": ["

Oops! We couldn’t find that page.

"] + }, + { + "service": "ActiveCampaign", + "cname": ["activehosted.com"], + "fingerprint": ["alt=\"LIGHTTPD - fly light.\""] + }, + { + "service": "Campaign Monitor", + "cname": ["createsend.com"], + "fingerprint": ["Double check the URL or %v", target, errs) + } + resultMessage := fmt.Sprintf("Failed to check %s: Error", target) + PrintResult(Red, resultMessage) + NotVulnerableResults = append(NotVulnerableResults, resultMessage) + } +} + +var CheckedTargetsMutex sync.Mutex // Declares the mutex globally +var CheckedTargets = make(map[string]bool) // Declares CheckedTargets globally + +func Checker(target string) { + TargetCNAME, err := net.LookupCNAME(target) + if err != nil { + return + } + + CheckedTargetsMutex.Lock() // Locks the mutex + if All != true && CNAMEExists(TargetCNAME) == true { + if Verbose == true { + log.Printf("(CNAME Selected) %s => %s", target, TargetCNAME) + } + Check(target, TargetCNAME) + } else if All == true && !CheckedTargets[target] { // Checks if the target hasn't been checked already + CheckedTargets[target] = true // Marks the target as checked + Check(target, "All") + } + CheckedTargetsMutex.Unlock() // Unlocks the mutex +} + +func main() { + All = true + Verbose = true + ParseArguments() + + // Initializes fingerprints before using them + InitializeFingerprints() + + for _, Host := range Targets { + go Checker(Host) + } + + fmt.Println("") + Banner := figure.NewColorFigure("Subhunter", "", "red", true) + Banner.Print() + fmt.Println("\n\nA fast subdomain takeover tool\n") + fmt.Println("Created by Nemesis") + fmt.Printf("\nLoaded %d fingerprints for current scan\n", len(Fingerprints)) + fmt.Println("\n-----------------------------------------------------------------------------\n") + + if HostsList == "" { + fmt.Printf("Subhunter: No subdomains list specified for the scan!") + fmt.Printf("\n\nInfo: Use -h for showing the help message\n\n") + os.Exit(1) + } + + Hosts, err := ReadFile(HostsList) + if err != nil { + fmt.Printf("\nread: %s\n", err) + os.Exit(1) + } + + Targets = append(Targets, Hosts...) + + hosts := make(chan string, Threads) + processGroup := new(sync.WaitGroup) + processGroup.Add(Threads) + + for i := 0; i < Threads; i++ { + go func() { + for { + host := <-hosts + if host == "" { + break + } + + Checker(host) + } + + processGroup.Done() + }() + } + + for _, Host := range Targets { + hosts <- Host + } + + close(hosts) + processGroup.Wait() + + fmt.Printf("\nSubhunter exiting...\n") + + // Writes the results to the output file if provided + if OutputFile != "" { + WriteResultsToFile(OutputFile, VulnerableResults, NotVulnerableResults) + } +} + +func WriteResultsToFile(filename string, vulnerableResults []string, notVulnerableResults []string) { + file, err := os.Create(filename) + if err != nil { + log.Fatalf("Error creating output file: %v", err) + } + defer file.Close() + + // Writes vulnerable results + for _, result := range vulnerableResults { + _, err := file.WriteString(result + "\n") + if err != nil { + log.Fatalf("Error writing to output file: %v", err) + } + } + + // Writes other results + for _, result := range notVulnerableResults { + _, err := file.WriteString(result + "\n") + if err != nil { + log.Fatalf("Error writing to output file: %v", err) + } + } + + fmt.Printf("Results written to %s\n", filename) +}