├── .github └── workflows │ └── scan-actions.yaml ├── README.md ├── config └── subfinder-config.yaml ├── input └── domains.txt └── output ├── active_urls.txt ├── nuclei_output.txt └── passive_subdomains.txt /.github/workflows/scan-actions.yaml: -------------------------------------------------------------------------------- 1 | name: scan-actions 2 | 3 | on: 4 | # schedule: 5 | # - cron: '0 0 * * *' 6 | # Remove both comments to run this action on daily basis. 7 | workflow_dispatch: 8 | 9 | jobs: 10 | build: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Checkout Repo 14 | uses: actions/checkout@master 15 | 16 | - name: Setup golang 17 | uses: actions/setup-go@v2 18 | with: 19 | go-version: 1.14 20 | 21 | - name: Cache Go 22 | id: cache-go 23 | uses: actions/cache@v2 24 | with: 25 | path: /home/runner/go 26 | key: ${{ runner.os }}-go 27 | 28 | - name: Setting up ProjectDiscovery tools 29 | if: steps.cache-go.outputs.cache-hit != 'true' 30 | env: 31 | GO111MODULE: on 32 | run: | 33 | go get -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder 34 | go get -v github.com/projectdiscovery/httpx/cmd/httpx 35 | go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei 36 | go get -u github.com/tomnomnom/anew 37 | shell: bash 38 | 39 | - name: Running Scanner 40 | run: | 41 | nuclei -update-templates 42 | subfinder -silent -dL input/domains.txt -config config/subfinder-config.yaml | anew output/passive_subdomains.txt | httpx -silent | anew output/active_urls.txt | nuclei -silent -t takeovers/ | anew output/nuclei_output.txt 43 | shell: bash 44 | 45 | - name: Sorting the output results 46 | run: | 47 | find output -type f -exec sort {} -o {} \; 48 | shell: bash 49 | 50 | - name: Create local changes 51 | run: | 52 | git add output/passive_subdomains.txt 53 | git add output/active_urls.txt 54 | git add output/nuclei_output.txt 55 | 56 | - name: Commit results to Github 57 | run: | 58 | git config --local user.email "xxx@xxx.io" 59 | git config --global user.name "xxx" 60 | git commit -m "Scan-Actions report" -a --allow-empty 61 | 62 | - name: Push changes 63 | uses: ad-m/github-push-action@master 64 | with: 65 | github_token: ${{ secrets.GITHUB_TOKEN }} 66 | branch: ${{ github.ref }} 67 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 自动化检测子域名劫持 by 303 from 火线Zone 2 | -------------------------------------------------------------------------------- /config/subfinder-config.yaml: -------------------------------------------------------------------------------- 1 | resolvers: 2 | - 1.1.1.1 3 | - 1.0.0.1 4 | - 8.8.8.8 5 | - 8.8.4.4 6 | - 9.9.9.9 7 | - 9.9.9.10 8 | - 77.88.8.8 9 | - 77.88.8.1 10 | - 208.67.222.222 11 | - 208.67.220.220 12 | sources: 13 | - alienvault 14 | - anubis 15 | - bufferover 16 | - certspotter 17 | - censys 18 | - chaos 19 | - crtsh 20 | - dnsdumpster 21 | - hackertarget 22 | - intelx 23 | - passivetotal 24 | - robtex 25 | - riddler 26 | - securitytrails 27 | - shodan 28 | - spyse 29 | - sublist3r 30 | - threatcrowd 31 | - threatminer 32 | - virustotal 33 | all-sources: 34 | - alienvault 35 | - anubis 36 | - archiveis 37 | - binaryedge 38 | - bufferover 39 | - censys 40 | - certspotter 41 | - chaos 42 | - commoncrawl 43 | - crtsh 44 | - dnsdumpster 45 | - dnsdb 46 | - github 47 | - hackertarget 48 | - intelx 49 | - passivetotal 50 | - rapiddns 51 | - riddler 52 | - recon 53 | - robtex 54 | - securitytrails 55 | - shodan 56 | - sitedossier 57 | - sonarsearch 58 | - spyse 59 | - sublist3r 60 | - threatbook 61 | - threatcrowd 62 | - threatminer 63 | - virustotal 64 | - waybackarchive 65 | - zoomeye 66 | recursive: 67 | - alienvault 68 | - binaryedge 69 | - bufferover 70 | - certspotter 71 | - crtsh 72 | - dnsdumpster 73 | - hackertarget 74 | - passivetotal 75 | - securitytrails 76 | - sonarsearch 77 | - sublist3r 78 | - virustotal 79 | binaryedge: [] 80 | censys: [] 81 | certspotter: [] 82 | chaos: [] 83 | dnsdb: [] 84 | github: [] 85 | intelx: [] 86 | passivetotal: [] 87 | recon: [] 88 | robtex: [] 89 | securitytrails: [] 90 | shodan: [] 91 | spyse: [] 92 | threatbook: [] 93 | urlscan: [] 94 | virustotal: [] 95 | zoomeye: [] 96 | subfinder-version: 2.4.7 97 | -------------------------------------------------------------------------------- /input/domains.txt: -------------------------------------------------------------------------------- 1 | huoxian.cn 2 | -------------------------------------------------------------------------------- /output/active_urls.txt: -------------------------------------------------------------------------------- 1 | https://huoxian.cn 2 | https://www.huoxian.cn 3 | -------------------------------------------------------------------------------- /output/nuclei_output.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bigstrong2021/automated-subdomain-takeover/42591f4dbf27bb25dfc17b58282080bd26a06f40/output/nuclei_output.txt -------------------------------------------------------------------------------- /output/passive_subdomains.txt: -------------------------------------------------------------------------------- 1 | huoxian.cn 2 | iast.huoxian.cn 3 | www.huoxian.cn 4 | --------------------------------------------------------------------------------