Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by crawling the application and collecting URLs (and other data) that match specific rules or respond in a specific way.
Using Second Order Subdomain Takeover Scanner Tool
Command line options:
Base link to start scraping from (default “http://127.0.0.1”)
Configuration file (default “config.json”)
Print visited links in real–time to stdout
Directory to save results in (default “output”)
go run second–order.go –base https://example.com -config config.json -output example.com -concurrency 10
Config File for Second Order Subdomain Takeover Scanner Tool
Example configuration file included (config.json)
- Headers: A map of headers that will be sent with every request.
- Depth: Crawling depth.
- LogCrawledURLs: If this is set to true, Second Order will log the URL of every crawled page.
- LogQueries: A map of tag-attribute queries that will be searched for in crawled pages. For example, “a”: “href” means log every href attribute of every a tag.
- LogURLRegex: A list of regular expressions that will be matched against the URLs that are extracted using the queries in LogQueries; if left empty, all URLs will be logged.
- LogNon200Queries: A map of tag-attribute queries that will be searched for in crawled pages, and logged only if they don’t return a 200 status code.
- ExcludedURLRegex: A list of regular expressions whose matching URLs will not be accessed by the tool.
- ExcludedStatusCodes: A list of status codes; if any page responds with one of these, it will be excluded from the results of LogNon200Queries; if left empty, all non-200 pages’ URLs will be logged.
- LogInlineJS: If this is set to true, Second Order will log the contents of every script tag that doesn’t have a src attribute.
You can download Second Order here:
Or read more here.
Posted in: Networking Hacking Tools
Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
May 28, 2020 – 145 Shares
Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
May 19, 2020 – 184 Shares
Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
April 30, 2020 – 254 Shares
Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
April 15, 2020 – 438 Shares
zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
March 31, 2020 – 342 Shares
Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
March 29, 2020 – 450 Shares