Metadata-Version: 2.1
Name: sdto
Version: 0.1.1
Summary: Subdomain takeover finder
Home-page: https://github.com/scanfactory/sdto
License: MIT
Keywords: subdomain-takeover,scanner,cybersecurity,security,takeover
Author: godpleaseno
Author-email: zfrty@protonmail.com
Requires-Python: >=3.8,<4.0
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Topic :: Security
Requires-Dist: aiohttp (>=3.8.3,<4.0.0)
Project-URL: Repository, https://github.com/scanfactory/sdto
Description-Content-Type: text/markdown

[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
[![Downloads](https://pepy.tech/badge/sdto)](https://pepy.tech/project/sdto)

#sdto - subdomain takeover finder

Subdomain takeover scanner.

[What is subdomain takeover?](https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/)


## Supported Services

```
acquia
activecampaign
aftership
aha
aws/s3
bigcartelbitbucket
brightcove
campaignmonitor
cargo
cloudfront
desk
fastly
feedpress
getresponse
ghost
github
helpjuice
helpscout
heroku
intercom
jetbrains
kajabi
mashery
pantheon
pingdom
proposify
readme
s3bucket
shopify
simplebooklet
smartling
smugmug
statuspage
surge
surveygizmo
tave
teamwork
thinkific
tictail
tilda
tumbler
unbounce
uservoice
vend
webflow
wishpond
wordpress
worksites.net
zendesk
```
## Installation:


to use as python library
```shell
pip install sdto
```

to use as a CLI tool

```shell
pip install sdto[cli]
```


**or:**
```shell
git clone https://github.com/scanfactory/sdto.git
cd sdto
poetry install
```
## Usage as a CLI tool

Examples:

```shell
python3 -m sdto -t www.domain.com
python3 -m sdto -t www.domain.com -f path/to/custom-fingerprints-file.json
python3 -m sdto -t https://www.domain.com/
python3 -m sdto -t http://www.domain.com/
python3 -m sdto -t www.domain.com --no-ssl
python3 -m sdto -t www.domain.com -v --timeout 30
python3 -m sdto -t www.domain.com -H "user-agent" "your-custom-user-agent" -H "another-header" "header-value"
python3 -m sdto -t www.domain.com -F json
python3 -m sdto -t www.domain.com -o output.txt
python3 -m sdto -t www.domain.com -F json -o output.json
python3 -m sdto -t www.domain.com -F txt -o output.txt
python3 -m sdto -t www.domain.com -p http://127.0.0.1:8080 
python3 -m sdto -l subdomains-list.txt
```

### Docker support

Build the image:

```
docker build -t sdto .
```

Run the container:

```
docker run -it --rm sdto -t www.domain.com -v
```


### Using custom fingerprints

You can specify custom fingerprints file via '-F path/to/file.json' parameter.
The expected json file format:
```json
{
  "AWS/S3": {"pattern": "The specified bucket does not exist"},
  "BitBucket": {"pattern": "Repository not found"},
  "Fastly": {"pattern": "Fastly pattern\\: unknown domain\\:", "process_200": true}
}
```

## Usage as a python library

Example:

```python
import re

from aiohttp import ClientSession
from sdto import check_target, RegexFingerprint


async def main():
    async with ClientSession() as cs:
        fingerprint = await check_target(
            cs=cs,
            target="sub.domain.com",
            ssl=True,
            proxy=None,
            fingerprints=[
                RegexFingerprint(
                    "Github", 
                    re.compile(r"There isn\'t a Github Pages site here\."),
                    process_200=False,
                )
            ]
        )
        if not fingerprint:
            print("No match")
        else:
            print(fingerprint.name)

```
