HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

second-order: Scans web applications for second-order subdomain takeover

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,605
Solutions
2
Reputation
32
Reaction score
100,452
Points
2,313
Credits
32,570
‎6 Years of Service‎
 
76%
screenshot-5346.png


Second Order

Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain rules, or respond in a certain way.

Usage Ideas

This is a list of tips and ideas (not necessarily related to second-order subdomain takeover) on what to use Second Order for.

    Check for second-order subdomain takeover: takeover.json. (Duh!)
    Collect inline and imported JS code: javascript.json.
    Find where a target hosts static files cdn.json. (S3 buckets, anyone?)
    Collect <input> names to build a tailored parameter bruteforcing wordlist: parameters.json.
    Feel free to contribute more ideas!

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top