## New version

* Better threads * Easier config file * Custom Fingerprints, embeddable in config file * Support for notifications on Slack and Github issue * Custom webhook support * Click integration for command line interface * Support for scraping javascript based web apps using selenium, fallback to requests module available
0xcrypto · Feb 18, 2023 · 5a08548 · 5a08548
1 parent d786a2d
commit 5a08548
Show file tree

Hide file tree

Showing 6 changed files with 1,101 additions and 306 deletions.
diff --git a/LICENSE.md b/LICENSE.md
@@ -1,13 +1,21 @@
-            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
-                    Version 2, December 2004
+MIT License
 
- Copyright (C) 2021 Vikrant Singh Chauhan <[email protected]>
+Copyright (c) 2023 Vikrant Singh Chauhan
 
- Everyone is permitted to copy and distribute verbatim or modified
- copies of this license document, and changing it is allowed as long
- as the name is changed.
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
-  0. You just DO WHAT THE FUCK YOU WANT TO.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -1,5 +1,6 @@
 # takeover.py
-This small script tries to detect subdomain takeovers from a list of domains. Fingerprints are taken from https://github.com/EdOverflow/can-i-take-over-xyz.
+A script to test for subdomain takeovers from a list of domains. Fingerprints are taken from https://github.com/EdOverflow/can-i-take-over-xyz.
+
 
 [![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Fgithub.com%2F0xcrypto%2Ftakeover)](https://twitter.com/intent/tweet?text=Wow:&url=https%3A%2F%2Fgithub.com%2F0xcrypto%2Ftakeover)
 
@@ -9,81 +10,39 @@ This small script tries to detect subdomain takeovers from a list of domains. Fi
 pip install takeover.py
 ```
 
-## Usage
-
-```
-takeover blog.example.com
-```
+After installation, make sure to configure the config.json file. You can also copy it from the github repository and use with `--config` flag.
 
-Using with other tools:
+## Usage
 
+A single target
 ```
-subfinder -d "example.com" -silent | takeover
+echo blog.example.com | takeover -
 ```
 
-## Automation
-
-Creating a automated scan server:
-
-```python
-import json, asyncio, pickle, os
-from pathlib import Path
-from takeover.takeover import takeover
-
-home = str(Path.home())
-
-# config is an dictionary. See ~/.config/takeover/config.json for structure
-config = json.load(open(home + "/.config/takeover/config.json"))
+Multiple Targets:
 
-# Do not forget to replace pointer to fingerprints with the valid data. See ~/.config/takeover/fingerprints.json for structure
-config['fingerprints'] = json.load(open(home + "/.config/takeover/fingerprints.json"))
+```bash
+subfinder -d "example.com" -silent | takeover -
 
-async def loop():
-    print("Starting infinite loop:")
-    while True:
-            takeoverObject = takeover(config)
-            try:
-                takeoverObject.found = pickle.load(open("found.pickle", 'rb'))
-            except FileNotFoundError:
-                print("No old data found.", end="\r")
-
-            try:
-                with open("subdomains.txt") as subdomainFile:
-                    subdomains = enumerate(subdomainFile)
-                    await takeoverObject.checkHosts(subdomains)
-            except FileNotFoundError:
-                continue
-
-            with open("found.pickle", 'wb') as foundFile:
-                pickle.dump(takeoverObject.found, foundFile)
-
-            os.remove("subdomains.txt")
-            print("Enumerated all targets in subdomains.txt for takeover")
-
-
-asyncio.run(loop())
+# or
+subfinder -d "example.com" -silent | takeover /dev/stdin
 ```
 
-The above automation script can be used along with any subdomain enumeration tool:
+Notifications:
 
-```
-subfinder -d example.com -o subdomains.txt
+```bash
+subfinder -d "example.com" -silent | takeover - --notify Discord
 ```
 
-and the running infinite loop will automatically detect `subdomains.txt` file and start looking for takeovers. After completion, it also deletes the subdomains.txt so that you can add new targets. Obviously, you can tweak it however you want.
-
-## How it Works
-* Matches CNAME against takeover-able services
-* If CNAME found, matches fingerprints in the body.
-
 ## Note
-* The output is a lot verbose so it is recommended to use a discord webhook to get notified. I am planning to change it in a major update. 
-* If you need some extra features, feel free to submit a new issue on GitHub.
+* The output is a lot verbose so it is recommended to use a third party webhook service like discord, slack to get notified. 
+* Some fingerprints are not well formatted to be matched. For example, in WordPress, the fingerprint is `Do you want to register *.wordpress.com?`, however this is not an exact match and correct fingerprint should be `Do you want to register <em>example.wordpress.com</em>?`. To fix this, you can give your own file for fingerprints with either in `config.json` or with `--services` flag.
+
+## Contribute
+* Feel free to submit a PR or new issues on GitHub.
 
 ## License
 [LICENSE.md](LICENSE.md)
 
 ## Disclaimer
-I make guns, I sell guns, I give away guns but I take no responsibility of who dies with the guns.
-
-_Legally speaking, What you do with this has nothing to do with me. I am not responsible for your actions._
+An excerpt from the License: "IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE."
diff --git a/README.rst b/README.rst
@@ -1,8 +1,10 @@
+.. _takeoverpy:
+
 takeover.py
 ===========
 
-This small script tries to detect subdomain takeovers from a list of
-domains. Fingerprints are taken from
+A script to test for subdomain takeovers from a list of domains.
+Fingerprints are taken from
 https://github.com/EdOverflow/can-i-take-over-xyz.
 
 |Twitter|
@@ -12,85 +14,52 @@ Installation
 
 ::
 
-    pip install takeover.py
+   pip install takeover.py
+
+After installation, make sure to configure the config.json file. You can
+also copy it from the github repository and use with ``--config`` flag.
 
 Usage
 -----
 
-::
-
-    takeover blog.example.com
-
-Using with other tools:
+A single target
 
 ::
 
-    subfinder -d "example.com" -silent | takeover
-
-Automation:
-
-Creating a automated scan server:
-
-.. code:: python
-
-    import json, asyncio, pickle, os
-    from pathlib import Path
-    from takeover.takeover import takeover
-
-    home = str(Path.home())
+   echo blog.example.com | takeover -
 
-    # config is an dictionary. See ~/.config/takeover/config.json for structure
-    config = json.load(open(home + "/.config/takeover/config.json"))
+Multiple Targets:
 
-    # Do not forget to replace pointer to fingerprints with the valid data. See ~/.config/takeover/fingerprints.json for structure
-    config['fingerprints'] = json.load(open(home + "/.config/takeover/fingerprints.json"))
+.. code:: bash
 
-    async def loop():
-        print("Starting infinite loop:")
-        while True:
-                takeoverObject = takeover(config)
-                try:
-                    takeoverObject.found = pickle.load(open("found.pickle", 'rb'))
-                except FileNotFoundError:
-                    print("No old data found.", end="\r")
-                
-                try:
-                    with open("subdomains.txt") as subdomainFile:
-                        subdomains = enumerate(subdomainFile)
-                        await takeoverObject.checkHosts(subdomains)
-                except FileNotFoundError:
-                    continue
+   subfinder -d "example.com" -silent | takeover -
 
-                with open("found.pickle", 'wb') as foundFile:
-                    pickle.dump(takeoverObject.found, foundFile)
+   # or
+   subfinder -d "example.com" -silent | takeover /dev/stdin
 
-                os.remove("subdomains.txt")
-                print("Enumerated all targets in subdomains.txt for takeover")
+Notifications:
 
-    asyncio.run(loop())
+.. code:: bash
 
-The above automation script can be used along with any subdomain enumeration tool:
-
-::
-
-    subfinder -d example.com -o subdomains.txt
-
-and the running infinite loop will automatically detect `subdomains.txt` file and start looking for takeovers. After completion, it also deletes the subdomains.txt so that you can add new targets. Obviously, you can tweak it however you want.
-
-How it Works
-------------
-
--  Matches CNAME against takeover-able services
--  If CNAME found, matches fingerprints in the body.
+   subfinder -d "example.com" -silent | takeover - --notify Discord
 
 Note
 ----
 
--  The output is a lot verbose so it is recommended to use a discord
-   webhook to get notified. I am planning to change it in a major
-   update.
--  If you need some extra features, feel free to submit a new issue on
-   GitHub.
+-  The output is a lot verbose so it is recommended to use a third party
+   webhook service like discord, slack to get notified.
+-  Some fingerprints are not well formatted to be matched. For example,
+   in WordPress, the fingerprint is
+   ``Do you want to register *.wordpress.com?``, however this is not an
+   exact match and correct fingerprint should be
+   ``Do you want to register <em>example.wordpress.com</em>?``. To fix
+   this, you can give your own file for fingerprints with either in
+   ``config.json`` or with ``--services`` flag.
+
+Contribute
+----------
+
+-  Feel free to submit a PR or new issues on GitHub.
 
 License
 -------
@@ -100,11 +69,11 @@ License
 Disclaimer
 ----------
 
-I make guns, I sell guns, I give away guns but I take no responsibility
-of who dies with the guns.
-
-*Legally speaking, What you do with this has nothing to do with me. I am
-not responsible for your actions.*
+An excerpt from the License: "IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE."
 
 .. |Twitter| image:: https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Fgithub.com%2F0xcrypto%2Ftakeover
    :target: https://twitter.com/intent/tweet?text=Wow:&url=https%3A%2F%2Fgithub.com%2F0xcrypto%2Ftakeover