├── Lhijacking-finder.py ├── README.md └── requirements.txt /Lhijacking-finder.py: -------------------------------------------------------------------------------- 1 | import re 2 | import requests 3 | import sys 4 | 5 | # These lists will contains the social media accounts, to avoid testing the same account multiple times 6 | tw_accounts = [] 7 | sn_accounts = [] 8 | yt_accounts = [] 9 | fc_accounts = [] 10 | tel_accounts = [] 11 | ig_accounts = [] 12 | 13 | 14 | def find_social_media_links(url): 15 | # Send a request to get the website content 16 | website_content = requests.get(url, allow_redirects=True).text 17 | 18 | # regex to find the social media links 19 | social_media_links = re.findall(r'https?:\/\/(?:www\.)?(instagram\.com|twitter\.com|facebook\.com|snapchat\.com|youtube\.com|t\.me)\/(channel\/|user\/|c\/|add\/)?([^\s\"\'\?\/\\]+)', website_content) 20 | 21 | for link in social_media_links: 22 | 23 | # Check if the link is a Twitter profile, then check if it's exist or not 24 | if "twitter" in link[0] and link[2] not in tw_accounts: 25 | tw_accounts.append(link[2]) 26 | 27 | # send a request to Twitter API to check if the username of the account exist or not 28 | try: 29 | twitter_profile_page = requests.get( 30 | "https://api.twitter.com/i/users/username_available.json?username=" + link[2]).text 31 | # If the username not exist tell me! 32 | if "Available!" in twitter_profile_page: 33 | print("Result for: " + url) 34 | print("\033[92m[*] Twitter account doesn’t exist: https://twitter.com/" + link[2] + "\033[0m\n\n") 35 | except: 36 | pass 37 | 38 | # Check for Snapchat 39 | elif "snapchat" in link[0] and link[2] not in sn_accounts: 40 | sn_accounts.append(link[2]) 41 | # check if the status code is 404 that's mean the username is not exist 42 | try: 43 | snapchat_profile_page = requests.get("https://www.snapchat.com/add/" + link[2]).status_code 44 | if snapchat_profile_page == 404: 45 | print("Result for: " + url) 46 | print( 47 | "\033[92m[*] SnapChat account doesn’t exist: https://snapchat.com/add/" + link[2] + "\033[0m\n") 48 | except: 49 | pass 50 | 51 | # Check for YouTube 52 | elif "youtube" in link[0] and "iframe_api" not in link[2] and link[2] not in yt_accounts: 53 | yt_accounts.append(link[2]) 54 | 55 | try: 56 | youtube_profile_page = requests.get("https://youtube.com/" + link[1] + link[2]).status_code 57 | if youtube_profile_page == 404: 58 | print("Result for: " + url) 59 | print("\033[92m[*] YouTube account doesn’t exist: https://youtube.com/" + link[1] + link[2] + "\033[0m\n\n") 60 | except: 61 | pass 62 | 63 | # Check for FaceBook 64 | elif "facebook" in link[0] and link[2] not in fc_accounts: 65 | fc_accounts.append(link[2]) 66 | 67 | try: 68 | facebook_profile_page = requests.get("https://graph.facebook.com/" + link[2]).text 69 | if "does not exist" in facebook_profile_page: 70 | print("Result for: " + url) 71 | print("\033[92m[*] Facebook account doesn’t exist: https://facebook.com/" + link[2] + "\033[0m\n\n") 72 | except: 73 | pass 74 | 75 | # Check fro Telegram 76 | elif "t.me" in link[0] and link[2] not in tel_accounts: 77 | tel_accounts.append(link[2]) 78 | 79 | try: 80 | telegram_profile_page = requests.get(("https://t.me/" + link[2])).text 81 | if "you can contact" in telegram_profile_page: 82 | print("Result for: " + url) 83 | print("\033[92m[*] Telegram account doesn’t exist: https://t.me/" + link[2] + "\033[0m\n\n") 84 | except: 85 | pass 86 | 87 | # Check for instagram 88 | elif "instagram" in link[0] and link[2] not in ig_accounts: 89 | ig_accounts.append(link[2]) 90 | 91 | try: 92 | instagram_profile_page = requests.get( 93 | "https://www.instagram.com/web/search/topsearch/?query=" + link[2]).text 94 | if 'users":[]' in instagram_profile_page: 95 | print("Result for: " + url) 96 | print( 97 | "\033[92m[*] Instagram account doesn’t exist: https://instagram.com/" + link[2] + "\033[0m\n\n") 98 | 99 | except: 100 | pass 101 | 102 | 103 | arg = sys.argv[1] 104 | # Check if the input is a link or a file 105 | if arg.startswith('https://') or arg.startswith('http://'): 106 | # Execute the function with the link 107 | find_social_media_links(arg) 108 | else: 109 | # The argument is a file, so read the file line by line 110 | with open(arg, 'r') as file: 111 | for line in file: 112 | # Pass each line (URL) to the function 113 | find_social_media_links(line.strip()) 114 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # About Lhijacking-finder 2 | 3 | 4 | 5 | 6 | Lhijacking-finder is a python tool designed to discover [broken link hijaction](https://www.cobalt.io/blog/hunting-for-broken-link-hijacking-blh#:~:text=Broken%20link%20hijacking%20is%20an,loaded%20from%20an%20external%20URL.) for social media links, The tool currently supports the following platforms: 7 | 8 | * Twitter 9 | * Youtube 10 | * Instagram 11 | * Facebook 12 | * Snapchat 13 | * Telegram 14 | 15 | 16 | 17 | ## Installation 18 | 19 | ``` 20 | git clone https://github.com/0xNASSER/Lhijacking-finder.git 21 | 22 | pip install -r requirements.txt 23 | ``` 24 | 25 | ## Usage 26 | 27 | 28 | Single URL: 29 | 30 | ``` 31 | python3 Lhijacking-finder.py https://vulnerable.xyz 32 | ``` 33 | 34 | 35 | 36 | List of URLs (the URLs must be alive and start with `https://` or `http://`) 37 | 38 | 39 | ``` 40 | python3 Lhijacking-finder.py urls.txt 41 | ``` 42 | 43 | 44 | 45 | 46 | 47 | If you have any suggestions [DM me](https://twitter.com/0xnasser_) 48 | 49 | 50 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | requests --------------------------------------------------------------------------------