From bf04eb9d3875ac206fc93aa8e472ee90140f3d38 Mon Sep 17 00:00:00 2001 From: SAIKAT KARMAKAR Date: Sat, 22 Jan 2022 21:16:31 +0530 Subject: [PATCH 1/2] providers.json can be supplied from cmd line using the '-p' flag --- subover.go | 42 +++++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/subover.go b/subover.go index 35f7312..f2ed00e 100644 --- a/subover.go +++ b/subover.go @@ -7,7 +7,6 @@ import ( "encoding/json" "flag" "fmt" - "github.com/parnurzeal/gorequest" "io/ioutil" "log" "net" @@ -15,6 +14,8 @@ import ( "strings" "sync" "time" + + "github.com/parnurzeal/gorequest" ) // Structure for each provider stored in providers.json file @@ -36,13 +37,13 @@ var ( ForceHTTPS bool Timeout int OutputFile string + providers string ) func InitializeProviders() { raw, err := ioutil.ReadFile("providers.json") if err != nil { - fmt.Println(err.Error()) - os.Exit(1) + Providers = fingerprints(providers) } err = json.Unmarshal(raw, &Providers) @@ -69,7 +70,7 @@ func ReadFile(file string) (lines []string, err error) { } func Get(url string, timeout int, https bool) (resp gorequest.Response, body string, errs []error) { - if https == true { + if https { url = fmt.Sprintf("https://%s/", url) } else { url = fmt.Sprintf("http://%s/", url) @@ -91,6 +92,7 @@ func ParseArguments() { flag.BoolVar(&ForceHTTPS, "https", false, "Force HTTPS connections (Default: http://)") flag.IntVar(&Timeout, "timeout", 10, "Seconds to wait before timeout") flag.StringVar(&OutputFile, "o", "", "File to write enumeration output to") + flag.StringVar(&providers, "p", "", "Path to configuration file. (default \"/src/Ice3man543/SubOver/fingerprints.json\")") flag.Parse() } @@ -113,9 +115,9 @@ func Check(target string, TargetCNAME string) { if TargetCNAME == "ALL" { for _, provider := range Providers { for _, response := range provider.Response { - if strings.Contains(body, response) == true { + if strings.Contains(body, response) { fmt.Printf("\n[\033[31;1;4m%s\033[0m] Takeover Possible At %s ", provider.Name, target) - return + return } } } @@ -125,10 +127,10 @@ func Check(target string, TargetCNAME string) { for _, cname := range provider.Cname { if strings.Contains(TargetCNAME, cname) { for _, response := range provider.Response { - if strings.Contains(body, response) == true { + if strings.Contains(body, response) { if provider.Name == "cloudfront" { _, body2, _ := Get(target, 120, true) - if strings.Contains(body2, response) == true { + if strings.Contains(body2, response) { fmt.Printf("\n[\033[31;1;4m%s\033[0m] Takeover Possible At : %s", provider.Name, target) } } else { @@ -142,7 +144,7 @@ func Check(target string, TargetCNAME string) { } } } else { - if Verbose == true { + if Verbose { log.Printf("[ERROR] Get: %s => %v", target, errs) } } @@ -155,13 +157,13 @@ func Checker(target string) { if err != nil { return } else { - if All != true && CNAMEExists(TargetCNAME) == true { - if Verbose == true { + if All != true && CNAMEExists(TargetCNAME) { + if Verbose { log.Printf("[SELECTED] %s => %s", target, TargetCNAME) } Check(target, TargetCNAME) - } else if All == true { - if Verbose == true { + } else if All { + if Verbose { log.Printf("[ALL] %s ", target) } Check(target, "ALL") @@ -169,6 +171,20 @@ func Checker(target string) { } } +func fingerprints(file string) (data []ProviderData) { + config, err := ioutil.ReadFile(file) + if err != nil { + log.Fatalln(err) + } + + err = json.Unmarshal(config, &data) + if err != nil { + log.Fatalln(err) + } + + return data +} + func main() { ParseArguments() From 7b1d96422641fe1499e601864f26615d8499e9ef Mon Sep 17 00:00:00 2001 From: SAIKAT KARMAKAR Date: Tue, 17 Oct 2023 20:35:39 +0100 Subject: [PATCH 2/2] Auto-commit changes --- README.md | 12 ++++++------ providers.json | 26 +++++++++++++------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index a51dede..e0761b4 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ## Note - This project is discontinued. No more updates will be provided! Sorry! > But something more awesome will come soon! -Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since it's redesign, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful. +Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since it"s redesign, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful. ## Installing @@ -18,7 +18,7 @@ go get github.com/Ice3man543/SubOver ` ./SubOver -l subdomains.txt` - `-l` List of Subdomains -- `-a` Check all hosts regardless of CNAME (Time Consuming and prone to fp's) +- `-a` Check all hosts regardless of CNAME (Time Consuming and prone to fp"s) - `-t` Number of concurrent threads. (Default 10) - `-v` Show verbose output (Default False) - `-https` Force HTTPS Connection (Default HTTP) @@ -37,7 +37,7 @@ Count : 51 ## FAQ **Q:** What should my wordlist look like? -**A:** Your wordlist should include a list of subdomains you're checking and should look something like: +**A:** Your wordlist should include a list of subdomains you"re checking and should look something like: ``` backend.example.com something.someone.com @@ -46,7 +46,7 @@ apo-setup.fxc.something.com ## Your tool sucks! -Yes, you're probably correct. Feel free to: +Yes, you"re probably correct. Feel free to: - Not use it. - Show me how to do it better. @@ -87,13 +87,13 @@ Meet me on Twitter: [![Twitter](https://img.shields.io/badge/twitter-@ice3man543 ### [1.1.1] - 2018-03-20 -- Providers corrected using EdOverflow's Awesome List +- Providers corrected using EdOverflow"s Awesome List - Added Information regarding various takeovers to the tool ### [1.1.0] - 2018-03-16 - Rewritten from scratch in Golang -- This time it's damn fast because of Go Concurrency. +- This time it"s damn fast because of Go Concurrency. - The console output looks better :-) ### [1.0.0] - 2018-02-04 diff --git a/providers.json b/providers.json index fc80f19..98ffbd2 100644 --- a/providers.json +++ b/providers.json @@ -2,12 +2,12 @@ { "name":"github", "cname":["github.io", "github.map.fastly.net"], - "response":["There isn't a GitHub Pages site here.", "For root URLs (like http://example.com/) you must provide an index.html file"] + "response":["There isn"t a GitHub Pages site here.", "For root URLs (like http://example.com/) you must provide an index.html file"] }, { "name":"heroku", "cname":["herokudns.com", "herokussl.com", "herokuapp.com"], - "response":["There's nothing here, yet.", "herokucdn.com/error-pages/no-such-app.html", "No such app"] + "response":["There"s nothing here, yet.", "herokucdn.com/error-pages/no-such-app.html", "No such app"] }, { "name":"unbounce", @@ -17,7 +17,7 @@ { "name":"tumblr", "cname":["tumblr.com"], - "response":["There's nothing here.", "Whatever you were looking for doesn't currently exist at this address."] + "response":["There"s nothing here.", "Whatever you were looking for doesn"t currently exist at this address."] }, { "name":"shopify", @@ -27,12 +27,12 @@ { "name":"instapage", "cname":["pageserve.co", "secure.pageserve.co", "https://instapage.com/"], - "response":["You've Discovered A Missing Link. Our Apologies!"] + "response":["You"ve Discovered A Missing Link. Our Apologies!"] }, { "name":"desk", "cname":["desk.com"], - "response":["Please try again or try Desk.com free for 14 days.", "Sorry, We Couldn't Find That Page"] + "response":["Please try again or try Desk.com free for 14 days.", "Sorry, We Couldn"t Find That Page"] }, { "name":"tictail", @@ -122,12 +122,12 @@ { "name":"teamwork", "cname":["teamwork.com"], - "response":["Oops - We didn't find your site."] + "response":["Oops - We didn"t find your site."] }, { "name":"helpjuice", "cname":["helpjuice.com"], - "response":["We could not find what you're looking for."] + "response":["We could not find what you"re looking for."] }, { "name":"helpscout", @@ -137,7 +137,7 @@ { "name":"cargo", "cname":["cargocollective.com"], - "response":["If you're moving your domain away from Cargo you must make this configuration through your registrar's DNS control panel."] + "response":["If you"re moving your domain away from Cargo you must make this configuration through your registrar"s DNS control panel."] }, { "name":"feedpress", @@ -167,12 +167,12 @@ { "name":"webflow", "cname":["proxy.webflow.io"], - "response":["

The page you are looking for doesn't exist or has been moved.

"] + "response":["

The page you are looking for doesn"t exist or has been moved.

"] }, { "name":"kajabi", "cname":["endpoint.mykajabi.com"], - "response":["

The page you were looking for doesn't exist.

"] + "response":["

The page you were looking for doesn"t exist.

"] }, { "name":"thinkific", @@ -192,7 +192,7 @@ { "name":"aftership", "cname":["aftership.com"], - "response":["Oops.

The page you're looking for doesn't exist."] + "response":["Oops.

The page you"re looking for doesn"t exist."] }, { "name":"aha", @@ -232,7 +232,7 @@ { "name":"simplebooklet", "cname":["simplebooklet.com"], - "response":["We can't find this