├── modules ├── httpfuzz.py ├── alerts │ ├── vkteams.py │ └── telegram.py ├── port.py ├── http.py ├── vulns.py └── domain.py ├── requirements.txt ├── .dockerignore ├── .gitignore ├── utils ├── yaml_loader.py └── common.py ├── Dockerfile ├── export.py ├── config.py ├── fullscan.py ├── README.md ├── compare.py ├── config.dist.yaml ├── juicy.py ├── subs.py └── example └── subdomains-top1million-5000.txt /modules/httpfuzz.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | pyyaml 3 | dnsgen 4 | pymongo 5 | tldextract 6 | python-nmap 7 | boto3 8 | pytest 9 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .vscode/ 2 | nuclei-templates/ 3 | __pycache__/ 4 | .pytest_cache 5 | venv/ 6 | httprobes/ 7 | tmp/ 8 | tmp_test/ 9 | .DS_Store 10 | wordlists/ 11 | .git/ 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode/ 2 | nuclei-templates/ 3 | nuclei-my-templates/ 4 | __pycache__/ 5 | venv/ 6 | config.yaml 7 | scopes.yaml 8 | httprobes/ 9 | tmp/ 10 | tmp_test/ 11 | .DS_Store 12 | test.py 13 | wordlists/ 14 | .pytest_cache/ 15 | /resolvers 16 | tests/ 17 | subfinder_config.yaml 18 | -------------------------------------------------------------------------------- /utils/yaml_loader.py: -------------------------------------------------------------------------------- 1 | import os 2 | import yaml 3 | from typing import Any, IO 4 | 5 | 6 | class Loader(yaml.SafeLoader): 7 | """YAML Loader with `!include` constructor.""" 8 | 9 | def __init__(self, stream: IO) -> None: 10 | """Initialise Loader.""" 11 | 12 | try: 13 | self._root = os.path.split(stream.name)[0] 14 | except AttributeError: 15 | self._root = os.path.curdir 16 | 17 | super().__init__(stream) 18 | 19 | 20 | def construct_include(loader: Loader, node: yaml.Node) -> Any: 21 | """Include file referenced at node.""" 22 | 23 | filename = os.path.abspath(os.path.join(loader._root, loader.construct_scalar(node))) 24 | extension = os.path.splitext(filename)[1].lstrip('.') 25 | 26 | with open(filename, 'r') as f: 27 | if extension in ('yaml', 'yml'): 28 | return yaml.load(f, Loader) 29 | else: 30 | return ''.join(f.readlines()) 31 | 32 | 33 | yaml.add_constructor('!include', construct_include, Loader) -------------------------------------------------------------------------------- /modules/alerts/vkteams.py: -------------------------------------------------------------------------------- 1 | import requests 2 | 3 | 4 | config = None 5 | msg_max_size = 4000 6 | 7 | 8 | def notify(msg): 9 | global msg_max_size 10 | if config and 'msg_max_size' in config: 11 | msg_max_size = config['msg_max_size'] 12 | file_msg = None 13 | if len(msg) > msg_max_size: 14 | file_msg = msg 15 | msg = msg[:msg_max_size] + "\n..." 16 | data = { 17 | 'token': config['token'], 18 | 'chatId': config['chat_id'], 19 | } 20 | if not file_msg: 21 | data['text'] = msg 22 | headers = {'Content-Type': 'application/x-www-form-urlencoded'} 23 | return requests.post(f"https://{config['host']}/bot/v1/messages/sendText", data=data, headers=headers) 24 | else: 25 | data['caption'] = msg 26 | files = { 27 | 'file': ('full.txt', file_msg) 28 | } 29 | return requests.post(f"https://{config['host']}/bot/v1/messages/sendFile", data=data, files=files) 30 | 31 | 32 | if __name__=='__main__': 33 | import sys 34 | from pprint import pprint 35 | if len(sys.argv) != 4: 36 | print(f"Usage:\necho 'test' | {sys.argv[0]} API_HOST BOT_TOKEN CHAT_ID", file=sys.stderr) 37 | sys.exit() 38 | msg = sys.stdin.read() 39 | if len(msg.strip()) > 0: 40 | config = { 41 | 'host': sys.argv[1], 42 | 'token': sys.argv[2], 43 | 'chat_id': sys.argv[3], 44 | } 45 | pprint(vars(notify(msg))) 46 | -------------------------------------------------------------------------------- /modules/port.py: -------------------------------------------------------------------------------- 1 | import logging 2 | from subprocess import Popen, PIPE 3 | from config import config 4 | import json 5 | from _thread import start_new_thread 6 | 7 | 8 | def process_errors(stderr): 9 | with stderr: 10 | for line in stderr: 11 | print(line, end="") 12 | 13 | 14 | def portprobes(domains, scan_ports): 15 | """naabu on domains search fo ports""" 16 | naabu_cmd = config["naabu"]['cmd'].copy() 17 | naabu_cmd.extend(['-p', scan_ports ]) 18 | logging.info(' '.join(naabu_cmd)) 19 | 20 | proc = Popen(naabu_cmd, text=True, bufsize=1, stderr=PIPE, stdout=PIPE, stdin=PIPE, errors="backslashreplace") 21 | 22 | start_new_thread(process_errors, (proc.stderr,)) 23 | start_new_thread(stdinwrite, (domains, proc.stdin)) 24 | 25 | 26 | # add scope from origin domains 27 | for line in proc.stdout: 28 | print(line, end="") 29 | port = json.loads(line.strip()) 30 | #ip portscan fix 31 | if 'host' not in port: 32 | port['host'] = port['ip'] 33 | 34 | port_scope = next( (x['scope'] for x in domains if x['host'] == port['host']), None ) 35 | if port_scope: 36 | port['scope'] = port_scope 37 | 38 | yield port 39 | 40 | 41 | 42 | def stdinwrite(domains, stdin): 43 | incount = 0 44 | with stdin: 45 | for d in domains: 46 | stdin.write(d["host"] + "\n") 47 | incount += 1 48 | logging.info(f"{incount} items writed to stdin") 49 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Golang tools build-env 2 | FROM golang:1.20.2-alpine as build-env 3 | RUN apk --no-cache add git build-base libpcap-dev 4 | RUN go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@v2.1.9 5 | RUN go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@v2.6.3 6 | RUN go install -v github.com/projectdiscovery/httpx/cmd/httpx@v1.2.9 7 | RUN go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest 8 | RUN go install -v github.com/projectdiscovery/shuffledns/cmd/shuffledns@v1.0.9 9 | RUN go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@v1.1.5 10 | RUN go install -v github.com/d3mondev/puredns/v2@latest 11 | 12 | #Release 13 | FROM python:alpine3.17 14 | RUN apk --update --no-cache add ldns \ 15 | && apk --no-cache --virtual .deps add ldns-dev \ 16 | git \ 17 | build-base \ 18 | && git clone --branch=master \ 19 | https://github.com/blechschmidt/massdns.git \ 20 | && cd massdns \ 21 | && make \ 22 | && mv bin/massdns /usr/bin/massdns \ 23 | && rm -rf /massdns \ 24 | && apk del .deps 25 | #for naabu 26 | RUN apk --no-cache add nmap libpcap-dev bind-tools ca-certificates nmap-scripts 27 | 28 | COPY --from=build-env /go/bin/shuffledns /usr/bin/shuffledns 29 | COPY --from=build-env /go/bin/dnsx /usr/bin/dnsx 30 | COPY --from=build-env /go/bin/naabu /usr/bin/naabu 31 | COPY --from=build-env /go/bin/subfinder /usr/bin/subfinder 32 | COPY --from=build-env /go/bin/httpx /usr/bin/httpx 33 | COPY --from=build-env /go/bin/nuclei /usr/bin/nuclei 34 | COPY --from=build-env /go/bin/puredns /usr/bin/puredns 35 | ADD ./requirements.txt /requirements.txt 36 | RUN pip install --no-cache-dir --no-cache -r requirements.txt 37 | 38 | WORKDIR /autobb 39 | 40 | ENTRYPOINT ["python", "subs.py"] 41 | CMD ["--workflow-olds", "--dns-brute", "--dns-alts", "--ports", "--nuclei", "--ports-olds", "--passive"] 42 | -------------------------------------------------------------------------------- /export.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | from config import scopes, db 3 | import datetime 4 | import argparse 5 | import json 6 | 7 | 8 | def cli_args(): 9 | parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter, description='exporter') 10 | parser.add_argument('-g', '--get', choices=['scopes', 'domains', 'ports', 'http_probes'], help='get one of') 11 | parser.add_argument('-s', '--scope', help='scope to get, if not - all scopes') 12 | parser.add_argument('-a', '--add-date',type=int, help='days then was added to the db', default=0) 13 | parser.add_argument('-l', '--last-alive',type=int, help='days then last time was alive', default=30) 14 | parser.add_argument('-p', '--print-field', type=str, help='object field to print, object json if not set') 15 | args = parser.parse_args() 16 | return args 17 | 18 | 19 | def iprint(items, field = ''): 20 | for i in items: 21 | if field: 22 | if type(i[field]) == list: 23 | for j in i[field]: 24 | print(j) 25 | else: 26 | print(i[field]) 27 | else: 28 | print(json.dumps(i,default=str)) 29 | 30 | 31 | if __name__ == "__main__": 32 | args = cli_args() 33 | 34 | if args.get == "scopes": 35 | iprint(scopes, args.print_field) 36 | exit() 37 | 38 | ndaysago = datetime.datetime.now() - datetime.timedelta(days=args.last_alive) 39 | q = {"last_alive": {"$gte": ndaysago}} 40 | p = {} 41 | if args.add_date: 42 | q['add_date']={ "$gte": datetime.datetime.now() - datetime.timedelta(days=args.add_date) } 43 | if args.print_field: 44 | p[args.print_field] = 1 45 | if args.scope: 46 | q['scope'] = args.scope 47 | else: 48 | q['scope'] = {"$in":[x['name'] for x in scopes]} 49 | db_res = db[args.get].find(q, p) 50 | iprint(db_res, args.print_field) 51 | -------------------------------------------------------------------------------- /config.py: -------------------------------------------------------------------------------- 1 | import yaml 2 | from utils.yaml_loader import Loader 3 | import os 4 | from pymongo import MongoClient 5 | from utils.common import tsnow, file_to_list 6 | import importlib 7 | 8 | 9 | def load_scopes(): 10 | scopes = [] 11 | for scope in config['scope']: 12 | if not 'domains' in scope: 13 | scope['domains'] = [] 14 | if not isinstance(scope["domains"], list): 15 | raise ValueError(f'scope "{scope["name"]}" domains is not a List !!!') 16 | if 'sub_refilters' not in scope: 17 | scope['sub_refilters'] = [] 18 | if 'domains_file' in scope: 19 | scope['domains'].extend(file_to_list(scope['domains_file'])) 20 | if 'cidr_file' in scope: 21 | if 'cidr' not in scope: 22 | scope['cidr'] = [] 23 | scope['cidr'].extend(file_to_list(scope['cidr_file'])) 24 | if 'ips_file' in scope: 25 | if 'ips' not in scope: 26 | scope['ips'] = [] 27 | scope['ips'].extend(file_to_list(scope['ips_file'])) 28 | scope['subs_recon'] = scope.get('subs_recon', True) 29 | scopes.append(scope) 30 | return scopes 31 | 32 | 33 | class Globals: 34 | def __init__(self) -> None: 35 | ts_now = tsnow() 36 | self.cwd = os.path.dirname(os.path.realpath(__file__)) 37 | self.httprobes_savedir = f"httprobes/{ts_now}" 38 | self.tmp_dir = f"tmp/{ts_now}" 39 | 40 | 41 | with open("config.yaml","r") as config_stream: 42 | config = yaml.load(config_stream, Loader=Loader) 43 | 44 | scopes = load_scopes() 45 | 46 | mongodb_client = MongoClient(config['db']['conn_str']) 47 | db = mongodb_client[config['db']['database']] 48 | 49 | #set alerter from config and set alerter config (token etc) 50 | alerter_name = config['alerts']['use'] 51 | alerter = importlib.import_module(f"modules.alerts.{alerter_name}") 52 | alerter.config = config['alerts'][alerter_name] 53 | 54 | glob = Globals() 55 | -------------------------------------------------------------------------------- /modules/http.py: -------------------------------------------------------------------------------- 1 | import logging 2 | from typing import List 3 | from subprocess import Popen, PIPE 4 | import json 5 | from config import config 6 | from _thread import start_new_thread 7 | 8 | 9 | def process_errors(stderr): 10 | with stderr: 11 | for line in stderr: 12 | print(line, end="") 13 | 14 | 15 | def stdinwrite(domains, stdin): 16 | incount = 0 17 | with stdin: 18 | for d in domains: 19 | host = f"{d['host']}:{d['port']}" if "port" in d else d['host'] 20 | stdin.write(host + "\n") 21 | incount += 1 22 | logging.info(f"{incount} items writed to stdin") 23 | 24 | 25 | def httprobes(domains:List[str], threads=20, savedir = False): 26 | ''' 27 | savedir - if set, save http response to that directory 28 | domains - list of sub_domain Object (host) or port Object(host:port) 29 | ''' 30 | httpx_cmd = config["httpx"]["cmd"].copy() 31 | httpx_cmd.extend(['-threads', str(threads)]) 32 | if savedir: 33 | httpx_cmd.extend(['-sr', '-srd', savedir]) 34 | 35 | logging.info(' '.join(httpx_cmd)) 36 | 37 | proc = Popen(httpx_cmd, text=True, bufsize=1, stderr=PIPE, stdout=PIPE, stdin=PIPE, 38 | errors="backslashreplace") 39 | 40 | start_new_thread(process_errors, (proc.stderr,)) 41 | start_new_thread(stdinwrite, (domains, proc.stdin)) 42 | 43 | # add scope from origin domains 44 | for line in proc.stdout: 45 | logging.debug(line.strip()) 46 | p = json.loads(line.strip()) 47 | #validate cnames 48 | if 'cname' in p: 49 | p['cnames'] = p.pop('cname') #cnames is renamed to cname %) 50 | for cn in p['cnames']: 51 | if len(cn.split('.'))<2: 52 | p['cnames'].remove(cn) 53 | # port obj 54 | if len(p['input'].split(':')) == 2: 55 | probe_host, _ = p['input'].split(':') 56 | else: 57 | probe_host = p['input'] 58 | p['scope'] = next( (x['scope'] for x in domains if x['host'] == probe_host), "unknown" ) 59 | logging.info(f"{p['scope']}: {p['url']} [{p['status_code']}] [{p.get('title','')}]") 60 | yield p 61 | 62 | 63 | 64 | # with proc.stderr: 65 | # for line in proc.stderr: 66 | # print(line, end="") 67 | 68 | -------------------------------------------------------------------------------- /fullscan.py: -------------------------------------------------------------------------------- 1 | import datetime 2 | from modules.vulns import nuclei_active 3 | from subs import db_get_modified, nuclei_notify 4 | import logging 5 | import compare 6 | import random 7 | import math 8 | import os 9 | 10 | 11 | def alert(nuclei_hits, chunk_index, chunks_len): 12 | nuclei_notify( 13 | nuclei_hits, 14 | lambda x: f'{x["scope"]}: {x["matched-at"]} [{x["info"]["severity"]}] {x["template-id"]} {x.get("matcher-name","")} {x.get("extracted-results","")}', 15 | f"FullScan chunk {chunk_index}/{chunks_len}\n" 16 | ) 17 | 18 | 19 | def fullscan(hosts): 20 | nuclei_hits = list(nuclei_active(config['fullscan']['nuclei_cmd'], hosts)) 21 | #new nuclei hits 22 | up_fields = ["template-id","info","type","matcher-name","host","matched-at","meta","extracted-results","interaction","scope","curl-command"] 23 | index_fields = ["template-id","matcher-name","matched-at"] 24 | nuclei_hits_new = db_get_modified(nuclei_hits, db['nuclei_hits'], index_fields, up_fields, compare.nuclei_hit) 25 | return nuclei_hits 26 | 27 | 28 | if __name__ == "__main__": 29 | from config import config, scopes, db, glob, alerter 30 | os.makedirs(glob.tmp_dir, exist_ok=True) 31 | logging.basicConfig( 32 | level=logging.INFO, 33 | format="%(asctime)s [%(levelname)s] %(message)s", 34 | datefmt='%Y-%m-%d %H:%M', 35 | handlers=[ 36 | logging.StreamHandler(), 37 | logging.FileHandler(glob.tmp_dir + '/fullscan.log', 'w') 38 | ] 39 | ) 40 | 41 | ndaysago = datetime.datetime.now() - datetime.timedelta(days=config['fullscan']['host_alive_in_days']) 42 | q = {"last_alive": {"$gte": ndaysago}} 43 | 44 | db_res = db['http_probes'].find(q) 45 | 46 | http_probes = list(db_res) 47 | random.shuffle(http_probes) 48 | 49 | allc = len(http_probes) 50 | 51 | # medium chunk size 52 | chunks_num = math.ceil(allc / config['fullscan']['chunk_max']) 53 | chunk_size = math.ceil(allc / chunks_num) 54 | 55 | logging.info(f"Fullscan of {len(http_probes)} with chunk medium size {chunk_size}") 56 | 57 | chi = 1 58 | for i in range(0, allc, chunk_size): 59 | logging.info(f"start chunk {chi}/{chunks_num}") 60 | x = i 61 | chunk = http_probes[x:x+chunk_size] 62 | nuclei_hits = fullscan(chunk) 63 | if len(nuclei_hits) > 0: 64 | alert(nuclei_hits, chi, chunks_num) 65 | chi += 1 66 | -------------------------------------------------------------------------------- /modules/alerts/telegram.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import requests 3 | import json 4 | import datetime 5 | 6 | 7 | config = None 8 | 9 | msg_max_size = 4000 10 | silent_start = "23:00" 11 | silent_end = "9:00" 12 | my_tz = datetime.timezone(datetime.timedelta(hours=5)) 13 | 14 | def is_silent_time(): 15 | startTime = datetime.datetime.strptime(silent_start, "%H:%M").time() 16 | endTime = datetime.datetime.strptime(silent_end, "%H:%M").time() 17 | 18 | nowTime = datetime.datetime.now(my_tz).time() 19 | if startTime < endTime: 20 | return nowTime >= startTime and nowTime <= endTime 21 | else: 22 | #Over midnight: 23 | return nowTime >= startTime or nowTime <= endTime 24 | 25 | 26 | def notify(msg, disable_notification = False): 27 | global msg_max_size 28 | if config and 'msg_max_size' in config: 29 | msg_max_size = config['msg_max_size'] 30 | API_KEY = config['token'] 31 | CHAT_ID = config['chat_id'] 32 | 33 | file_msg = None 34 | if len(msg) > msg_max_size: 35 | file_msg = msg 36 | msg = msg[:msg_max_size] + "\n..." 37 | 38 | if is_silent_time(): 39 | disable_notification = True 40 | 41 | data = { 42 | 'chat_id': CHAT_ID, 43 | 'disable_notification': disable_notification, 44 | 'disable_web_page_preview': True 45 | } 46 | if not file_msg: 47 | data['text'] = msg 48 | headers = {'Content-type': 'application/json', 'Accept': 'text/plain'} 49 | return requests.post(f"https://api.telegram.org/bot{API_KEY}/sendMessage", data=json.dumps(data), headers=headers) 50 | else: 51 | # telegram max caption 1024 52 | if len(msg) > 1010: 53 | msg = msg[:1010] + "\n..." 54 | data['caption'] = msg 55 | #full lines len 56 | linesc = len(file_msg.splitlines()) 57 | files = { 58 | 'document': (f'full{linesc}.txt', file_msg) 59 | } 60 | return requests.post(f"https://api.telegram.org/bot{API_KEY}/sendDocument", data=data, files=files) 61 | 62 | 63 | if __name__=='__main__': 64 | import sys 65 | from pprint import pprint 66 | if len(sys.argv) != 4: 67 | print(f"Usage:\necho 'test' | {sys.argv[0]} BOT_TOKEN CHAT_ID MAX_MSG_SIZE", file=sys.stderr) 68 | sys.exit() 69 | msg = sys.stdin.read() 70 | if len(msg.strip()) > 0: 71 | config = { 72 | 'token': sys.argv[1], 73 | 'chat_id': sys.argv[2], 74 | 'msg_max_size': int(sys.argv[3]) 75 | } 76 | pprint(vars(notify(msg))) 77 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AutoBB 2 | It's my solution for bugbounty automation 3 | 4 | # Quick start guide 5 | 6 | 1) install docker: 7 | ```bash 8 | sudo snap install docker 9 | ## OR ## 10 | # curl -fsSL https://get.docker.com -o install-docker.sh 11 | # sudo sh install-docker.sh 12 | ``` 13 | 14 | 2) run mongodb container: 15 | ```bash 16 | sudo docker network create autobbnet 17 | sudo docker run -d -p 127.0.0.1:27017:27017 --net autobbnet --name bbmongodb mongodb/mongodb-community-server:latest 18 | ``` 19 | 20 | 3) get autobb: 21 | ```bash 22 | git clone https://github.com/rivalsec/autobb.git 23 | cd autobb 24 | cp config.dist.yaml config.yaml 25 | ``` 26 | 27 | 4) edit scope and alert sections in config.yaml: 28 | ```bash 29 | nano config.yaml 30 | ``` 31 | 32 | 5) build docker image: 33 | ```bash 34 | sudo docker build -t autobb . 35 | ``` 36 | This will take some time... 37 | 38 | 6) run autobb scan in basic(light) mode: 39 | 40 | ```bash 41 | sudo docker run --rm -v $(pwd):/autobb --net autobbnet autobb --ports --ports-olds --dns-brute --dns-alts --workflow-olds --nuclei 42 | ``` 43 | In this mode, only new or modified assets will be scanned. 44 | 45 | ## Run autobb in full scan mode 46 | ```bash 47 | sudo docker run --rm -v $(pwd):/autobb --net autobbnet --entrypoint python autobb fullscan.py 48 | ``` 49 | 50 | ## Export assets from the database 51 | ```bash 52 | sudo docker run --rm -v $(pwd):/autobb --net autobbnet --entrypoint python autobb ./export.py -h 53 | ``` 54 | 55 | ``` 56 | usage: export.py [-h] [-g {scopes,domains,ports,http_probes}] [-s SCOPE] 57 | [-l LAST_ALIVE] [-p PRINT_FIELD] 58 | 59 | exporter 60 | 61 | options: 62 | -h, --help show this help message and exit 63 | -g {scopes,domains,ports,http_probes}, --get {scopes,domains,ports,http_probes} 64 | get one of (default: None) 65 | -s SCOPE, --scope SCOPE 66 | scope to get, if not - all scopes (default: None) 67 | -l LAST_ALIVE, --last-alive LAST_ALIVE 68 | days then last time was alive (default: 30) 69 | -p PRINT_FIELD, --print-field PRINT_FIELD 70 | object field to print, object json if not set 71 | (default: None) 72 | ``` 73 | 74 | # FAQ 75 | ## Use dnsvalidator to get a fresh resolvers file 76 | ```bash 77 | git clone https://github.com/vortexau/dnsvalidator.git 78 | sudo docker build -t dnsvalidator ./dnsvalidator 79 | ## run dnsvalidator (add to crontab) 80 | sudo docker run --rm -v /tmp:/dnsout -t dnsvalidator -threads 20 -o /dnsout/resolvers.txt && mv /tmp/resolvers.txt ./autobb/resolvers 81 | ``` 82 | 83 | ## Fix for "nf_conntrack: table full, dropping packet" 84 | ```bash 85 | echo "net.netfilter.nf_conntrack_max=1048576" >> /etc/sysctl.conf 86 | sysctl -p 87 | ``` -------------------------------------------------------------------------------- /compare.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | from pkgutil import iter_modules 3 | import tldextract 4 | 5 | def nuclei_hit(new, old, compare_history = False): 6 | """ NO COMPARE AT ALL 7 | """ 8 | # compare_fields = ["extracted-results","meta"] ??? 9 | return {'equal':True, 'diffs':{}} 10 | 11 | def domain(new, old, compare_history = False): 12 | """ 13 | cname only first, on others there are to many clouds chages 14 | """ 15 | compare_fields = ['cname.0'] 16 | field_res = field_comparer(new,old,compare_fields, [tld_isequal_comp], compare_history) 17 | return field_res 18 | 19 | 20 | def http_probe(new, old, compare_history = False): 21 | """ 22 | 'status_code','title','cnames'??,'tls-grab.fingerprint_sha256' 23 | """ 24 | compare_fields = ['status_code','title','cnames.0','tls-grab.common_name.0'] 25 | field_res = field_comparer(new,old, compare_fields, [tld_isequal_comp], compare_history) 26 | return field_res 27 | 28 | 29 | def port(new, old, compare_history = False): 30 | return {'equal':True, 'diffs':{}} 31 | 32 | 33 | def list_to_dict(l): 34 | return dict([ (str(i),v) for i,v in enumerate(l)]) 35 | 36 | 37 | def tld_isequal_comp(field_name, new_val, old_val, fields = ['tls-grab.common_name.0','cnames.0','cname.0']): 38 | if field_name not in fields or not new_val or not old_val: 39 | return False 40 | tld_o = tldextract.extract(old_val) 41 | tld_n = tldextract.extract(new_val) 42 | if tld_o.suffix == tld_n.suffix and tld_o.domain == tld_n.domain: 43 | return True 44 | 45 | 46 | def in_history(field_k, field_v, item, filters=[]): 47 | if '_diffs_history' not in item: 48 | return False 49 | if not field_v: 50 | field_v = 'null' 51 | for diff in item['_diffs_history']: 52 | if field_k not in diff: 53 | continue 54 | if diff[field_k] == field_v or any([filter(field_k, field_v, diff[field_k]) for filter in filters]): 55 | return True 56 | 57 | 58 | def field_comparer(new, old, compare_fields, filters = [], compare_history = False): 59 | """ 60 | compare by field 61 | """ 62 | diffs = {} 63 | for f in compare_fields: 64 | old_v = old 65 | new_v = new 66 | for nf in f.split('.'): 67 | old_v = old_v.get(nf, {}) 68 | new_v = new_v.get(nf, {}) 69 | if isinstance(old_v, list): 70 | old_v = list_to_dict(old_v) 71 | if isinstance(new_v, list): 72 | new_v = list_to_dict(new_v) 73 | if old_v != new_v and not any([filter(f, new_v, old_v) for filter in filters]): 74 | if not compare_history: 75 | diffs[f] = old_v if old_v else 'null' 76 | else: 77 | if not in_history(f, new_v, old, filters=filters): 78 | diffs[f] = old_v if old_v else 'null' 79 | else: 80 | #not history diff write to history on compare_history if in_history! ahaha)) 81 | updiff = {f: old_v if old_v else 'null'} 82 | if updiff not in old['_diffs_history']: 83 | old['_diffs_history'].append(updiff) 84 | 85 | 86 | equal = True if not diffs else False 87 | return {'equal':equal, 'diffs':diffs} 88 | -------------------------------------------------------------------------------- /utils/common.py: -------------------------------------------------------------------------------- 1 | import os 2 | from datetime import datetime 3 | from typing import Dict, List, Any 4 | import ipaddress 5 | import collections 6 | import logging 7 | import re 8 | 9 | 10 | def file_to_list(file): 11 | fl = [] 12 | if os.path.exists(file): 13 | with open(file, 'r') as f: 14 | for l in f: 15 | fl.append(l.rstrip()) 16 | return fl 17 | 18 | 19 | def file_lines_count(file): 20 | c = 0 21 | with open(file, 'r') as f: 22 | for l in f: 23 | c += 1 24 | return c 25 | 26 | 27 | def tsnow(): 28 | ''' 29 | Current string timestamp for folders and files 30 | %Y%m%d-%H%M 31 | ''' 32 | return datetime.now().strftime('%Y%m%d-%H%M') 33 | 34 | 35 | def is_private_ip(ip): 36 | ipobj = ipaddress.IPv4Address(ip) 37 | if ipobj in ipaddress.IPv4Network('10.0.0.0/8'): 38 | return True 39 | if ipobj in ipaddress.IPv4Network('172.16.0.0/12'): 40 | return True 41 | if ipobj in ipaddress.IPv4Network('192.168.0.0/16'): 42 | return True 43 | if ipobj in ipaddress.IPv4Network('127.0.0.0/8'): 44 | return True 45 | return False 46 | 47 | 48 | def domain_inscope(domain:str, scope:Dict[str,Any]): 49 | for p in scope["domains"]: 50 | if domain == p: 51 | return True 52 | for refilter in scope["sub_refilters"]: 53 | if re.search(refilter, domain): 54 | return False 55 | if scope["subs_recon"] and domain.endswith("." + p): 56 | return True 57 | return False 58 | 59 | 60 | def domains_setscope(domains:Dict[str,Any], scopes:Dict[str,Any]): 61 | for d in domains: 62 | d["scope"] = "unknown" 63 | for s in scopes: 64 | if domain_inscope(d["host"], s): 65 | d["scope"] = s["name"] 66 | break 67 | 68 | 69 | def threshold_filter(items:Dict[str,Any], item_key:str, threshold:int): 70 | filtred = [] 71 | wc = collections.Counter([x[item_key] for x in items]) 72 | for wkey in [k for k in wc if wc[k] > threshold]: 73 | logging.info(f"{wkey} count {wc[wkey]} is weird") 74 | filtred.extend([x for x in items if x[item_key] == wkey]) 75 | items = list([x for x in items if x[item_key] != wkey]) 76 | 77 | return items, filtred 78 | 79 | 80 | def scope_update(arr, scope_name): 81 | for item in arr: 82 | item['scope'] = scope_name 83 | 84 | 85 | class uniq_list(list): 86 | 87 | def __init__(self, key:str) -> None: 88 | self._key = key 89 | self._seenkees = set() 90 | 91 | def extend(self, inl): 92 | for obj in inl: 93 | if self._isuniq(obj): 94 | super().append(obj) 95 | 96 | def append(self, obj) -> None: 97 | if self._isuniq(obj): 98 | super().append(obj) 99 | 100 | def _isuniq(self, obj): 101 | iv = obj[self._key] 102 | if iv not in self._seenkees: 103 | self._seenkees.add(iv) 104 | return True 105 | 106 | 107 | def hit_tostr(x): 108 | return f'{x["scope"]}: {x.get("matched-at","")} [{x["info"]["severity"]}] {x["template-id"]} {x.get("matcher-name","")} {x.get("extracted-results","")}' 109 | -------------------------------------------------------------------------------- /modules/vulns.py: -------------------------------------------------------------------------------- 1 | import logging 2 | from subprocess import Popen, PIPE, run, STDOUT 3 | from config import config, glob, alerter 4 | import json 5 | import re 6 | import os 7 | from typing import Dict, List 8 | from utils.common import hit_tostr 9 | from _thread import start_new_thread 10 | 11 | 12 | nuclei_stderr = "" 13 | 14 | def process_errors(stderr): 15 | global nuclei_stderr 16 | with stderr: 17 | for line in stderr: 18 | print(line, end="") 19 | nuclei_stderr += line 20 | 21 | 22 | def nuclei_active(nuclei_cmd_or: List[str], http_probes): 23 | nuclei_update() 24 | nuclei_cmd = nuclei_cmd_or.copy() 25 | for t in config['nuclei']['exclude_templates']: 26 | nuclei_cmd.extend(['-et', t]) 27 | 28 | logging.info(" ".join(nuclei_cmd)) 29 | proc = Popen(nuclei_cmd, text=True, bufsize=1, stderr=PIPE, stdout=PIPE, stdin=PIPE, errors="backslashreplace") 30 | 31 | start_new_thread(process_errors, (proc.stderr,)) 32 | start_new_thread(stdinwrite, (http_probes, proc.stdin)) 33 | 34 | for line in proc.stdout: 35 | logging.debug(line.strip()) 36 | p = json.loads(line.strip()) 37 | if 'matched-at' not in p: 38 | p['matched-at'] = p['url'] 39 | p_scope = next( (x['scope'] for x in http_probes if x['url'] == p['host']), None ) 40 | # second attempt domain in url 41 | if not p_scope: 42 | p_scope = next( (x['scope'] for x in http_probes if p['host'] in x['url']), 'unknown' ) 43 | p['scope'] = p_scope 44 | logging.info(hit_tostr(p)) 45 | yield p 46 | 47 | 48 | #check only on all templates scan 49 | if not '-tags' in nuclei_cmd: 50 | nuclei_check_templates_count(nuclei_stderr) 51 | 52 | 53 | def stdinwrite(http_probes, stdin): 54 | incount = 0 55 | with stdin: 56 | for d in http_probes: 57 | stdin.write(d["url"] + "\n") 58 | incount += 1 59 | logging.info(f"{incount} items writed to stdin") 60 | 61 | 62 | def parse_passive_host(file: str): 63 | return file.split('/')[-2] 64 | 65 | 66 | def nuclei_passive(probes_dir, all_probes, type = 'passive'): 67 | #delete (passive scanner can't parse it) 68 | index_file = glob.httprobes_savedir + '/index.txt' 69 | os.remove(index_file) 70 | 71 | if type == 'file': 72 | nuclei_cmd = config['nuclei']['file_cmd'].copy() 73 | else: 74 | nuclei_cmd = config['nuclei']['passive_cmd'].copy() 75 | 76 | nuclei_cmd.extend(['-target', probes_dir]) 77 | for t in config['nuclei']['exclude_templates']: 78 | nuclei_cmd.extend(['-et', t]) 79 | logging.info(" ".join(nuclei_cmd)) 80 | nuclei_res = run(nuclei_cmd, text=True, stderr=PIPE, stdout=PIPE) 81 | nuclei_check_templates_count(nuclei_res.stderr) 82 | logging.info(nuclei_res.stderr) 83 | logging.info(nuclei_res.stdout) 84 | nuclei_hits = [json.loads(x) for x in nuclei_res.stdout.splitlines()] 85 | 86 | for p in nuclei_hits: 87 | p['host'] = parse_passive_host(p['matched-at']) #only host[:port] 88 | p_scope = next( (x['scope'] for x in all_probes if '//' + p['host'] in x['url']) , 'unknown' ) 89 | p['scope'] = p_scope 90 | return nuclei_hits 91 | 92 | 93 | def nuclei_check_templates_count(nuclei_res_stderr): 94 | ''' Templates loaded for scan: 507 ''' 95 | templates_loaded = None 96 | templates_invalid = 0 97 | m = re.search("Templates loaded for current scan: (\d+)", nuclei_res_stderr) 98 | if m: 99 | templates_loaded = int(m.group(1)) 100 | m = re.search("Found (\d+) templates with syntax error", nuclei_res_stderr) 101 | if m: 102 | templates_invalid = int(m.group(1)) 103 | 104 | if not templates_loaded or templates_loaded < templates_invalid: 105 | er_m = f"Is something wrong with nuclei templates? loaded: {templates_loaded}, invalid: {templates_invalid}" 106 | alerter.notify(er_m) 107 | 108 | logging.info(f"nuclei templates check: loaded {templates_loaded}, invalid {templates_invalid}") 109 | return templates_loaded 110 | 111 | 112 | def nuclei_update(): 113 | logging.info("Updating nuclei tempates") 114 | nuclei_templates_dir = f"./nuclei-templates" 115 | # git clone templates to update https://github.com/projectdiscovery/nuclei-templates.git 116 | templ_up_res = run(['nuclei', '-ut', '-ud', nuclei_templates_dir ], text=True, stderr=STDOUT, stdout=PIPE) 117 | logging.info(templ_up_res.stdout) -------------------------------------------------------------------------------- /config.dist.yaml: -------------------------------------------------------------------------------- 1 | scope: 2 | - name: hackerone 3 | domains: [hackerone.com] 4 | # subs_recon: true # by default 5 | # cidr: 6 | # - 127.0.0.1/32 7 | # sub_refilters: 8 | # - \.(stage|dev|test)\.hackerone\.com$ 9 | # - \.test\.internal\.hackerone\.com$ 10 | 11 | alerts: 12 | use: telegram 13 | # https://core.telegram.org/bots/tutorial 14 | # Get Chat ID https://gist.github.com/nafiesl/4ad622f344cd1dc3bb1ecbe468ff9f8a#get-chat-id-for-a-private-chat 15 | telegram: 16 | token: ... 17 | chat_id: ... 18 | msg_max_size: 1000 # Larger message will be sent as a txt file 19 | # vkteams https://teams.vk.com/botapi/tutorial/ 20 | vkteams: 21 | host: ... 22 | token: ... 23 | chat_id: ... 24 | msg_max_size: 1000 # Larger message will be sent as a txt file 25 | 26 | 27 | juicer_filters: 28 | cname: [] 29 | tls_dns: [] 30 | title404: [] 31 | location: [] 32 | 33 | db: 34 | conn_str: 'mongodb://bbmongodb:27017' 35 | database: 'autobbdb' 36 | 37 | subfinder: 38 | cmd: [ 39 | 'subfinder', 40 | # '-config', './subfinder_config.yaml' 41 | ] 42 | 43 | nuclei: 44 | exclude_templates: [] 45 | # exclude_templates: 46 | # - ./nuclei-templates/http/technologies/tech-detect.yaml 47 | # - ./nuclei-templates/http/technologies/nginx/nginx-version.yaml 48 | cmd: [ 49 | 'nuclei', '-no-color', '-jsonl', 50 | #'-t', "./nuclei-my-templates", 51 | '-t', './nuclei-templates', 52 | '-bulk-size', '50', 53 | '-concurrency', '4', 54 | ] 55 | # network templates on ports without http(s) 56 | network_cmd: [ 57 | 'nuclei', '-no-color', '-jsonl', 58 | #'-t', "./nuclei-my-templates", 59 | '-t', './nuclei-templates', 60 | '-tags', 'network', # only network templates 61 | '-bulk-size', '50', 62 | '-concurrency', '4', 63 | ] 64 | passive_cmd: [ 65 | 'nuclei', '-no-httpx', '-no-color', '-jsonl', '-passive', 66 | '-c', '3', 67 | '-bs', '1', 68 | '-t', './nuclei-templates', 69 | #'-t', './nuclei-my-templates', 70 | ] 71 | 72 | naabu: 73 | cmd: [ 74 | 'naabu', '-exclude-cdn', '-no-color', '-json', '-silent', 75 | '-exclude-ports', '80,443', #checked with httpx ? remove on ports first 76 | ] 77 | # top100 78 | ports_onnew: >- 79 | 7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990, 80 | 993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432, 81 | 5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157 82 | # top100 83 | ports: >- 84 | 7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990, 85 | 993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432, 86 | 5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157 87 | 88 | httpx: 89 | cmd: [ 90 | 'httpx', '-json', '-tech-detect', '-tls-grab', '-follow-host-redirects', '-silent', 91 | '-deny', '10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16,127.0.0.0/8', #private networks 92 | ] 93 | threads: 100 94 | threads_onnew: 100 95 | 96 | wordlist: 'example/subdomains-top1million-5000.txt' 97 | httprobes_history: 5 98 | sub_domains_weird_threshold: 7000 99 | ports_weird_threshold: 30 100 | nuclei_one_time_max: 1000 101 | shuffledns: 102 | cmd: [ 103 | 'shuffledns', '--silent', '-sw', '-duc', '-r', './example/resolvers', 104 | '-t', '5000', #10000 default 105 | ] 106 | dnsx: 107 | cmd: ['dnsx', '--json', '--silent', '-threads', '5'] 108 | cmd_ptr: ['dnsx', '--json', '-ptr', '--silent', '-threads', '5'] 109 | dnsgen: 110 | wordlen: 2 111 | fast: false 112 | max: 1000000 113 | domain_filter: 114 | max_sub: 4 # www.eeee.ddd.fff.domain.tld (4) 115 | max_len: 50 # minus dot parent length 116 | 117 | puredns: 118 | cmd: [ 119 | 'puredns', 'resolve', '-q', 120 | '-r', './example/resolvers', 121 | '--rate-limit', '3000', 122 | '--rate-limit-trusted', '500', 123 | #'--wildcard-batch', '2000000' 124 | ] 125 | timeout: 120 126 | chunk_vol_max: 4000000 127 | 128 | #fullscan.py 129 | fullscan: 130 | host_alive_in_days: 7 131 | chunk_max: 800 132 | nuclei_cmd: [ 133 | 'nuclei', '-no-color', '-jsonl', 134 | #'-t', "./nuclei-my-templates", 135 | '-t', './nuclei-templates', 136 | '-bulk-size', '50', 137 | '-concurrency', '4', 138 | '-severity', 'high,critical', 139 | ] -------------------------------------------------------------------------------- /juicy.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import re 3 | import sys 4 | import json 5 | 6 | def domain_cname_notinscope(domain, scopes, filters, weight = 10): 7 | """cname is not born from scope domains, except filters['cname']""" 8 | cnames = domain.get('cname',[]) 9 | for cname in cnames: 10 | scope_parents = next( (s['domains'] for s in scopes if s['name']==domain['scope']) ) 11 | #global filter cnames suffixes 12 | scope_parents.extend(filters['cname']) 13 | if not cname.lower().rstrip('.').endswith( tuple([x for x in scope_parents]) ): 14 | return f" !CNAME:{cname}", weight 15 | 16 | 17 | def probe_cert_notinscope(http_probe, scopes, filters, weight = 10): 18 | """cert common name is not compare with scope domains""" 19 | if 'tls' not in http_probe: 20 | return False 21 | cert_cn = [] 22 | # extension_server_name is not validate domain! don't add it ) 23 | if 'subject_cn' in http_probe['tls']: 24 | cert_cn.append( re.sub("^\*\.",'', http_probe['tls']['subject_cn']) ) 25 | cert_cn.extend( [re.sub("^\*\.",'',x) for x in http_probe['tls'].get('subject_an', []) ]) 26 | cert_cn = list(dict.fromkeys(cert_cn)) # remove dupes same order 27 | for cn in cert_cn: 28 | scope_parents = next( (s['domains'] for s in scopes if s['name']==http_probe['scope']) ) 29 | scope_parents.extend(filters['tls_dns']) 30 | if cn.lower().endswith( tuple([x for x in scope_parents]) ): 31 | return False #valid 32 | return f" !TLS_DNS:{cert_cn[:2]}", weight 33 | 34 | 35 | def probe_cname_404(http_probe, scopes, filters, weight = 10): 36 | """cname is not born from scope domains, except filters['cname']""" 37 | cnames = http_probe.get('cnames',[]) #there is a cnameS in probe not cname 38 | for cname in cnames: 39 | scope_parents = next( (s['domains'] for s in scopes if s['name']==http_probe['scope']) ) 40 | #global filter cnames suffixes 41 | scope_parents.extend(filters['cname']) 42 | if http_probe['status_code'] == 404 and not cname.lower().rstrip('.').endswith( tuple([x for x in scope_parents]) ): 43 | return f" !CNAME404:{cname}", weight 44 | 45 | 46 | def probe_unusual404title(http_probe, scopes, filters, weight = 1): 47 | """Usually title on 404 is not exists or empty""" 48 | title = http_probe.get('title', '') 49 | for filter in filters.get('title404',''): 50 | if filter in title: 51 | return False 52 | if http_probe['status_code'] == 404 and len(title) > 0: 53 | return f" !404t:{len(title)}", weight 54 | 55 | 56 | def have_diffs(item, scopes, filters, weight_by_diff = 1): 57 | """ 58 | more diffs more weight 59 | """ 60 | if 'diffs' in item: 61 | return f" !diffs:{item['diffs']}", weight_by_diff * len(item['diffs']) 62 | 63 | 64 | def probe_location_notinscope(http_probe, scopes, filters, weight = 10): 65 | """redirected to domain outside the scope""" 66 | if 'location' not in http_probe: 67 | return False 68 | hostm = re.match(r'(http|https)://([0-9a-z\._-]+):?\d*', http_probe['location'].lower()) 69 | if not hostm: 70 | return False 71 | host = hostm.group(2) 72 | scope_parents = next( (s['domains'] for s in scopes if s['name']==http_probe['scope']) ) 73 | scope_parents.extend(filters.get('locations', [])) 74 | 75 | if host.endswith( tuple([x for x in scope_parents]) ): 76 | return False #valid 77 | 78 | return f" !30x:{host}", weight 79 | 80 | 81 | def probe_unusual_ports(http_probe, scopes, filters, weight = 20): 82 | if int(http_probe['port']) not in [80, 443]: 83 | return f" !port:{http_probe['port']}", weight 84 | 85 | 86 | def juicer(items, validators, scopes, filters): 87 | """items juicer""" 88 | for item in items: 89 | item['juicy_weight'] = 0 90 | item['juicy_info'] = '' 91 | for validator in validators: 92 | res = validator(item, scopes, filters) 93 | if res: 94 | item['juicy_weight'] += res[1] 95 | item['juicy_info'] += res[0] 96 | 97 | 98 | # validators 99 | domain_validators = [domain_cname_notinscope,have_diffs] 100 | http_probes_validators = [probe_unusual_ports, probe_cert_notinscope, probe_cname_404, probe_unusual404title, probe_location_notinscope, have_diffs] 101 | 102 | 103 | if __name__=="__main__": 104 | from config import config, db, scopes 105 | juicy_sorts = [ 106 | {'name':'domains', 'db':'domains', 'validator':domain_validators}, 107 | {'name':'http_probes', 'db':'http_probes', 'validator':http_probes_validators}, 108 | ] 109 | if len(sys.argv) != 2 or sys.argv[1] not in [x['name'] for x in juicy_sorts]: 110 | print(f"Error! Choose the type of juice from: {', '.join([x['name'] for x in juicy_sorts])}") 111 | print('Example: ./juicy.py domains | jq \'[.host, .juicy_weight, .juicy_info, .title] | join(" ")\' -r') 112 | sys.exit(1) 113 | 114 | juicy_type = next( (x for x in juicy_sorts if x['name'] == sys.argv[1]) ) 115 | 116 | items = [] 117 | for sn in [x['name'] for x in scopes]: 118 | items.extend(db[juicy_type['db']].find( {'scope':sn} )) 119 | juicer(items, juicy_type['validator'], scopes, config['juicer_filters']) 120 | items.sort(key=lambda x: x['juicy_weight'], reverse=True) 121 | for it in items: 122 | if it['juicy_weight'] == 0: 123 | continue 124 | it.pop('_id') 125 | it.pop('add_date') 126 | it.pop('last_alive') 127 | print(json.dumps(it)) 128 | 129 | -------------------------------------------------------------------------------- /modules/domain.py: -------------------------------------------------------------------------------- 1 | from typing import Dict, List 2 | import logging 3 | import re 4 | import subprocess 5 | from dnsgen import dnsgen 6 | from utils.common import file_to_list, is_private_ip 7 | import itertools 8 | import random 9 | from config import config, glob, alerter 10 | import json 11 | from functools import partial 12 | import uuid 13 | import os 14 | 15 | 16 | def subdomain_isgood(d:str, parent:str): 17 | plen = len(parent) + 1 18 | if not d.endswith('.' + parent) and d != parent: 19 | return False 20 | if len(d) - plen > config['domain_filter']['max_len']: 21 | return False 22 | if len(d[:-plen].split('.')) > config['domain_filter']['max_sub']: 23 | return False 24 | return True 25 | 26 | 27 | def brute_subs(domain, wordlist): 28 | ''' 29 | return set with all possible subs with config['wordlist'] 30 | ''' 31 | wl = map(str.lower, file_to_list(wordlist)) 32 | return set(map(lambda x: f"{x}.{domain}", wl)) 33 | 34 | 35 | def subfinder(domain:str): 36 | ''' 37 | subfinder for 1 domain at a time 38 | ''' 39 | cmd = config['subfinder']['cmd'].copy() 40 | cmd.extend(['-d', domain]) 41 | out = set() 42 | subfinder_res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) 43 | #trash results filter 44 | for l in subfinder_res.stdout.splitlines(): 45 | l = l.strip().lower() 46 | # trash subfinder results filter 47 | if not subdomain_isgood(l, domain): 48 | continue 49 | out.add(l) 50 | return out 51 | 52 | 53 | def subdomains_gen(domain, oldsubs, wordlist = None, alts_max=200000, alts_wordlen=2): 54 | ''' 55 | only string subs 56 | subfinder + brute + alts 57 | ''' 58 | #sub filter for exact parent domain 59 | subf = partial(subdomain_isgood, parent = domain) 60 | 61 | # 1) get all from subfinder 62 | subs = set() 63 | subs.update(filter(subf, subfinder(domain))) 64 | logging.info(f"{domain} +{len(subs)} subfinder") 65 | 66 | subs.add(domain) 67 | #already reconed subdomains from database 68 | subs.update(filter(subf, map(str.lower, oldsubs))) 69 | 70 | if wordlist: 71 | # 2) brute subs 72 | subs_brute = set(filter(subf, brute_subs(domain, wordlist))) 73 | logging.info(f"{domain} +{len(subs_brute)} from {wordlist}") 74 | subs.update(subs_brute) 75 | 76 | # make alts from old subs 77 | if alts_max and alts_max > 0: 78 | random.shuffle(oldsubs) 79 | subs_alts_gen = dnsgen.generate(oldsubs, wordlen=alts_wordlen, fast=False) 80 | subs_alts = set(itertools.islice(filter(subf, subs_alts_gen), alts_max)) 81 | logging.info(f"{domain} +{len(subs_alts)} alt subdomains from {len(oldsubs)} old ones (dnsgen wordlen={alts_wordlen} fast=False)") 82 | subs.update(subs_alts) 83 | 84 | logging.info(f"{domain} {len(subs)} in total subdomains to check") 85 | return subs 86 | 87 | 88 | def shuffledns(domains, domain): 89 | cmd = config['shuffledns']['cmd'].copy() 90 | cmd.extend(['-d', domain]) 91 | stdin_text = "\n".join(domains)+'\n' 92 | logging.info(' '.join(cmd)) 93 | out = set() 94 | res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, input=stdin_text, text=True) 95 | for l in res.stdout.splitlines(): 96 | l = l.strip().lower() 97 | out.add(l) 98 | return out 99 | 100 | 101 | def dnsx(domains): 102 | cmd = config['dnsx']['cmd'].copy() 103 | stdin_text = "\n".join(domains)+'\n' 104 | logging.info(f"{len(domains)} domains | " + ' '.join(cmd)) 105 | res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, input=stdin_text, text=True) 106 | domains = [json.loads(x) for x in res.stdout.splitlines()] 107 | domains = list(filter(lambda d: 'a' in d, domains)) 108 | revdns(domains) 109 | return domains 110 | 111 | 112 | def revdns(domains): 113 | """ add ptr from a to each domain in list""" 114 | cmd = config['dnsx']['cmd_ptr'].copy() 115 | d_ips = set() 116 | for d in domains: 117 | for a in d['a']: 118 | if not is_private_ip(a): 119 | d_ips.add(a) 120 | stdin_text = "\n".join(d_ips)+'\n' 121 | res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, input=stdin_text, text=True) 122 | logging.info(' '.join(cmd)) 123 | ptrs = [json.loads(x) for x in res.stdout.splitlines()] 124 | for d in domains: 125 | ptr = set() 126 | for p in ptrs: 127 | if 'ptr' in p and p['host'] in d['a']: 128 | ptr.update(map(str.lower, p['ptr'])) 129 | if ptr: 130 | d['a_rev'] = list(ptr) 131 | 132 | 133 | def puredns(domains, timeout = 120): 134 | ''' 135 | puredns (resolve + wildcard filter) on input iterable 136 | ''' 137 | write_out_file = f"{glob.tmp_dir}/purednsout_{str(uuid.uuid4())}" 138 | in_file = f"{glob.tmp_dir}/purednsin_{str(uuid.uuid4())}" 139 | cmd = config['puredns']['cmd'].copy() 140 | cmd.insert(2, in_file) 141 | cmd.extend(['--write', write_out_file]) 142 | c = 0 143 | with open(in_file, 'w') as f: 144 | for d in domains: 145 | f.write(f"{d}\n") 146 | c += 1 147 | logging.info(f"{c} domains | " + ' '.join(cmd)) 148 | try: 149 | res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, 150 | text=True, errors="backslashreplace", 151 | timeout=timeout * 60) 152 | if res.stderr: 153 | logging.error(res.stderr) 154 | except subprocess.TimeoutExpired: 155 | logging.error("Puredns timeout!") 156 | results = file_to_list(write_out_file) 157 | results = map(str.lower, results) 158 | # delete in files because of size 159 | os.remove(in_file) 160 | # only uniq 161 | return list(set(results)) 162 | 163 | 164 | def issub(sub, domain): 165 | if sub == domain: 166 | return True 167 | if sub.endswith('.' + domain): 168 | return True 169 | return False 170 | 171 | 172 | def domain_purespray(domains, old_subs, alts_max, wordlist, timeout=120) -> List[Dict]: 173 | """ 174 | spray puredns check of random subs an set scope to them, 175 | return list of Dict {'host', 'parent_host','scope'??} 176 | """ 177 | chsubs = list() 178 | for d in domains: 179 | domain_subs = list(filter(lambda x: subdomain_isgood(x['host'], d), old_subs)) 180 | oldsubs_list = list([ x['host'] for x in domain_subs ]) 181 | chsubs.extend(subdomains_gen(d,oldsubs_list, wordlist, alts_max=alts_max )) 182 | #pure subs shuffle !! 183 | random.shuffle(chsubs) 184 | puresubs = puredns(chsubs, timeout) 185 | subobjs = [] 186 | for d in [dict(host=x,parent_host="unknown") for x in puresubs]: 187 | #set parent (for weird calc) 188 | for p in domains: 189 | if issub(d['host'], p): 190 | d['parent_host'] = p 191 | subobjs.append(d) 192 | return subobjs 193 | -------------------------------------------------------------------------------- /subs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | from typing import List 3 | import os 4 | import random 5 | import re 6 | import logging 7 | import argparse 8 | from datetime import datetime 9 | import shutil 10 | import compare 11 | import math 12 | import ipaddress 13 | import traceback 14 | from juicy import juicer, http_probes_validators, domain_validators 15 | from modules.domain import dnsx, domain_purespray 16 | from modules.http import httprobes 17 | from modules.port import portprobes 18 | from modules.vulns import nuclei_active, nuclei_passive 19 | from utils.common import domains_setscope, threshold_filter, scope_update, domain_inscope 20 | from utils.common import uniq_list, file_lines_count, hit_tostr 21 | from config import config, scopes, db, glob, alerter 22 | 23 | 24 | def notify_block(title, items:list, lines_num:int = None): 25 | out = f"{title}\n" 26 | if len(items): 27 | if lines_num and len(items) > lines_num: 28 | out += "\n".join(items[:lines_num]) + "\n...\n" 29 | else: 30 | out += "\n".join(items) + '\n' 31 | return out 32 | 33 | 34 | def severity_sort(nuclei_res_l): 35 | ''' 36 | sort by severity [critical] [high] [medium] [low] [info] 37 | ''' 38 | skeys = ['critical', 'high', 'medium', 'low', 'unknown', 'info'] 39 | nuclei_res_l.sort( key=lambda x: [i for i,v in enumerate(skeys) if x['info']['severity'] == v] ) 40 | 41 | 42 | def cli_args(): 43 | parser = argparse.ArgumentParser(description='$$$') 44 | parser.add_argument('--dns-brute', action='store_true', help='bruteforce subdomains with wordlist') 45 | parser.add_argument('--dns-alts', action='store_true', help='try alternative permutated subdomains, based on finded') 46 | parser.add_argument('--workflow-olds', action='store_true', help='httpprobe old subs to find changes, else check only new subdomains') 47 | parser.add_argument('--ports', action='store_true', help='scan ports top 1000 - on new top 100 on old') 48 | parser.add_argument('--ports-olds', action='store_true', help='rescan ports top 100 on old probes') 49 | parser.add_argument('--nuclei', action='store_true', help='nuclei tests on new') 50 | parser.add_argument('--passive', action='store_true', help='passive nuclei checks') 51 | args = parser.parse_args() 52 | return args 53 | 54 | 55 | def db_get_modified_domains (items, db_collection): 56 | return db_get_modified( items, db_collection, ['host'], ['host','a','a_rev','cname','scope'], compare.domain ) 57 | 58 | 59 | def db_get_modified(items, db_collection, key_fields, fields, compare_func): 60 | """returns modified(by compare_fields) an new items, update 61 | 62 | key_field - key for find same item in db, 63 | fields - use only these to insert and update items in db collection, 64 | db_collection - mongodb collection, 65 | compare_fields - fields to find modified items 66 | """ 67 | 68 | for item in items: 69 | update_query = { '$set':{'last_alive': datetime.now()}, '$unset': {} } 70 | #construct update query 71 | for f in fields: 72 | if f in item: 73 | update_query['$set'][f] = item[f] 74 | else: 75 | update_query['$unset'][f] = '' 76 | #construct find query 77 | find_q = {} 78 | for key_field in key_fields: 79 | find_q[key_field] = item.get(key_field) 80 | 81 | old_item = db_collection.find_one_and_update(find_q, update_query) 82 | 83 | if not old_item: 84 | insert_item = {} 85 | insert_item['add_date'] = insert_item['last_alive'] = datetime.now() 86 | for f in fields: 87 | if f in item: 88 | insert_item[f] = item[f] 89 | res = db_collection.insert_one(insert_item) 90 | item['_id'] = res.inserted_id 91 | yield item 92 | else: 93 | # find changed based on compare_func 94 | item['_id'] = old_item['_id'] 95 | # _diffs_history init 96 | if '_diffs_history' in old_item: 97 | item['_diffs_history'] = old_item['_diffs_history'] 98 | 99 | # at first compare without history update diffs if needed 100 | comp_res = compare_func(item, old_item) 101 | if not comp_res['equal']: 102 | #write old values from diffs to _diffs_history and update _diffs_history in DB 103 | if not '_diffs_history' in old_item: 104 | item['_diffs_history'] = [] 105 | # add onlly uniq 106 | if not comp_res['diffs'] in item['_diffs_history']: 107 | item['_diffs_history'].append(comp_res['diffs']) 108 | #update 109 | db_collection.update_one({'_id': item['_id']}, {'$set': {'_diffs_history': item['_diffs_history']}}) 110 | 111 | # second stage compare with history Not simple compare because of tld sub filters 112 | comp_res_history = compare_func(item, old_item, True) 113 | if not comp_res_history['equal']: 114 | item['diffs'] = comp_res['diffs'] 115 | yield item 116 | 117 | 118 | def small_scopes_slice(items, scopes, max): 119 | """ small scopes at first [][:max]shuffle """ 120 | out = [] 121 | out_items = [] 122 | for scope_name in [x['name'] for x in scopes]: 123 | scope_items = [x for x in items if x['scope'] == scope_name] 124 | if len(scope_items) > 0: 125 | out.append( (scope_name, scope_items) ) 126 | out.sort( key=lambda x: len(x[1]) ) 127 | for s in out: 128 | out_items.extend(s[1]) 129 | out_items = out_items[:max] 130 | random.shuffle(out_items) 131 | return out_items[:max] 132 | 133 | 134 | def sites_equal_filter(sites): 135 | filter_keys = ['scope', 'status_code', 'title', 'content_length'] 136 | # webserver?, technologies? 137 | uniq_sites = [] 138 | out_sites = [] 139 | for site in sites: 140 | fsite = {k : site.get(k, None) for k in filter_keys} 141 | if fsite not in uniq_sites: 142 | uniq_sites.append(fsite) 143 | out_sites.append(site) 144 | return out_sites 145 | 146 | 147 | def sites_workflow(domains, httpx_threads=1): 148 | ''' 149 | http probes -> find_new -> nuclei 150 | 151 | domains - list of subdomains/ports objects to check 152 | ''' 153 | # random order for httpx 154 | random.shuffle(domains) 155 | if args.passive: 156 | httprobe_res = httprobes(domains, threads=httpx_threads, savedir=glob.httprobes_savedir) 157 | else: 158 | httprobe_res = httprobes(domains, threads=httpx_threads) 159 | 160 | #new probes 161 | up_fields = ["url", "scheme","port","hash","a","cnames","input", "location","title","webserver", 162 | "content_type","method","host","content_length","words","lines","chain_status_codes","status_code","tls", 163 | "time","tech","final_url",'scope'] 164 | sites_new = list(db_get_modified(httprobe_res, db['http_probes'], ['url'], up_fields, compare.http_probe)) 165 | #todo filter equal by scope same code,title, content-lenght?, technologies? 166 | sites_new = sites_equal_filter(sites_new) 167 | 168 | logging.info(f"{len(sites_new)} new http probes found") 169 | 170 | if len(sites_new) == 0: 171 | return 172 | 173 | juicer(sites_new, http_probes_validators, scopes, config['juicer_filters']) 174 | notify_by_weight(sites_new, "probe(s)", lambda x: f"{x['url']} [{x['status_code']}] [{x.get('title','')}]{x['juicy_info']}") 175 | 176 | if not args.nuclei: 177 | return 178 | 179 | sites_new = small_scopes_slice(sites_new, scopes, config['nuclei_one_time_max']) 180 | 181 | # new site fingerpints nuclei scan 182 | nuclei_hits = nuclei_active(config['nuclei']['cmd'], sites_new) 183 | #new nuclei hits 184 | up_fields = ["template-id","info","type","matcher-name","host","matched-at","meta","extracted-results","interaction","scope","curl-command"] 185 | index_fields = ["template-id","matcher-name","matched-at"] 186 | nuclei_hits_new = db_get_modified(nuclei_hits, db['nuclei_hits'], index_fields, up_fields, compare.nuclei_hit) 187 | nuclei_notify(nuclei_hits_new, hit_tostr) 188 | 189 | 190 | def nuclei_notify(nuclei_hits_new, print_func, prefix=""): 191 | nuclei_hits_new = list(nuclei_hits_new) 192 | severity_sort(nuclei_hits_new) 193 | lines = [ print_func(x) for x in nuclei_hits_new ] 194 | filters = config['alerts'].get('filter', []) 195 | notify_msg = "\n".join( [item for item in lines if not any(re.search(regex, item) for regex in filters)] ) 196 | if notify_msg: 197 | alerter.notify(prefix + notify_msg) 198 | 199 | 200 | def passive_workflow(all_http_probes): 201 | for scan_type in ['passive']: 202 | passive_results = nuclei_passive(glob.httprobes_savedir, all_http_probes, scan_type) 203 | 204 | #new nuclei hits 205 | up_fields = ["template-id","info","type","matcher-name","host","port","path","matched-at","meta","extracted-results","scope"] 206 | index_fields = ["template-id","matcher-name","host"] 207 | nuclei_hits_new = db_get_modified(passive_results, db['nuclei_passive_hits'], index_fields, up_fields, compare.nuclei_hit) 208 | nuclei_hits_new = list(nuclei_hits_new) 209 | nuclei_notify( 210 | nuclei_hits_new, 211 | lambda x: f'{x["scope"]}: {x["host"]} [{x["info"]["severity"]}] {x["template-id"]} {x.get("matcher-name","")} {x.get("extracted-results","")}', 212 | f"Passive scan at {glob.httprobes_savedir}:\n" 213 | ) 214 | 215 | 216 | def notify_ports(port_probes): 217 | notify_lines = [] 218 | uniq_ips = set([x['ip'] for x in port_probes]) 219 | for ip in uniq_ips: 220 | ip_ports = list(set([ int(x['port']) for x in port_probes if x['ip']==ip ])) 221 | ip_ports.sort() 222 | ip_hosts = list(set([ x['host'] for x in port_probes if x['ip']==ip ])) 223 | notify_lines.append(f"{ip} {ip_hosts} {ip_ports}") 224 | 225 | if notify_lines: 226 | msg = notify_block(f"+{len(port_probes)} new ports.", notify_lines) 227 | alerter.notify(msg) 228 | 229 | 230 | def notify_by_weight(items:List, title_suffix, print_item_func): 231 | """notify on new or modified items, group by scope, sort by scope juicy weight (mute)""" 232 | items.sort(key=lambda x: x['juicy_weight'], reverse=True) 233 | notify_msg = f"+{len(items)} {title_suffix}.\n" 234 | notify_msg += "\n".join( [ f"{i['scope']}: {print_item_func(i)}" for i in items ] ) 235 | alerter.notify(notify_msg) 236 | 237 | 238 | def new_ports_workflow(port_items): 239 | #non http ports nuclei scan 240 | for h in port_items: 241 | h['url'] = f"{h['host']}:{h['port']}" 242 | nuclei_hits = nuclei_active(config['nuclei']['network_cmd'], port_items) 243 | up_fields = ["template-id","info","type","matcher-name","host","matched-at","meta","extracted-results","interaction","scope","curl-command"] 244 | index_fields = ["template-id","matcher-name","matched-at"] 245 | nuclei_hits_new = db_get_modified(nuclei_hits, db['nuclei_hits'], index_fields, up_fields, compare.nuclei_hit) 246 | nuclei_hits_new = list(nuclei_hits_new) 247 | severity_sort(nuclei_hits_new) 248 | notify_msg = "\n".join( [ f'{x["scope"]}: {x["matched-at"]} [{x["info"]["severity"]}] {x["template-id"]} {x.get("matcher-name","")} {x.get("extracted-results","")}' for x in nuclei_hits_new ] ) 249 | alerter.notify(notify_msg) 250 | 251 | 252 | def hosts_from_cidrs_ips(scope): 253 | hosts = [] 254 | for cidr in scope.get('cidr', []): 255 | hosts.extend( [ {'host':str(ip), 'scope': scope['name']} for ip in ipaddress.IPv4Network(cidr)] ) 256 | 257 | #ips 258 | hosts.extend( [ {'host':ip, 'scope': scope['name']} for ip in scope.get('ips', []) ] ) 259 | 260 | return hosts 261 | 262 | 263 | def chunk_size_calc(recon_domains_count: int): 264 | wlc = file_lines_count(config['wordlist']) if args.dns_brute else 0 265 | dnsgenc = config['dnsgen']['max'] if args.dns_alts else 0 266 | subs_on_one = wlc + dnsgenc + 1000 267 | all_count = subs_on_one * recon_domains_count 268 | chunks_num_min = math.ceil(all_count / config['puredns']['chunk_vol_max']) 269 | chunk_size = math.floor(recon_domains_count / chunks_num_min) 270 | if chunk_size == 0: 271 | chunk_size = 1 272 | chunks_num = math.ceil(recon_domains_count / chunk_size) 273 | return chunks_num, chunk_size 274 | 275 | 276 | def main(): 277 | logging.basicConfig( 278 | level=logging.INFO, 279 | format="%(asctime)s [%(levelname)s] %(message)s", 280 | datefmt='%Y-%m-%d %H:%M', 281 | handlers=[ 282 | logging.StreamHandler(), 283 | logging.FileHandler(glob.tmp_dir + '/subs.log', 'w') 284 | ] 285 | ) 286 | 287 | old_scopes_subs = uniq_list('host') 288 | subs_now = uniq_list('host') 289 | 290 | recon_domains = set() 291 | for scope in scopes: 292 | logging.info(f"Collect {scope['name']}'s subdomains") 293 | tmp_scope_subs = db['domains'].find({'scope': scope['name']}) 294 | old_clean_subs = filter(lambda d: domain_inscope(d['host'], scope), tmp_scope_subs) 295 | old_scopes_subs.extend(old_clean_subs) 296 | #add cidrs/ips to old 297 | old_scopes_subs.extend(hosts_from_cidrs_ips(scope)) 298 | 299 | if scope['subs_recon'] == True: 300 | recon_domains.update(scope['domains']) 301 | else: 302 | #process not recon inline 303 | logging.info(f"No recon scope {scope['name']} resolve all domains at once...") 304 | scope_subs_now = dnsx(scope['domains']) 305 | scope_update(scope_subs_now, scope['name']) 306 | subs_now.extend(scope_subs_now) 307 | logging.info(f"{scope['name']} {len(scope_subs_now)} resolved domains") 308 | 309 | #process recon domains 310 | logging.info(f"Recon flow on {len(recon_domains)} domains...") 311 | recon_domains = list(recon_domains) 312 | random.shuffle(recon_domains) 313 | allc = len(recon_domains) 314 | chunks_num, chunk_size = chunk_size_calc(allc) 315 | chi = 1 316 | for i in range(0, allc, chunk_size): 317 | logging.info(f"Start recon chunk {chi}/{chunks_num} size {chunk_size}") 318 | chunk = recon_domains[i:i+chunk_size] 319 | recon_subs = domain_purespray(chunk, old_scopes_subs, 320 | config['dnsgen']['max'] if args.dns_alts else 0, 321 | config['wordlist'] if args.dns_brute else None, 322 | config['puredns']['timeout'], 323 | ) 324 | chi += 1 325 | logging.info(f"checking for subdomains weird results") 326 | recon_subs, _ = threshold_filter(recon_subs, "parent_host", config['sub_domains_weird_threshold']) 327 | #TODO: shuffledns on filtered 328 | # dnsx 329 | recon_subs = dnsx([x['host'] for x in recon_subs]) 330 | # set scope 331 | domains_setscope(recon_subs, scopes) 332 | #log unknown domains !!! and remove it 333 | unknown_domains = list([ d for d in recon_subs if d["scope"] == "unknown" ]) 334 | if unknown_domains: 335 | logging.info(f"Unknown domains found !") 336 | for d in unknown_domains: 337 | logging.info(str(d)) 338 | recon_subs.remove(d) 339 | #TODO: db inplace ? 340 | subs_now.extend(recon_subs) 341 | 342 | #remove new from old we are intersecting on changed subs !!! 343 | logging.info(f"db_get_modified on {len(subs_now)} domains") 344 | new_scopes_subs = list(db_get_modified_domains (subs_now, db['domains'])) 345 | new_hosts = set([n['host'] for n in new_scopes_subs]) 346 | old_scopes_subs = list(filter( lambda o: o['host'] not in new_hosts, old_scopes_subs)) 347 | logging.info(f"{len(new_scopes_subs)} new/changed subdomains found!") 348 | 349 | # new and modified subdomains 350 | if len(new_scopes_subs) > 0: 351 | juicer(new_scopes_subs, domain_validators, scopes, config['juicer_filters']) 352 | domains_print_func = lambda x: f"{x['host']} {x.get('a_rev', '')} [{x['juicy_info']}]" 353 | notify_by_weight(new_scopes_subs, "domain(s)", domains_print_func) 354 | 355 | new_port_probes = [] 356 | if args.ports: 357 | # otherports 358 | port_max = small_scopes_slice(new_scopes_subs, scopes, config['nuclei_one_time_max']) 359 | port_probes = list(portprobes(port_max, config['naabu']['ports_onnew'])) 360 | port_probes, _ = threshold_filter(port_probes, "host", config['ports_weird_threshold']) 361 | new_port_probes = db_get_modified(port_probes, db['ports'], ['host','port'], ['host','ip','port','scope'], compare.port ) 362 | #new ports only notify 363 | new_port_probes = list(new_port_probes) 364 | notify_ports(new_port_probes) 365 | # port checks 366 | new_ports_workflow(new_port_probes) 367 | new_scopes_subs.extend(port_probes) #all(old,new) ports on new/changed subdomain 368 | 369 | sites_workflow(new_scopes_subs, config['httpx']['threads_onnew']) 370 | 371 | #ports on old subdomains 372 | new_port_probes = [] 373 | if args.ports_olds: 374 | # otherports 375 | port_probes = list(portprobes(old_scopes_subs, config['naabu']['ports'])) 376 | port_probes, _ = threshold_filter(port_probes, "host", config['ports_weird_threshold']) 377 | new_port_probes = db_get_modified(port_probes, db['ports'], ['host','port'], ['host','ip','port','scope'], compare.port ) 378 | #new ports notify 379 | new_port_probes = list(new_port_probes) 380 | notify_ports(new_port_probes) 381 | # port checks 382 | new_ports_workflow(new_port_probes) 383 | #add new ports 384 | old_scopes_subs.extend(new_port_probes) 385 | 386 | #old subdomains 387 | if args.workflow_olds: 388 | logging.info("Check old subdomains (--workflow-olds)") 389 | sites_workflow(old_scopes_subs, config['httpx']['threads']) 390 | 391 | #it make sense only after worflow_olds (all new scanned activelly) 392 | if args.passive: 393 | logging.info("nuclei passive on all probes (it makes sense only after worflow_olds) ") 394 | #project for collate scope on finded 395 | q = {"scope": {"$in": list([s["name"] for s in scopes])}} 396 | project = {"url": 1, "input": 1, "scope": 1} 397 | #http_probes include ports too 398 | passive_workflow( list(db['http_probes'].find(q, project)) ) 399 | 400 | 401 | def main_gc(): 402 | ''' 403 | Garbage collector: 404 | - del old httprobes 405 | ''' 406 | httprobe_dirs = os.listdir('httprobes') 407 | httprobe_dirs.sort() 408 | while len(httprobe_dirs) > config['httprobes_history']: 409 | dir_todel = "httprobes/" + httprobe_dirs.pop(0) 410 | logging.info(f"Deleting {dir_todel}") 411 | shutil.rmtree(dir_todel, ignore_errors=True) 412 | 413 | #tmp dir 414 | tmp_dirs = os.listdir('tmp') 415 | tmp_dirs.sort() 416 | while len(tmp_dirs) > config['httprobes_history']: 417 | dir_todel = "tmp/" + tmp_dirs.pop(0) 418 | logging.info(f"Deleting {dir_todel}") 419 | shutil.rmtree(dir_todel, ignore_errors=True) 420 | 421 | 422 | if __name__ == "__main__": 423 | args = cli_args() 424 | try: 425 | os.makedirs(glob.httprobes_savedir, exist_ok=True) 426 | os.makedirs(glob.tmp_dir, exist_ok=True) 427 | main() 428 | main_gc() 429 | except Exception as x: 430 | traceback.print_exc() 431 | alerter.notify(f"Error at subs.py\n{str(x)}") 432 | finally: 433 | db.client.close() 434 | -------------------------------------------------------------------------------- /example/subdomains-top1million-5000.txt: -------------------------------------------------------------------------------- 1 | www 2 | mail 3 | ftp 4 | localhost 5 | webmail 6 | smtp 7 | webdisk 8 | pop 9 | cpanel 10 | whm 11 | ns1 12 | ns2 13 | autodiscover 14 | autoconfig 15 | ns 16 | test 17 | m 18 | blog 19 | dev 20 | www2 21 | ns3 22 | pop3 23 | forum 24 | admin 25 | mail2 26 | vpn 27 | mx 28 | imap 29 | old 30 | new 31 | mobile 32 | mysql 33 | beta 34 | support 35 | cp 36 | secure 37 | shop 38 | demo 39 | dns2 40 | ns4 41 | dns1 42 | static 43 | lists 44 | web 45 | www1 46 | img 47 | news 48 | portal 49 | server 50 | wiki 51 | api 52 | media 53 | images 54 | www.blog 55 | backup 56 | dns 57 | sql 58 | intranet 59 | www.forum 60 | www.test 61 | stats 62 | host 63 | video 64 | mail1 65 | mx1 66 | www3 67 | staging 68 | www.m 69 | sip 70 | chat 71 | search 72 | crm 73 | mx2 74 | ads 75 | ipv4 76 | remote 77 | email 78 | my 79 | wap 80 | svn 81 | store 82 | cms 83 | download 84 | proxy 85 | www.dev 86 | mssql 87 | apps 88 | dns3 89 | exchange 90 | mail3 91 | forums 92 | ns5 93 | db 94 | office 95 | live 96 | files 97 | info 98 | owa 99 | monitor 100 | helpdesk 101 | panel 102 | sms 103 | newsletter 104 | ftp2 105 | web1 106 | web2 107 | upload 108 | home 109 | bbs 110 | login 111 | app 112 | en 113 | blogs 114 | it 115 | cdn 116 | stage 117 | gw 118 | dns4 119 | www.demo 120 | ssl 121 | cn 122 | smtp2 123 | vps 124 | ns6 125 | relay 126 | online 127 | service 128 | test2 129 | radio 130 | ntp 131 | library 132 | help 133 | www4 134 | members 135 | tv 136 | www.shop 137 | extranet 138 | hosting 139 | ldap 140 | services 141 | webdisk.blog 142 | s1 143 | i 144 | survey 145 | s 146 | www.mail 147 | www.new 148 | c-n7k-v03-01.rz 149 | data 150 | docs 151 | c-n7k-n04-01.rz 152 | ad 153 | legacy 154 | router 155 | de 156 | meet 157 | cs 158 | av 159 | sftp 160 | server1 161 | stat 162 | moodle 163 | facebook 164 | test1 165 | photo 166 | partner 167 | nagios 168 | mrtg 169 | s2 170 | mailadmin 171 | dev2 172 | ts 173 | autoconfig.blog 174 | autodiscover.blog 175 | games 176 | jobs 177 | image 178 | host2 179 | gateway 180 | preview 181 | www.support 182 | im 183 | ssh 184 | correo 185 | control 186 | ns0 187 | vpn2 188 | cloud 189 | archive 190 | citrix 191 | webdisk.m 192 | voip 193 | connect 194 | game 195 | smtp1 196 | access 197 | lib 198 | www5 199 | gallery 200 | redmine 201 | es 202 | irc 203 | stream 204 | qa 205 | dl 206 | billing 207 | construtor 208 | lyncdiscover 209 | painel 210 | fr 211 | projects 212 | a 213 | pgsql 214 | mail4 215 | tools 216 | iphone 217 | server2 218 | dbadmin 219 | manage 220 | jabber 221 | music 222 | webmail2 223 | www.beta 224 | mailer 225 | phpmyadmin 226 | t 227 | reports 228 | rss 229 | pgadmin 230 | images2 231 | mx3 232 | www.webmail 233 | ws 234 | content 235 | sv 236 | web3 237 | community 238 | poczta 239 | www.mobile 240 | ftp1 241 | dialin 242 | us 243 | sp 244 | panelstats 245 | vip 246 | cacti 247 | s3 248 | alpha 249 | videos 250 | ns7 251 | promo 252 | testing 253 | sharepoint 254 | marketing 255 | sitedefender 256 | member 257 | webdisk.dev 258 | emkt 259 | training 260 | edu 261 | autoconfig.m 262 | git 263 | autodiscover.m 264 | catalog 265 | webdisk.test 266 | job 267 | ww2 268 | www.news 269 | sandbox 270 | elearning 271 | fb 272 | webmail.cp 273 | downloads 274 | speedtest 275 | design 276 | staff 277 | master 278 | panelstatsmail 279 | v2 280 | db1 281 | mailserver 282 | builder.cp 283 | travel 284 | mirror 285 | ca 286 | sso 287 | tickets 288 | alumni 289 | sitebuilder 290 | www.admin 291 | auth 292 | jira 293 | ns8 294 | partners 295 | ml 296 | list 297 | images1 298 | club 299 | business 300 | update 301 | fw 302 | devel 303 | local 304 | wp 305 | streaming 306 | zeus 307 | images3 308 | adm 309 | img2 310 | gate 311 | pay 312 | file 313 | seo 314 | status 315 | share 316 | maps 317 | zimbra 318 | webdisk.forum 319 | trac 320 | oa 321 | sales 322 | post 323 | events 324 | project 325 | xml 326 | wordpress 327 | images4 328 | main 329 | english 330 | e 331 | img1 332 | db2 333 | time 334 | redirect 335 | go 336 | bugs 337 | direct 338 | www6 339 | social 340 | www.old 341 | development 342 | calendar 343 | www.forums 344 | ru 345 | www.wiki 346 | monitoring 347 | hermes 348 | photos 349 | bb 350 | mx01 351 | mail5 352 | temp 353 | map 354 | ns10 355 | tracker 356 | sport 357 | uk 358 | hr 359 | autodiscover.test 360 | conference 361 | free 362 | autoconfig.test 363 | client 364 | vpn1 365 | autodiscover.dev 366 | b2b 367 | autoconfig.dev 368 | noc 369 | webconf 370 | ww 371 | payment 372 | firewall 373 | intra 374 | rt 375 | v 376 | clients 377 | www.store 378 | gis 379 | m2 380 | event 381 | origin 382 | site 383 | domain 384 | barracuda 385 | link 386 | ns11 387 | internal 388 | dc 389 | smtp3 390 | zabbix 391 | mdm 392 | assets 393 | images6 394 | www.ads 395 | mars 396 | mail01 397 | pda 398 | images5 399 | c 400 | ns01 401 | tech 402 | ms 403 | images7 404 | autoconfig.forum 405 | public 406 | css 407 | autodiscover.forum 408 | webservices 409 | www.video 410 | web4 411 | orion 412 | pm 413 | fs 414 | w3 415 | student 416 | www.chat 417 | domains 418 | book 419 | lab 420 | o1.email 421 | server3 422 | img3 423 | kb 424 | faq 425 | health 426 | in 427 | board 428 | vod 429 | www.my 430 | cache 431 | atlas 432 | php 433 | images8 434 | wwww 435 | voip750101.pg6.sip 436 | cas 437 | origin-www 438 | cisco 439 | banner 440 | mercury 441 | w 442 | directory 443 | mailhost 444 | test3 445 | shopping 446 | webdisk.demo 447 | ip 448 | market 449 | pbx 450 | careers 451 | auto 452 | idp 453 | ticket 454 | js 455 | ns9 456 | outlook 457 | foto 458 | www.en 459 | pro 460 | mantis 461 | spam 462 | movie 463 | s4 464 | lync 465 | jupiter 466 | dev1 467 | erp 468 | register 469 | adv 470 | b 471 | corp 472 | sc 473 | ns12 474 | images0 475 | enet1 476 | mobil 477 | lms 478 | net 479 | storage 480 | ss 481 | ns02 482 | work 483 | webcam 484 | www7 485 | report 486 | admin2 487 | p 488 | nl 489 | love 490 | pt 491 | manager 492 | d 493 | cc 494 | android 495 | linux 496 | reseller 497 | agent 498 | web01 499 | sslvpn 500 | n 501 | thumbs 502 | links 503 | mailing 504 | hotel 505 | pma 506 | press 507 | venus 508 | finance 509 | uesgh2x 510 | nms 511 | ds 512 | joomla 513 | doc 514 | flash 515 | research 516 | dashboard 517 | track 518 | www.img 519 | x 520 | rs 521 | edge 522 | deliver 523 | sync 524 | oldmail 525 | da 526 | order 527 | eng 528 | testbrvps 529 | user 530 | radius 531 | star 532 | labs 533 | top 534 | srv1 535 | mailers 536 | mail6 537 | pub 538 | host3 539 | reg 540 | lb 541 | log 542 | books 543 | phoenix 544 | drupal 545 | affiliate 546 | www.wap 547 | webdisk.support 548 | www.secure 549 | cvs 550 | st 551 | wksta1 552 | saturn 553 | logos 554 | preprod 555 | m1 556 | backup2 557 | opac 558 | core 559 | vc 560 | mailgw 561 | pluto 562 | ar 563 | software 564 | jp 565 | srv 566 | newsite 567 | www.members 568 | openx 569 | otrs 570 | titan 571 | soft 572 | analytics 573 | code 574 | mp3 575 | sports 576 | stg 577 | whois 578 | apollo 579 | web5 580 | ftp3 581 | www.download 582 | mm 583 | art 584 | host1 585 | www8 586 | www.radio 587 | demo2 588 | click 589 | smail 590 | w2 591 | feeds 592 | g 593 | education 594 | affiliates 595 | kvm 596 | sites 597 | mx4 598 | autoconfig.demo 599 | controlpanel 600 | autodiscover.demo 601 | tr 602 | ebook 603 | www.crm 604 | hn 605 | black 606 | mcp 607 | adserver 608 | www.staging 609 | static1 610 | webservice 611 | f 612 | develop 613 | sa 614 | katalog 615 | as 616 | smart 617 | pr 618 | account 619 | mon 620 | munin 621 | www.games 622 | www.media 623 | cam 624 | school 625 | r 626 | mc 627 | id 628 | network 629 | www.live 630 | forms 631 | math 632 | mb 633 | maintenance 634 | pic 635 | agk 636 | phone 637 | bt 638 | sm 639 | demo1 640 | ns13 641 | tw 642 | ps 643 | dev3 644 | tracking 645 | green 646 | users 647 | int 648 | athena 649 | www.static 650 | www.info 651 | security 652 | mx02 653 | prod 654 | 1 655 | team 656 | transfer 657 | www.facebook 658 | www10 659 | v1 660 | google 661 | proxy2 662 | feedback 663 | vpgk 664 | auction 665 | view 666 | biz 667 | vpproxy 668 | secure2 669 | www.it 670 | newmail 671 | sh 672 | mobi 673 | wm 674 | mailgate 675 | dms 676 | 11192521404255 677 | autoconfig.support 678 | play 679 | 11192521403954 680 | start 681 | life 682 | autodiscover.support 683 | antispam 684 | cm 685 | booking 686 | iris 687 | www.portal 688 | hq 689 | gc._msdcs 690 | neptune 691 | terminal 692 | vm 693 | pool 694 | gold 695 | gaia 696 | internet 697 | sklep 698 | ares 699 | poseidon 700 | relay2 701 | up 702 | resources 703 | is 704 | mall 705 | traffic 706 | webdisk.mail 707 | www.api 708 | join 709 | smtp4 710 | www9 711 | w1 712 | upl 713 | ci 714 | gw2 715 | open 716 | audio 717 | fax 718 | alfa 719 | www.images 720 | alex 721 | spb 722 | xxx 723 | ac 724 | edm 725 | mailout 726 | webtest 727 | nfs01.jc 728 | me 729 | sun 730 | virtual 731 | spokes 732 | ns14 733 | webserver 734 | mysql2 735 | tour 736 | igk 737 | wifi 738 | pre 739 | abc 740 | corporate 741 | adfs 742 | srv2 743 | delta 744 | loopback 745 | magento 746 | br 747 | campus 748 | law 749 | global 750 | s5 751 | web6 752 | orange 753 | awstats 754 | static2 755 | learning 756 | www.seo 757 | china 758 | gs 759 | www.gallery 760 | tmp 761 | ezproxy 762 | darwin 763 | bi 764 | best 765 | mail02 766 | studio 767 | sd 768 | signup 769 | dir 770 | server4 771 | archives 772 | golf 773 | omega 774 | vps2 775 | sg 776 | ns15 777 | win 778 | real 779 | www.stats 780 | c1 781 | eshop 782 | piwik 783 | geo 784 | mis 785 | proxy1 786 | web02 787 | pascal 788 | lb1 789 | app1 790 | mms 791 | apple 792 | confluence 793 | sns 794 | learn 795 | classifieds 796 | pics 797 | gw1 798 | www.cdn 799 | rp 800 | matrix 801 | repository 802 | updates 803 | se 804 | developer 805 | meeting 806 | twitter 807 | artemis 808 | au 809 | cat 810 | system 811 | ce 812 | ecommerce 813 | sys 814 | ra 815 | orders 816 | sugar 817 | ir 818 | wwwtest 819 | bugzilla 820 | listserv 821 | www.tv 822 | vote 823 | webmaster 824 | webdev 825 | sam 826 | www.de 827 | vps1 828 | contact 829 | galleries 830 | history 831 | journal 832 | hotels 833 | www.newsletter 834 | podcast 835 | dating 836 | sub 837 | www.jobs 838 | www.intranet 839 | www.email 840 | mt 841 | science 842 | counter 843 | dns5 844 | 2 845 | people 846 | ww3 847 | www.es 848 | ntp1 849 | vcenter 850 | test5 851 | radius1 852 | ocs 853 | power 854 | pg 855 | pl 856 | magazine 857 | sts 858 | fms 859 | customer 860 | wsus 861 | bill 862 | www.hosting 863 | vega 864 | nat 865 | sirius 866 | lg 867 | 11285521401250 868 | sb 869 | hades 870 | students 871 | uat 872 | conf 873 | ap 874 | uxr4 875 | eu 876 | moon 877 | www.search 878 | checksrv 879 | hydra 880 | usa 881 | digital 882 | wireless 883 | banners 884 | md 885 | mysite 886 | webmail1 887 | windows 888 | traveler 889 | www.poczta 890 | hrm 891 | database 892 | mysql1 893 | inside 894 | debian 895 | pc 896 | ask 897 | backend 898 | cz 899 | mx0 900 | mini 901 | autodiscover.mail 902 | rb 903 | webdisk.shop 904 | mba 905 | www.help 906 | www.sms 907 | test4 908 | dm 909 | subscribe 910 | sf 911 | passport 912 | red 913 | video2 914 | ag 915 | autoconfig.mail 916 | all.edge 917 | registration 918 | ns16 919 | camera 920 | myadmin 921 | ns20 922 | uxr3 923 | mta 924 | beauty 925 | fw1 926 | epaper 927 | central 928 | cert 929 | backoffice 930 | biblioteca 931 | mob 932 | about 933 | space 934 | movies 935 | u 936 | ms1 937 | ec 938 | forum2 939 | server5 940 | money 941 | radius2 942 | print 943 | ns18 944 | thunder 945 | nas 946 | ww1 947 | webdisk.webmail 948 | edit 949 | www.music 950 | planet 951 | m3 952 | vstagingnew 953 | app2 954 | repo 955 | prueba 956 | house 957 | ntp2 958 | dragon 959 | pandora 960 | stock 961 | form 962 | pp 963 | www.sport 964 | physics 965 | food 966 | groups 967 | antivirus 968 | profile 969 | www.online 970 | stream2 971 | hp 972 | d1 973 | nhko1111 974 | logs 975 | eagle 976 | v3 977 | mail7 978 | gamma 979 | career 980 | vpn3 981 | ipad 982 | dom 983 | webdisk.store 984 | iptv 985 | www.promo 986 | hd 987 | mag 988 | box 989 | talk 990 | hera 991 | f1 992 | www.katalog 993 | syslog 994 | fashion 995 | t1 996 | 2012 997 | soporte 998 | teste 999 | scripts 1000 | welcome 1001 | hk 1002 | paris 1003 | www.game 1004 | multimedia 1005 | neo 1006 | beta2 1007 | msg 1008 | io 1009 | portal2 1010 | sky 1011 | webdisk.beta 1012 | web7 1013 | exam 1014 | cluster 1015 | webdisk.new 1016 | img4 1017 | surveys 1018 | webmail.controlpanel 1019 | error 1020 | private 1021 | bo 1022 | kids 1023 | card 1024 | vmail 1025 | switch 1026 | messenger 1027 | cal 1028 | plus 1029 | cars 1030 | management 1031 | feed 1032 | xmpp 1033 | ns51 1034 | premium 1035 | www.apps 1036 | backup1 1037 | asp 1038 | ns52 1039 | website 1040 | pos 1041 | lb2 1042 | www.foto 1043 | ws1 1044 | domino 1045 | mailman 1046 | asterisk 1047 | weather 1048 | max 1049 | ma 1050 | node1 1051 | webapps 1052 | white 1053 | ns17 1054 | cdn2 1055 | dealer 1056 | pms 1057 | tg 1058 | gps 1059 | www.travel 1060 | listas 1061 | chelyabinsk-rnoc-rr02.backbone 1062 | hub 1063 | demo3 1064 | minecraft 1065 | ns22 1066 | hw70f395eb456e 1067 | dns01 1068 | wpad 1069 | nm 1070 | ch 1071 | www.catalog 1072 | ns21 1073 | web03 1074 | www.videos 1075 | rc 1076 | www.web 1077 | gemini 1078 | bm 1079 | lp 1080 | pdf 1081 | webapp 1082 | noticias 1083 | myaccount 1084 | sql1 1085 | hercules 1086 | ct 1087 | fc 1088 | mail11 1089 | pptp 1090 | contest 1091 | www.us 1092 | msk 1093 | widget 1094 | study 1095 | 11290521402560 1096 | posta 1097 | ee 1098 | realestate 1099 | out 1100 | galaxy 1101 | kms 1102 | thor 1103 | world 1104 | webdisk.mobile 1105 | www.test2 1106 | base 1107 | cd 1108 | relay1 1109 | taurus 1110 | cgi 1111 | www0 1112 | res 1113 | d2 1114 | intern 1115 | c2 1116 | webdav 1117 | mail10 1118 | robot 1119 | vcs 1120 | am 1121 | dns02 1122 | group 1123 | silver 1124 | www.dl 1125 | adsl 1126 | ids 1127 | ex 1128 | ariel 1129 | i2 1130 | trade 1131 | ims 1132 | king 1133 | www.fr 1134 | sistemas 1135 | ecard 1136 | themes 1137 | builder.controlpanel 1138 | blue 1139 | z 1140 | securemail 1141 | www-test 1142 | wmail 1143 | 123 1144 | sonic 1145 | netflow 1146 | enterprise 1147 | extra 1148 | webdesign 1149 | reporting 1150 | libguides 1151 | oldsite 1152 | autodiscover.secure 1153 | check 1154 | webdisk.secure 1155 | luna 1156 | www11 1157 | down 1158 | odin 1159 | ent 1160 | web10 1161 | international 1162 | fw2 1163 | leo 1164 | pegasus 1165 | mailbox 1166 | aaa 1167 | com 1168 | acs 1169 | vdi 1170 | inventory 1171 | simple 1172 | e-learning 1173 | fire 1174 | cb 1175 | edi 1176 | rsc 1177 | yellow 1178 | www.sklep 1179 | www.social 1180 | webmail.cpanel 1181 | act 1182 | bc 1183 | portfolio 1184 | hb 1185 | smtp01 1186 | cafe 1187 | nexus 1188 | www.edu 1189 | ping 1190 | movil 1191 | as2 1192 | builder.control 1193 | autoconfig.secure 1194 | payments 1195 | cdn1 1196 | srv3 1197 | openvpn 1198 | tm 1199 | cisco-capwap-controller 1200 | dolphin 1201 | webmail3 1202 | minerva 1203 | co 1204 | wwwold 1205 | hotspot 1206 | super 1207 | products 1208 | nova 1209 | r1 1210 | blackberry 1211 | mike 1212 | pe 1213 | acc 1214 | lion 1215 | tp 1216 | tiger 1217 | stream1 1218 | www12 1219 | admin1 1220 | mx5 1221 | server01 1222 | webdisk.forums 1223 | notes 1224 | suporte 1225 | focus 1226 | km 1227 | speed 1228 | rd 1229 | lyncweb 1230 | builder.cpanel 1231 | pa 1232 | mx10 1233 | www.files 1234 | fi 1235 | konkurs 1236 | broadcast 1237 | a1 1238 | build 1239 | earth 1240 | webhost 1241 | www.blogs 1242 | aurora 1243 | review 1244 | mg 1245 | license 1246 | homer 1247 | servicedesk 1248 | webcon 1249 | db01 1250 | dns6 1251 | cfd297 1252 | spider 1253 | expo 1254 | newsletters 1255 | h 1256 | ems 1257 | city 1258 | lotus 1259 | fun 1260 | autoconfig.webmail 1261 | statistics 1262 | ams 1263 | all.videocdn 1264 | autodiscover.shop 1265 | autoconfig.shop 1266 | tfs 1267 | www.billing 1268 | happy 1269 | cl 1270 | sigma 1271 | jwc 1272 | dream 1273 | sv2 1274 | wms 1275 | one 1276 | ls 1277 | europa 1278 | ldap2 1279 | a4 1280 | merlin 1281 | buy 1282 | web11 1283 | dk 1284 | autodiscover.webmail 1285 | ro 1286 | widgets 1287 | sql2 1288 | mysql3 1289 | gmail 1290 | selfservice 1291 | sdc 1292 | tt 1293 | mailrelay 1294 | a.ns 1295 | ns19 1296 | webstats 1297 | plesk 1298 | nsk 1299 | test6 1300 | class 1301 | agenda 1302 | adam 1303 | german 1304 | www.v2 1305 | renew 1306 | car 1307 | correio 1308 | bk 1309 | db3 1310 | voice 1311 | sentry 1312 | alt 1313 | demeter 1314 | www.projects 1315 | mail8 1316 | bounce 1317 | tc 1318 | oldwww 1319 | www.directory 1320 | uploads 1321 | carbon 1322 | all 1323 | mark 1324 | bbb 1325 | eco 1326 | 3g 1327 | testmail 1328 | ms2 1329 | node2 1330 | template 1331 | andromeda 1332 | www.photo 1333 | media2 1334 | articles 1335 | yoda 1336 | sec 1337 | active 1338 | nemesis 1339 | autoconfig.new 1340 | autodiscover.new 1341 | push 1342 | enews 1343 | advertising 1344 | mail9 1345 | api2 1346 | david 1347 | source 1348 | kino 1349 | prime 1350 | o 1351 | vb 1352 | testsite 1353 | fm 1354 | c4anvn3 1355 | samara 1356 | reklama 1357 | made.by 1358 | sis 1359 | q 1360 | mp 1361 | newton 1362 | elearn 1363 | autodiscover.beta 1364 | cursos 1365 | filter 1366 | autoconfig.beta 1367 | news2 1368 | mf 1369 | ubuntu 1370 | ed 1371 | zs 1372 | a.mx 1373 | center 1374 | www.sandbox 1375 | img5 1376 | translate 1377 | webmail.control 1378 | mail0 1379 | smtp02 1380 | s6 1381 | dallas 1382 | bob 1383 | autoconfig.store 1384 | stu 1385 | recruit 1386 | mailtest 1387 | reviews 1388 | autodiscover.store 1389 | 2011 1390 | www.iphone 1391 | fp 1392 | d3 1393 | rdp 1394 | www.design 1395 | test7 1396 | bg 1397 | console 1398 | outbound 1399 | jpkc 1400 | ext 1401 | invest 1402 | web8 1403 | testvb 1404 | vm1 1405 | family 1406 | insurance 1407 | atlanta 1408 | aqua 1409 | film 1410 | dp 1411 | ws2 1412 | webdisk.cdn 1413 | www.wordpress 1414 | webdisk.news 1415 | at 1416 | ocean 1417 | dr 1418 | yahoo 1419 | s8 1420 | host2123 1421 | libra 1422 | rose 1423 | cloud1 1424 | album 1425 | 3 1426 | antares 1427 | www.a 1428 | ipv6 1429 | bridge 1430 | demos 1431 | cabinet 1432 | crl 1433 | old2 1434 | angel 1435 | cis 1436 | www.panel 1437 | isis 1438 | s7 1439 | guide 1440 | webinar 1441 | pop2 1442 | cdn101 1443 | company 1444 | express 1445 | special 1446 | loki 1447 | accounts 1448 | video1 1449 | expert 1450 | clientes 1451 | p1 1452 | loja 1453 | blog2 1454 | img6 1455 | l 1456 | mail12 1457 | style 1458 | hcm 1459 | s11 1460 | mobile2 1461 | triton 1462 | s12 1463 | kr 1464 | www.links 1465 | s13 1466 | friends 1467 | www.office 1468 | shadow 1469 | mymail 1470 | autoconfig.forums 1471 | ns03 1472 | neu 1473 | autodiscover.forums 1474 | www.home 1475 | root 1476 | upgrade 1477 | puppet 1478 | storm 1479 | www.service 1480 | isp 1481 | get 1482 | foro 1483 | mytest 1484 | test10 1485 | desktop 1486 | po 1487 | mac 1488 | www.member 1489 | ph 1490 | blackboard 1491 | dspace 1492 | dev01 1493 | ftp4 1494 | testwww 1495 | presse 1496 | ldap1 1497 | rock 1498 | wow 1499 | sw 1500 | msn 1501 | mas 1502 | scm 1503 | its 1504 | vision 1505 | tms 1506 | www.wp 1507 | hyperion 1508 | nic 1509 | html 1510 | sale 1511 | isp-caledon.cit 1512 | www.go 1513 | do 1514 | media1 1515 | web9 1516 | ua 1517 | energy 1518 | helios 1519 | chicago 1520 | webftp 1521 | i1 1522 | commerce 1523 | www.ru 1524 | union 1525 | netmon 1526 | audit 1527 | vm2 1528 | mailx 1529 | web12 1530 | painelstats 1531 | sol 1532 | z-hn.nhac 1533 | kvm2 1534 | chris 1535 | www.board 1536 | apache 1537 | tube 1538 | marvin 1539 | bug 1540 | external 1541 | pki 1542 | viper 1543 | webadmin 1544 | production 1545 | r2 1546 | win2 1547 | vpstun 1548 | mx03 1549 | ios 1550 | www.uk 1551 | smile 1552 | www.fb 1553 | aa 1554 | www13 1555 | trinity 1556 | www.upload 1557 | www.testing 1558 | amazon 1559 | hosting2 1560 | bip 1561 | mw 1562 | www.health 1563 | india 1564 | web04 1565 | rainbow 1566 | cisco-lwapp-controller 1567 | uranus 1568 | qr 1569 | domaindnszones 1570 | editor 1571 | www.stage 1572 | manual 1573 | nice 1574 | robin 1575 | gandalf 1576 | j 1577 | buzz 1578 | password 1579 | autoconfig.mobile 1580 | gb 1581 | idea 1582 | eva 1583 | www.i 1584 | server6 1585 | www.job 1586 | results 1587 | www.test1 1588 | maya 1589 | pix 1590 | www.cn 1591 | gz 1592 | th 1593 | www.lib 1594 | autodiscover.mobile 1595 | b1 1596 | horus 1597 | zero 1598 | sv1 1599 | wptest 1600 | cart 1601 | brain 1602 | mbox 1603 | bd 1604 | tester 1605 | fotos 1606 | ess 1607 | ns31 1608 | blogx.dev 1609 | ceres 1610 | gatekeeper 1611 | csr 1612 | www.cs 1613 | sakura 1614 | chef 1615 | parking 1616 | idc 1617 | desarrollo 1618 | mirrors 1619 | sunny 1620 | kvm1 1621 | prtg 1622 | mo 1623 | dns0 1624 | chaos 1625 | avatar 1626 | alice 1627 | task 1628 | www.app 1629 | dev4 1630 | sl 1631 | sugarcrm 1632 | youtube 1633 | ic-vss6509-gw 1634 | simon 1635 | m4 1636 | dexter 1637 | crystal 1638 | terra 1639 | fa 1640 | server7 1641 | journals 1642 | iron 1643 | uc 1644 | pruebas 1645 | magic 1646 | ead 1647 | www.helpdesk 1648 | 4 1649 | server10 1650 | computer 1651 | galileo 1652 | delivery 1653 | aff 1654 | aries 1655 | www.development 1656 | el 1657 | livechat 1658 | host4 1659 | static3 1660 | www.free 1661 | sk 1662 | puma 1663 | coffee 1664 | gh 1665 | java 1666 | fish 1667 | templates 1668 | tarbaby 1669 | mtest 1670 | light 1671 | www.link 1672 | sas 1673 | poll 1674 | director 1675 | destiny 1676 | aquarius 1677 | vps3 1678 | bravo 1679 | freedom 1680 | boutique 1681 | lite 1682 | ns25 1683 | shop2 1684 | ic 1685 | foundation 1686 | cw 1687 | ras 1688 | park 1689 | next 1690 | diana 1691 | secure1 1692 | k 1693 | euro 1694 | managedomain 1695 | castor 1696 | www-old 1697 | charon 1698 | nas1 1699 | la 1700 | jw 1701 | s10 1702 | web13 1703 | mxbackup2 1704 | europe 1705 | oasis 1706 | donate 1707 | s9 1708 | ftps 1709 | falcon 1710 | depot 1711 | genesis 1712 | mysql4 1713 | rms 1714 | ns30 1715 | www.drupal 1716 | wholesale 1717 | forestdnszones 1718 | www.alumni 1719 | marketplace 1720 | tesla 1721 | statistik 1722 | country 1723 | imap4 1724 | brand 1725 | gift 1726 | shell 1727 | www.dev2 1728 | apply 1729 | nc 1730 | kronos 1731 | epsilon 1732 | testserver 1733 | smtp-out 1734 | pictures 1735 | autos 1736 | org 1737 | mysql5 1738 | france 1739 | shared 1740 | cf 1741 | sos 1742 | stun 1743 | channel 1744 | 2013 1745 | moto 1746 | pw 1747 | oc.pool 1748 | eu.pool 1749 | na.pool 1750 | cams 1751 | www.auto 1752 | pi 1753 | image2 1754 | test8 1755 | hi 1756 | casino 1757 | magazin 1758 | wwwhost-roe001 1759 | z-hcm.nhac 1760 | trial 1761 | cam1 1762 | victor 1763 | sig 1764 | ctrl 1765 | wwwhost-ox001 1766 | weblog 1767 | rds 1768 | first 1769 | farm 1770 | whatsup 1771 | panda 1772 | dummy 1773 | stream.origin 1774 | canada 1775 | wc 1776 | flv 1777 | www.top 1778 | emerald 1779 | sim 1780 | ace 1781 | sap 1782 | ga 1783 | bank 1784 | et 1785 | soap 1786 | guest 1787 | mdev 1788 | www.client 1789 | www.partner 1790 | easy 1791 | st1 1792 | webvpn 1793 | baby 1794 | s14 1795 | delivery.a 1796 | wwwhost-port001 1797 | hideip 1798 | graphics 1799 | webshop 1800 | catalogue 1801 | tom 1802 | rm 1803 | perm 1804 | www.ad 1805 | ad1 1806 | mail03 1807 | www.sports 1808 | water 1809 | intranet2 1810 | autodiscover.news 1811 | bj 1812 | nsb 1813 | charge 1814 | export 1815 | testweb 1816 | sample 1817 | quit 1818 | proxy3 1819 | email2 1820 | b2 1821 | servicios 1822 | novo 1823 | new2 1824 | meta 1825 | secure3 1826 | ajax 1827 | autoconfig.news 1828 | ghost 1829 | www.cp 1830 | good 1831 | bookstore 1832 | kiwi 1833 | ft 1834 | demo4 1835 | www.archive 1836 | squid 1837 | publish 1838 | west 1839 | football 1840 | printer 1841 | cv 1842 | ny 1843 | boss 1844 | smtp5 1845 | rsync 1846 | sip2 1847 | ks 1848 | leon 1849 | a3 1850 | mta1 1851 | epay 1852 | tst 1853 | mgmt 1854 | deals 1855 | dropbox 1856 | www.books 1857 | 2010 1858 | torrent 1859 | webdisk.ads 1860 | mx6 1861 | www.art 1862 | chem 1863 | iproxy 1864 | www.pay 1865 | anime 1866 | ccc 1867 | anna 1868 | ns23 1869 | hs 1870 | cg 1871 | acm 1872 | pollux 1873 | lt 1874 | meteo 1875 | owncloud 1876 | andrew 1877 | v4 1878 | www-dev 1879 | oxygen 1880 | jaguar 1881 | panther 1882 | personal 1883 | ab 1884 | dcp 1885 | med 1886 | www.joomla 1887 | john 1888 | watson 1889 | motor 1890 | mails 1891 | kiev 1892 | asia 1893 | campaign 1894 | win1 1895 | cards 1896 | fantasy 1897 | tj 1898 | martin 1899 | helium 1900 | nfs 1901 | ads2 1902 | script 1903 | anubis 1904 | imail 1905 | cp2 1906 | mk 1907 | bw 1908 | em 1909 | creative 1910 | www.elearning 1911 | ad2 1912 | stars 1913 | discovery 1914 | friend 1915 | reservations 1916 | buffalo 1917 | cdp 1918 | uxs2r 1919 | atom 1920 | cosmos 1921 | www.business 1922 | a2 1923 | xcb 1924 | allegro 1925 | om 1926 | ufa 1927 | dw 1928 | cool 1929 | files2 1930 | webdisk.chat 1931 | ford 1932 | oma 1933 | zzb 1934 | staging2 1935 | texas 1936 | ib 1937 | cwc 1938 | aphrodite 1939 | re 1940 | spark 1941 | www.ftp 1942 | oscar 1943 | atlantis 1944 | osiris 1945 | os 1946 | m5 1947 | dl1 1948 | www.shopping 1949 | ice 1950 | beta1 1951 | mcu 1952 | inter 1953 | interface 1954 | gm 1955 | kiosk 1956 | so 1957 | dss 1958 | www.survey 1959 | customers 1960 | fx 1961 | nsa 1962 | csg 1963 | mi 1964 | url 1965 | dl2 1966 | show 1967 | www.classifieds 1968 | mexico 1969 | knowledge 1970 | frank 1971 | tests 1972 | accounting 1973 | krasnodar 1974 | um 1975 | hc 1976 | www.nl 1977 | echo 1978 | property 1979 | gms 1980 | london 1981 | www.clients 1982 | academy 1983 | cyber 1984 | www.english 1985 | museum 1986 | poker 1987 | www.downloads 1988 | gp 1989 | cr 1990 | arch 1991 | gd 1992 | virgo 1993 | si 1994 | smtp-relay 1995 | ipc 1996 | gay 1997 | gg 1998 | oracle 1999 | ruby 2000 | grid 2001 | web05 2002 | i3 2003 | tool 2004 | bulk 2005 | jazz 2006 | price 2007 | pan 2008 | webdisk.admin 2009 | agora 2010 | w4 2011 | mv 2012 | www.moodle 2013 | phantom 2014 | web14 2015 | radius.auth 2016 | voyager 2017 | mint 2018 | einstein 2019 | wedding 2020 | sqladmin 2021 | cam2 2022 | autodiscover.chat 2023 | trans 2024 | che 2025 | bp 2026 | dsl 2027 | kazan 2028 | autoconfig.chat 2029 | al 2030 | pearl 2031 | transport 2032 | lm 2033 | h1 2034 | condor 2035 | homes 2036 | air 2037 | stargate 2038 | ai 2039 | www.www2 2040 | hot 2041 | paul 2042 | np 2043 | kp 2044 | engine 2045 | ts3 2046 | nano 2047 | testtest 2048 | sss 2049 | james 2050 | gk 2051 | ep 2052 | ox 2053 | tomcat 2054 | ns32 2055 | sametime 2056 | tornado 2057 | e1 2058 | s16 2059 | quantum 2060 | slave 2061 | shark 2062 | autoconfig.cdn 2063 | www.love 2064 | backup3 2065 | webdisk.wiki 2066 | altair 2067 | youth 2068 | keys 2069 | site2 2070 | server11 2071 | phobos 2072 | common 2073 | autodiscover.cdn 2074 | key 2075 | test9 2076 | core2 2077 | snoopy 2078 | lisa 2079 | soccer 2080 | tld 2081 | biblio 2082 | sex 2083 | fast 2084 | train 2085 | www.software 2086 | credit 2087 | p2 2088 | cbf1 2089 | ns24 2090 | mailin 2091 | dj 2092 | www.community 2093 | www-a 2094 | www-b 2095 | smtps 2096 | victoria 2097 | www.docs 2098 | cherry 2099 | cisl-murcia.cit 2100 | border 2101 | test11 2102 | nemo 2103 | pass 2104 | mta2 2105 | 911 2106 | xen 2107 | hg 2108 | be 2109 | wa 2110 | web16 2111 | biologie 2112 | bes 2113 | fred 2114 | turbo 2115 | biology 2116 | indigo 2117 | plan 2118 | www.stat 2119 | hosting1 2120 | pilot 2121 | www.club 2122 | diamond 2123 | www.vip 2124 | cp1 2125 | ics 2126 | www.library 2127 | autoconfig.admin 2128 | japan 2129 | autodiscover.admin 2130 | quiz 2131 | laptop 2132 | todo 2133 | cdc 2134 | mkt 2135 | mu 2136 | dhcp.pilsnet 2137 | dot 2138 | xenon 2139 | csr21.net 2140 | horizon 2141 | vp 2142 | centos 2143 | inf 2144 | wolf 2145 | mr 2146 | fusion 2147 | retail 2148 | logo 2149 | line 2150 | 11 2151 | sr 2152 | shorturl 2153 | speedy 2154 | webct 2155 | omsk 2156 | dns7 2157 | ebooks 2158 | apc 2159 | rus 2160 | landing 2161 | pluton 2162 | www.pda 2163 | w5 2164 | san 2165 | course 2166 | aws 2167 | uxs1r 2168 | spirit 2169 | ts2 2170 | srv4 2171 | classic 2172 | webdisk.staging 2173 | g1 2174 | ops 2175 | comm 2176 | bs 2177 | sage 2178 | innovation 2179 | dynamic 2180 | www.www 2181 | resellers 2182 | resource 2183 | colo 2184 | test01 2185 | swift 2186 | bms 2187 | metro 2188 | s15 2189 | vn 2190 | callcenter 2191 | www.in 2192 | scc 2193 | jerry 2194 | site1 2195 | profiles 2196 | penguin 2197 | sps 2198 | mail13 2199 | portail 2200 | faculty 2201 | eis 2202 | rr 2203 | mh 2204 | count 2205 | psi 2206 | florida 2207 | mango 2208 | maple 2209 | ssltest 2210 | cloud2 2211 | general 2212 | www.tickets 2213 | maxwell 2214 | web15 2215 | familiar 2216 | arc 2217 | axis 2218 | ng 2219 | admissions 2220 | dedicated 2221 | cash 2222 | nsc 2223 | www.qa 2224 | tea 2225 | tpmsqr01 2226 | rnd 2227 | jocuri 2228 | office2 2229 | mario 2230 | xen2 2231 | mradm.letter 2232 | cwa 2233 | ninja 2234 | amur 2235 | core1 2236 | miami 2237 | www.sales 2238 | cerberus 2239 | ixhash 2240 | ie 2241 | action 2242 | daisy 2243 | spf 2244 | p3 2245 | junior 2246 | oss 2247 | pw.openvpn 2248 | alt-host 2249 | fromwl 2250 | nobl 2251 | isphosts 2252 | ns26 2253 | helomatch 2254 | test123 2255 | tftp 2256 | webaccess 2257 | tienda 2258 | hostkarma 2259 | lv 2260 | freemaildomains 2261 | sbc 2262 | testbed 2263 | bart 2264 | ironport 2265 | server8 2266 | dh 2267 | crm2 2268 | watch 2269 | skynet 2270 | miss 2271 | dante 2272 | www.affiliates 2273 | legal 2274 | www.ip 2275 | telecom 2276 | dt 2277 | blog1 2278 | webdisk.email 2279 | ip-us 2280 | pixel 2281 | www.t 2282 | dnswl 2283 | korea 2284 | insight 2285 | dd 2286 | www.rss 2287 | testbl 2288 | www01 2289 | auth-hack 2290 | www.cms 2291 | abuse-report 2292 | pb 2293 | casa 2294 | eval 2295 | bio 2296 | app3 2297 | cobra 2298 | www.ar 2299 | solo 2300 | wall 2301 | oc 2302 | dc1 2303 | beast 2304 | george 2305 | eureka 2306 | sit 2307 | demo5 2308 | holiday 2309 | webhosting 2310 | srv01 2311 | router2 2312 | ssp 2313 | server9 2314 | quotes 2315 | eclipse 2316 | entertainment 2317 | kc 2318 | m0 2319 | af 2320 | cpa 2321 | pc.jura-gw1 2322 | fox 2323 | deal 2324 | dav 2325 | www.training 2326 | webdisk.old 2327 | host5 2328 | mix 2329 | vendor 2330 | uni 2331 | mypage 2332 | spa 2333 | soa 2334 | aura 2335 | ref 2336 | arm 2337 | dam 2338 | config 2339 | austin 2340 | aproxy 2341 | developers 2342 | cms2 2343 | www15 2344 | women 2345 | wwwcache 2346 | abs 2347 | testportal 2348 | inet 2349 | gt 2350 | testshop 2351 | g2 2352 | www.ca 2353 | pinnacle 2354 | support2 2355 | sunrise 2356 | snake 2357 | www-new 2358 | patch 2359 | lk 2360 | sv3 2361 | b.ns 2362 | python 2363 | starwars 2364 | cube 2365 | sj 2366 | s0 2367 | gc 2368 | stud 2369 | micro 2370 | webstore 2371 | coupon 2372 | perseus 2373 | maestro 2374 | router1 2375 | hawk 2376 | pf 2377 | h2 2378 | www.soft 2379 | dns8 2380 | fly 2381 | unicorn 2382 | sat 2383 | na 2384 | xyz 2385 | df 2386 | lynx 2387 | activate 2388 | sitemap 2389 | t2 2390 | cats 2391 | mmm 2392 | volgograd 2393 | test12 2394 | sendmail 2395 | hardware 2396 | ara 2397 | import 2398 | ces 2399 | cinema 2400 | arena 2401 | text 2402 | a5 2403 | astro 2404 | doctor 2405 | casper 2406 | smc 2407 | voronezh 2408 | eric 2409 | agency 2410 | wf 2411 | avia 2412 | platinum 2413 | butler 2414 | yjs 2415 | hospital 2416 | nursing 2417 | admin3 2418 | pd 2419 | safety 2420 | teszt 2421 | tk 2422 | s20 2423 | moscow 2424 | karen 2425 | cse 2426 | messages 2427 | www.adserver 2428 | asa 2429 | eros 2430 | www.server 2431 | player 2432 | raptor 2433 | documents 2434 | srv5 2435 | www.photos 2436 | xb 2437 | example 2438 | culture 2439 | demo6 2440 | dev5 2441 | jc 2442 | ict 2443 | back 2444 | p2p 2445 | stuff 2446 | wb 2447 | ccs 2448 | su 2449 | webinars 2450 | kt 2451 | hope 2452 | http 2453 | try 2454 | tel 2455 | m9 2456 | newyork 2457 | gov 2458 | www.marketing 2459 | relax 2460 | setup 2461 | fileserver 2462 | moodle2 2463 | courses 2464 | annuaire 2465 | fresh 2466 | www.status 2467 | rpc 2468 | zeta 2469 | ibank 2470 | helm 2471 | autodiscover.ads 2472 | mailgateway 2473 | integration 2474 | viking 2475 | metrics 2476 | c.ns.e 2477 | webdisk.video 2478 | www.host 2479 | tasks 2480 | monster 2481 | firefly 2482 | icq 2483 | saratov 2484 | www.book 2485 | smtp-out-01 2486 | tourism 2487 | dz 2488 | zt 2489 | daniel 2490 | roundcube 2491 | paper 2492 | 24 2493 | sus 2494 | splash 2495 | zzz 2496 | 10 2497 | chat2 2498 | autoconfig.ads 2499 | mailhub 2500 | neon 2501 | message 2502 | seattle 2503 | ftp5 2504 | port 2505 | solutions 2506 | offers 2507 | seth 2508 | server02 2509 | peter 2510 | ns29 2511 | maillist 2512 | www.konkurs 2513 | d.ns.e 2514 | toto 2515 | guides 2516 | ae 2517 | healthcare 2518 | ssc 2519 | mproxy 2520 | metis 2521 | estore 2522 | mailsrv 2523 | singapore 2524 | hm 2525 | medusa 2526 | bl 2527 | bz 2528 | i5 2529 | dan 2530 | thomas 2531 | exchbhlan5 2532 | alert 2533 | www.spb 2534 | st2 2535 | www.tools 2536 | rigel 2537 | e.ns.e 2538 | kvm3 2539 | astun 2540 | trk 2541 | www.law 2542 | qavgatekeeper 2543 | collab 2544 | styx 2545 | webboard 2546 | cag 2547 | www.student 2548 | galeria 2549 | checkout 2550 | gestion 2551 | mailgate2 2552 | draco 2553 | n2 2554 | berlin 2555 | touch 2556 | seminar 2557 | olympus 2558 | qavmgk 2559 | f.ns.e 2560 | intl 2561 | stats2 2562 | plato 2563 | send 2564 | idm 2565 | m7 2566 | mx7 2567 | m6 2568 | coco 2569 | denver 2570 | s32 2571 | toronto 2572 | abuse 2573 | dn 2574 | sophos 2575 | bear 2576 | logistics 2577 | cancer 2578 | s24 2579 | r25 2580 | s22 2581 | install 2582 | istun 2583 | itc 2584 | oberon 2585 | cps 2586 | paypal 2587 | 7 2588 | mail-out 2589 | portal1 2590 | case 2591 | hideip-usa 2592 | f3 2593 | pcstun 2594 | ip-usa 2595 | warehouse 2596 | webcast 2597 | ds1 2598 | bn 2599 | rest 2600 | logger 2601 | marina 2602 | tula 2603 | vebstage3 2604 | webdisk.static 2605 | infinity 2606 | polaris 2607 | koko 2608 | praca 2609 | fl 2610 | packages 2611 | mstun 2612 | www.staff 2613 | sunshine 2614 | mirror1 2615 | jeff 2616 | mailservers 2617 | jenkins 2618 | administration 2619 | mlr-all 2620 | blade 2621 | qagatekeeper 2622 | cdn3 2623 | aria 2624 | vulcan 2625 | party 2626 | fz 2627 | luke 2628 | stc 2629 | mds 2630 | advance 2631 | andy 2632 | subversion 2633 | deco 2634 | 99 2635 | diemthi 2636 | liberty 2637 | read 2638 | smtprelayout 2639 | fitness 2640 | vs 2641 | dhcp.zmml 2642 | tsg 2643 | www.pt 2644 | win3 2645 | davinci 2646 | two 2647 | stella 2648 | itsupport 2649 | az 2650 | ns27 2651 | hyper 2652 | m10 2653 | drm 2654 | vhost 2655 | mir 2656 | webspace 2657 | mail.test 2658 | argon 2659 | hamster 2660 | livehelp 2661 | 2009 2662 | bwc 2663 | man 2664 | ada 2665 | exp 2666 | metal 2667 | pk 2668 | msp 2669 | hotline 2670 | article 2671 | twiki 2672 | gl 2673 | hybrid 2674 | www.login 2675 | cbf8 2676 | sandy 2677 | anywhere 2678 | sorry 2679 | enter 2680 | east 2681 | islam 2682 | www.map 2683 | quote 2684 | op 2685 | tb 2686 | zh 2687 | euro2012 2688 | hestia 2689 | rwhois 2690 | mail04 2691 | schedule 2692 | ww5 2693 | servidor 2694 | ivan 2695 | serenity 2696 | dave 2697 | mobile1 2698 | ok 2699 | lc 2700 | synergy 2701 | myspace 2702 | sipexternal 2703 | marc 2704 | bird 2705 | rio 2706 | www.1 2707 | debug 2708 | houston 2709 | pdc 2710 | www.xxx 2711 | news1 2712 | ha 2713 | mirage 2714 | fe 2715 | jade 2716 | roger 2717 | ava 2718 | topaz 2719 | a.ns.e 2720 | madrid 2721 | kh 2722 | charlotte 2723 | download2 2724 | elite 2725 | tenders 2726 | pacs 2727 | cap 2728 | fs1 2729 | myweb 2730 | calvin 2731 | extreme 2732 | typo3 2733 | dealers 2734 | cds 2735 | grace 2736 | webchat 2737 | comet 2738 | www.maps 2739 | ranking 2740 | hawaii 2741 | postoffice 2742 | arts 2743 | b.ns.e 2744 | president 2745 | matrixstats 2746 | www.s 2747 | eden 2748 | com-services-vip 2749 | www.pics 2750 | il 2751 | solar 2752 | www.loja 2753 | gr 2754 | ns50 2755 | svc 2756 | backups 2757 | sq 2758 | pinky 2759 | jwgl 2760 | controller 2761 | www.up 2762 | sn 2763 | medical 2764 | spamfilter 2765 | prova 2766 | membership 2767 | dc2 2768 | www.press 2769 | csc 2770 | gry 2771 | drweb 2772 | web17 2773 | f2 2774 | nora 2775 | monitor1 2776 | calypso 2777 | nebula 2778 | lyris 2779 | penarth.cit 2780 | www.mp3 2781 | ssl1 2782 | ns34 2783 | ns35 2784 | mel 2785 | as1 2786 | www.x 2787 | cricket 2788 | ns2.cl 2789 | georgia 2790 | callisto 2791 | exch 2792 | s21 2793 | eip 2794 | cctv 2795 | lucy 2796 | bmw 2797 | s23 2798 | sem 2799 | mira 2800 | search2 2801 | ftp.blog 2802 | realty 2803 | ftp.m 2804 | www.hrm 2805 | patrick 2806 | find 2807 | tcs 2808 | ts1 2809 | smtp6 2810 | lan 2811 | image1 2812 | csi 2813 | nissan 2814 | sjc 2815 | sme 2816 | stone 2817 | model 2818 | gitlab 2819 | spanish 2820 | michael 2821 | remote2 2822 | www.pro 2823 | s17 2824 | m.dev 2825 | www.soporte 2826 | checkrelay 2827 | dino 2828 | woman 2829 | aragorn 2830 | index 2831 | zj 2832 | documentation 2833 | felix 2834 | www.events 2835 | www.au 2836 | adult 2837 | coupons 2838 | imp 2839 | oz 2840 | www.themes 2841 | charlie 2842 | rostov 2843 | smtpout 2844 | www.faq 2845 | ff 2846 | fortune 2847 | vm3 2848 | vms 2849 | sbs 2850 | stores 2851 | teamspeak 2852 | w6 2853 | jason 2854 | tennis 2855 | nt 2856 | shine 2857 | pad 2858 | www.mobil 2859 | s25 2860 | woody 2861 | technology 2862 | cj 2863 | visio 2864 | renewal 2865 | www.c 2866 | webdisk.es 2867 | secret 2868 | host6 2869 | www.fun 2870 | polls 2871 | web06 2872 | turkey 2873 | www.hotel 2874 | ecom 2875 | tours 2876 | product 2877 | www.reseller 2878 | indiana 2879 | mercedes 2880 | target 2881 | load 2882 | area 2883 | mysqladmin 2884 | don 2885 | dodo 2886 | sentinel 2887 | webdisk.img 2888 | websites 2889 | www.dir 2890 | honey 2891 | asdf 2892 | spring 2893 | tag 2894 | astra 2895 | monkey 2896 | ns28 2897 | ben 2898 | www22 2899 | www.journal 2900 | eas 2901 | www.tw 2902 | tor 2903 | page 2904 | www.bugs 2905 | medias 2906 | www17 2907 | toledo 2908 | vip2 2909 | land 2910 | sistema 2911 | win4 2912 | dell 2913 | unsubscribe 2914 | gsa 2915 | spot 2916 | fin 2917 | sapphire 2918 | ul-cat6506-gw 2919 | www.ns1 2920 | bell 2921 | cod 2922 | lady 2923 | www.eng 2924 | click3 2925 | pps 2926 | c3 2927 | registrar 2928 | websrv 2929 | database2 2930 | prometheus 2931 | atm 2932 | www.samara 2933 | api1 2934 | edison 2935 | mega 2936 | cobalt 2937 | eos 2938 | db02 2939 | sympa 2940 | dv 2941 | webdisk.games 2942 | coop 2943 | 50 2944 | blackhole 2945 | 3d 2946 | cma 2947 | ehr 2948 | db5 2949 | etc 2950 | www14 2951 | opera 2952 | zoom 2953 | realmedia 2954 | french 2955 | cmc 2956 | shanghai 2957 | ns33 2958 | batman 2959 | ifolder 2960 | ns61 2961 | alexander 2962 | song 2963 | proto 2964 | cs2 2965 | homologacao 2966 | ips 2967 | vanilla 2968 | legend 2969 | webmail.hosting 2970 | chat1 2971 | www.mx 2972 | coral 2973 | tim 2974 | maxim 2975 | admission 2976 | iso 2977 | psy 2978 | progress 2979 | shms2 2980 | monitor2 2981 | lp2 2982 | thankyou 2983 | issues 2984 | cultura 2985 | xyh 2986 | speedtest2 2987 | dirac 2988 | www.research 2989 | webs 2990 | e2 2991 | save 2992 | deploy 2993 | emarketing 2994 | jm 2995 | nn 2996 | alfresco 2997 | chronos 2998 | pisces 2999 | database1 3000 | reservation 3001 | xena 3002 | des 3003 | directorio 3004 | shms1 3005 | pet 3006 | sauron 3007 | ups 3008 | www.feedback 3009 | www.usa 3010 | teacher 3011 | www.magento 3012 | nis 3013 | ftp01 3014 | baza 3015 | kjc 3016 | roma 3017 | contests 3018 | delphi 3019 | purple 3020 | oak 3021 | win5 3022 | violet 3023 | www.newsite 3024 | deportes 3025 | www.work 3026 | musica 3027 | s29 3028 | autoconfig.es 3029 | identity 3030 | www.fashion 3031 | forest 3032 | flr-all 3033 | www.german 3034 | lead 3035 | front 3036 | rabota 3037 | mysql7 3038 | jack 3039 | vladimir 3040 | search1 3041 | ns3.cl 3042 | promotion 3043 | plaza 3044 | devtest 3045 | cookie 3046 | eris 3047 | webdisk.images 3048 | atc 3049 | autodiscover.es 3050 | lucky 3051 | juno 3052 | brown 3053 | rs2 3054 | www16 3055 | bpm 3056 | www.director 3057 | victory 3058 | fenix 3059 | rich 3060 | tokyo 3061 | ns36 3062 | src 3063 | 12 3064 | milk 3065 | ssl2 3066 | notify 3067 | no 3068 | livestream 3069 | pink 3070 | sony 3071 | vps4 3072 | scan 3073 | wwws 3074 | ovpn 3075 | deimos 3076 | smokeping 3077 | va 3078 | n7pdjh4 3079 | lyncav 3080 | webdisk.directory 3081 | interactive 3082 | request 3083 | apt 3084 | partnerapi 3085 | albert 3086 | cs1 3087 | ns62 3088 | bus 3089 | young 3090 | sina 3091 | police 3092 | workflow 3093 | asset 3094 | lasvegas 3095 | saga 3096 | p4 3097 | www.image 3098 | dag 3099 | crazy 3100 | colorado 3101 | webtrends 3102 | buscador 3103 | hongkong 3104 | rank 3105 | reserve 3106 | autoconfig.wiki 3107 | autodiscover.wiki 3108 | nginx 3109 | hu 3110 | melbourne 3111 | zm 3112 | toolbar 3113 | cx 3114 | samsung 3115 | bender 3116 | safe 3117 | nb 3118 | jjc 3119 | dps 3120 | ap1 3121 | win7 3122 | wl 3123 | diendan 3124 | www.preview 3125 | vt 3126 | kalender 3127 | testforum 3128 | exmail 3129 | wizard 3130 | qq 3131 | www.film 3132 | xxgk 3133 | www.gold 3134 | irkutsk 3135 | dis 3136 | zenoss 3137 | wine 3138 | data1 3139 | remus 3140 | kelly 3141 | stalker 3142 | autoconfig.old 3143 | everest 3144 | ftp.test 3145 | spain 3146 | autodiscover.old 3147 | obs 3148 | ocw 3149 | icare 3150 | ideas 3151 | mozart 3152 | willow 3153 | demo7 3154 | compass 3155 | japanese 3156 | octopus 3157 | prestige 3158 | dash 3159 | argos 3160 | forum1 3161 | img7 3162 | webdisk.download 3163 | mysql01 3164 | joe 3165 | flex 3166 | redir 3167 | viva 3168 | ge 3169 | mod 3170 | postfix 3171 | www.p 3172 | imagine 3173 | moss 3174 | whmcs 3175 | quicktime 3176 | rtr 3177 | ds2 3178 | future 3179 | y 3180 | sv4 3181 | opt 3182 | mse 3183 | selene 3184 | mail21 3185 | dns11 3186 | server12 3187 | invoice 3188 | clicks 3189 | imgs 3190 | xen1 3191 | mail14 3192 | www20 3193 | cit 3194 | web08 3195 | gw3 3196 | mysql6 3197 | zp 3198 | www.life 3199 | leads 3200 | cnc 3201 | bonus 3202 | web18 3203 | sia 3204 | flowers 3205 | diary 3206 | s30 3207 | proton 3208 | s28 3209 | puzzle 3210 | s27 3211 | r2d2 3212 | orel 3213 | eo 3214 | toyota 3215 | front2 3216 | www.pl 3217 | descargas 3218 | msa 3219 | esx2 3220 | challenge 3221 | turing 3222 | emma 3223 | mailgw2 3224 | elections 3225 | www.education 3226 | relay3 3227 | s31 3228 | www.mba 3229 | postfixadmin 3230 | ged 3231 | scorpion 3232 | hollywood 3233 | foo 3234 | holly 3235 | bamboo 3236 | civil 3237 | vita 3238 | lincoln 3239 | webdisk.media 3240 | story 3241 | ht 3242 | adonis 3243 | serv 3244 | voicemail 3245 | ef 3246 | mx11 3247 | picard 3248 | c3po 3249 | helix 3250 | apis 3251 | housing 3252 | uptime 3253 | bet 3254 | phpbb 3255 | contents 3256 | rent 3257 | www.hk 3258 | vela 3259 | surf 3260 | summer 3261 | csr11.net 3262 | beijing 3263 | bingo 3264 | www.jp 3265 | edocs 3266 | mailserver2 3267 | chip 3268 | static4 3269 | ecology 3270 | engineering 3271 | tomsk 3272 | iss 3273 | csr12.net 3274 | s26 3275 | utility 3276 | pac 3277 | ky 3278 | visa 3279 | ta 3280 | web22 3281 | ernie 3282 | fis 3283 | content2 3284 | eduroam 3285 | youraccount 3286 | playground 3287 | paradise 3288 | server22 3289 | rad 3290 | domaincp 3291 | ppc 3292 | autodiscover.video 3293 | date 3294 | f5 3295 | openfire 3296 | mail.blog 3297 | i4 3298 | www.reklama 3299 | etools 3300 | ftptest 3301 | default 3302 | kaluga 3303 | shop1 3304 | mmc 3305 | 1c 3306 | server15 3307 | autoconfig.video 3308 | ve 3309 | www21 3310 | impact 3311 | laura 3312 | qmail 3313 | fuji 3314 | csr31.net 3315 | archer 3316 | robo 3317 | shiva 3318 | tps 3319 | www.eu 3320 | ivr 3321 | foros 3322 | ebay 3323 | www.dom 3324 | lime 3325 | mail20 3326 | b3 3327 | wss 3328 | vietnam 3329 | cable 3330 | webdisk.crm 3331 | x1 3332 | sochi 3333 | vsp 3334 | www.partners 3335 | polladmin 3336 | maia 3337 | fund 3338 | asterix 3339 | c4 3340 | www.articles 3341 | fwallow 3342 | all-nodes 3343 | mcs 3344 | esp 3345 | helena 3346 | doors 3347 | atrium 3348 | www.school 3349 | popo 3350 | myhome 3351 | www.demo2 3352 | s18 3353 | autoconfig.email 3354 | columbus 3355 | autodiscover.email 3356 | ns60 3357 | abo 3358 | classified 3359 | sphinx 3360 | kg 3361 | gate2 3362 | xg 3363 | cronos 3364 | chemistry 3365 | navi 3366 | arwen 3367 | parts 3368 | comics 3369 | www.movies 3370 | www.services 3371 | sad 3372 | krasnoyarsk 3373 | h3 3374 | virus 3375 | hasp 3376 | bid 3377 | step 3378 | reklam 3379 | bruno 3380 | w7 3381 | cleveland 3382 | toko 3383 | cruise 3384 | p80.pool 3385 | agri 3386 | leonardo 3387 | hokkaido 3388 | pages 3389 | rental 3390 | www.jocuri 3391 | fs2 3392 | ipv4.pool 3393 | wise 3394 | ha.pool 3395 | routernet 3396 | leopard 3397 | mumbai 3398 | canvas 3399 | cq 3400 | m8 3401 | mercurio 3402 | www.br 3403 | subset.pool 3404 | cake 3405 | vivaldi 3406 | graph 3407 | ld 3408 | rec 3409 | www.temp 3410 | bach 3411 | melody 3412 | cygnus 3413 | www.charge 3414 | mercure 3415 | program 3416 | beer 3417 | scorpio 3418 | upload2 3419 | siemens 3420 | lipetsk 3421 | barnaul 3422 | dialup 3423 | mssql2 3424 | eve 3425 | moe 3426 | nyc 3427 | www.s1 3428 | mailgw1 3429 | student1 3430 | universe 3431 | dhcp1 3432 | lp1 3433 | builder 3434 | bacula 3435 | ww4 3436 | www.movil 3437 | ns42 3438 | assist 3439 | microsoft 3440 | www.careers 3441 | rex 3442 | dhcp 3443 | automotive 3444 | edgar 3445 | designer 3446 | servers 3447 | spock 3448 | jose 3449 | webdisk.projects 3450 | err 3451 | arthur 3452 | nike 3453 | frog 3454 | stocks 3455 | pns 3456 | ns41 3457 | dbs 3458 | scanner 3459 | hunter 3460 | vk 3461 | communication 3462 | donald 3463 | power1 3464 | wcm 3465 | esx1 3466 | hal 3467 | salsa 3468 | mst 3469 | seed 3470 | sz 3471 | nz 3472 | proba 3473 | yx 3474 | smp 3475 | bot 3476 | eee 3477 | solr 3478 | by 3479 | face 3480 | hydrogen 3481 | contacts 3482 | ars 3483 | samples 3484 | newweb 3485 | eprints 3486 | ctx 3487 | noname 3488 | portaltest 3489 | door 3490 | kim 3491 | v28 3492 | wcs 3493 | ats 3494 | zakaz 3495 | polycom 3496 | chelyabinsk 3497 | host7 3498 | www.b2b 3499 | xray 3500 | td 3501 | ttt 3502 | secure4 3503 | recruitment 3504 | molly 3505 | humor 3506 | sexy 3507 | care 3508 | vr 3509 | cyclops 3510 | bar 3511 | newserver 3512 | desk 3513 | rogue 3514 | linux2 3515 | ns40 3516 | alerts 3517 | dvd 3518 | bsc 3519 | mec 3520 | 20 3521 | m.test 3522 | eye 3523 | www.monitor 3524 | solaris 3525 | webportal 3526 | goto 3527 | kappa 3528 | lifestyle 3529 | miki 3530 | maria 3531 | www.site 3532 | catalogo 3533 | 2008 3534 | empire 3535 | satellite 3536 | losangeles 3537 | radar 3538 | img01 3539 | n1 3540 | ais 3541 | www.hotels 3542 | wlan 3543 | romulus 3544 | vader 3545 | odyssey 3546 | bali 3547 | night 3548 | c5 3549 | wave 3550 | soul 3551 | nimbus 3552 | rachel 3553 | proyectos 3554 | jy 3555 | submit 3556 | hosting3 3557 | server13 3558 | d7 3559 | extras 3560 | australia 3561 | filme 3562 | tutor 3563 | fileshare 3564 | heart 3565 | kirov 3566 | www.android 3567 | hosted 3568 | jojo 3569 | tango 3570 | janus 3571 | vesta 3572 | www18 3573 | new1 3574 | webdisk.radio 3575 | comunidad 3576 | xy 3577 | candy 3578 | smg 3579 | pai 3580 | tuan 3581 | gauss 3582 | ao 3583 | yaroslavl 3584 | alma 3585 | lpse 3586 | hyundai 3587 | ja 3588 | genius 3589 | ti 3590 | ski 3591 | asgard 3592 | www.id 3593 | rh 3594 | imagenes 3595 | kerberos 3596 | www.d 3597 | peru 3598 | mcq-media-01.iutnb 3599 | azmoon 3600 | srv6 3601 | ig 3602 | frodo 3603 | afisha 3604 | 25 3605 | factory 3606 | winter 3607 | harmony 3608 | netlab 3609 | chance 3610 | sca 3611 | arabic 3612 | hack 3613 | raven 3614 | mobility 3615 | naruto 3616 | alba 3617 | anunturi 3618 | obelix 3619 | libproxy 3620 | forward 3621 | tts 3622 | autodiscover.static 3623 | bookmark 3624 | www.galeria 3625 | subs 3626 | ba 3627 | testblog 3628 | apex 3629 | sante 3630 | dora 3631 | construction 3632 | wolverine 3633 | autoconfig.static 3634 | ofertas 3635 | call 3636 | lds 3637 | ns45 3638 | www.project 3639 | gogo 3640 | russia 3641 | vc1 3642 | chemie 3643 | h4 3644 | 15 3645 | dvr 3646 | tunnel 3647 | 5 3648 | kepler 3649 | ant 3650 | indonesia 3651 | dnn 3652 | picture 3653 | encuestas 3654 | vl 3655 | discover 3656 | lotto 3657 | swf 3658 | ash 3659 | pride 3660 | web21 3661 | www.ask 3662 | dev-www 3663 | uma 3664 | cluster1 3665 | ring 3666 | novosibirsk 3667 | mailold 3668 | extern 3669 | tutorials 3670 | mobilemail 3671 | www.2 3672 | kultur 3673 | hacker 3674 | imc 3675 | www.contact 3676 | rsa 3677 | mailer1 3678 | cupid 3679 | member2 3680 | testy 3681 | systems 3682 | add 3683 | mail.m 3684 | dnstest 3685 | webdisk.facebook 3686 | mama 3687 | hello 3688 | phil 3689 | ns101 3690 | bh 3691 | sasa 3692 | pc1 3693 | nana 3694 | owa2 3695 | www.cd 3696 | compras 3697 | webdisk.en 3698 | corona 3699 | vista 3700 | awards 3701 | sp1 3702 | mz 3703 | iota 3704 | elvis 3705 | cross 3706 | audi 3707 | test02 3708 | murmansk 3709 | www.demos 3710 | gta 3711 | autoconfig.directory 3712 | argo 3713 | dhcp2 3714 | www.db 3715 | www.php 3716 | diy 3717 | ws3 3718 | mediaserver 3719 | autodiscover.directory 3720 | ncc 3721 | www.nsk 3722 | present 3723 | tgp 3724 | itv 3725 | investor 3726 | pps00 3727 | jakarta 3728 | boston 3729 | www.bb 3730 | spare 3731 | if 3732 | sar 3733 | win11 3734 | rhea 3735 | conferences 3736 | inbox 3737 | videoconf 3738 | tsweb 3739 | www.xml 3740 | twr1 3741 | jx 3742 | apps2 3743 | glass 3744 | monit 3745 | pets 3746 | server20 3747 | wap2 3748 | s35 3749 | anketa 3750 | www.dav75.users 3751 | anhth 3752 | montana 3753 | sierracharlie.users 3754 | sp2 3755 | parents 3756 | evolution 3757 | anthony 3758 | www.noc 3759 | yeni 3760 | nokia 3761 | www.sa 3762 | gobbit.users 3763 | ns2a 3764 | za 3765 | www.domains 3766 | ultra 3767 | rebecca.users 3768 | dmz 3769 | orca 3770 | dav75.users 3771 | std 3772 | ev 3773 | firmware 3774 | ece 3775 | primary 3776 | sao 3777 | mina 3778 | web23 3779 | ast 3780 | sms2 3781 | www.hfccourse.users 3782 | www.v28 3783 | formacion 3784 | web20 3785 | ist 3786 | wind 3787 | opensource 3788 | www.test2.users 3789 | e3 3790 | clifford.users 3791 | xsc 3792 | sw1 3793 | www.play 3794 | www.tech 3795 | dns12 3796 | offline 3797 | vds 3798 | xhtml 3799 | steve 3800 | mail.forum 3801 | www.rebecca.users 3802 | hobbit 3803 | marge 3804 | www.sierracharlie.users 3805 | dart 3806 | samba 3807 | core3 3808 | devil 3809 | server18 3810 | lbtest 3811 | mail05 3812 | sara 3813 | alex.users 3814 | www.demwunz.users 3815 | www23 3816 | vegas 3817 | italia 3818 | ez 3819 | gollum 3820 | test2.users 3821 | hfccourse.users 3822 | ana 3823 | prof 3824 | www.pluslatex.users 3825 | mxs 3826 | dance 3827 | avalon 3828 | pidlabelling.users 3829 | dubious.users 3830 | webdisk.search 3831 | query 3832 | clientweb 3833 | www.voodoodigital.users 3834 | pharmacy 3835 | denis 3836 | chi 3837 | seven 3838 | animal 3839 | cas1 3840 | s19 3841 | di 3842 | autoconfig.images 3843 | www.speedtest 3844 | yes 3845 | autodiscover.images 3846 | www.galleries 3847 | econ 3848 | www.flash 3849 | www.clifford.users 3850 | ln 3851 | origin-images 3852 | www.adrian.users 3853 | snow 3854 | cad 3855 | voyage 3856 | www.pidlabelling.users 3857 | cameras 3858 | volga 3859 | wallace 3860 | guardian 3861 | rpm 3862 | mpa 3863 | flower 3864 | prince 3865 | exodus 3866 | mine 3867 | mailings 3868 | cbf3 3869 | www.gsgou.users 3870 | wellness 3871 | tank 3872 | vip1 3873 | name 3874 | bigbrother 3875 | forex 3876 | rugby 3877 | webdisk.sms 3878 | graduate 3879 | webdisk.videos 3880 | adrian 3881 | mic 3882 | 13 3883 | firma 3884 | www.dubious.users 3885 | windu 3886 | hit 3887 | www.alex.users 3888 | dcc 3889 | wagner 3890 | launch 3891 | gizmo 3892 | d4 3893 | rma 3894 | betterday.users 3895 | yamato 3896 | bee 3897 | pcgk 3898 | gifts 3899 | home1 3900 | www.team 3901 | cms1 3902 | www.gobbit.users 3903 | skyline 3904 | ogloszenia 3905 | www.betterday.users 3906 | www.data 3907 | river 3908 | eproc 3909 | acme 3910 | demwunz.users 3911 | nyx 3912 | cloudflare-resolve-to 3913 | you 3914 | sci 3915 | virtual2 3916 | drive 3917 | sh2 3918 | toolbox 3919 | lemon 3920 | hans 3921 | psp 3922 | goofy 3923 | fsimg 3924 | lambda 3925 | ns55 3926 | vancouver 3927 | hkps.pool 3928 | adrian.users 3929 | ns39 3930 | voodoodigital.users 3931 | kz 3932 | ns1a 3933 | delivery.b 3934 | turismo 3935 | cactus 3936 | pluslatex.users 3937 | lithium 3938 | euclid 3939 | quality 3940 | gsgou.users 3941 | onyx 3942 | db4 3943 | www.domain 3944 | persephone 3945 | validclick 3946 | elibrary 3947 | www.ts 3948 | panama 3949 | www.wholesale 3950 | ui 3951 | rpg 3952 | www.ssl 3953 | xenapp 3954 | exit 3955 | marcus 3956 | phd 3957 | l2tp-us 3958 | cas2 3959 | rapid 3960 | advert 3961 | malotedigital 3962 | bluesky 3963 | fortuna 3964 | chief 3965 | streamer 3966 | salud 3967 | web19 3968 | stage2 3969 | members2 3970 | www.sc 3971 | alaska 3972 | spectrum 3973 | broker 3974 | oxford 3975 | jb 3976 | jim 3977 | cheetah 3978 | sofia 3979 | webdisk.client 3980 | nero 3981 | rain 3982 | crux 3983 | mls 3984 | mrtg2 3985 | repair 3986 | meteor 3987 | samurai 3988 | kvm4 3989 | ural 3990 | destek 3991 | pcs 3992 | mig 3993 | unity 3994 | reporter 3995 | ftp-eu 3996 | cache2 3997 | van 3998 | smtp10 3999 | nod 4000 | chocolate 4001 | collections 4002 | kitchen 4003 | rocky 4004 | pedro 4005 | sophia 4006 | st3 4007 | nelson 4008 | ak 4009 | jl 4010 | slim 4011 | wap1 4012 | sora 4013 | migration 4014 | www.india 4015 | ns04 4016 | ns37 4017 | ums 4018 | www.labs 4019 | blah 4020 | adimg 4021 | yp 4022 | db6 4023 | xtreme 4024 | groupware 4025 | collection 4026 | blackbox 4027 | sender 4028 | t4 4029 | college 4030 | kevin 4031 | vd 4032 | eventos 4033 | tags 4034 | us2 4035 | macduff 4036 | wwwnew 4037 | publicapi 4038 | web24 4039 | jasper 4040 | vladivostok 4041 | tender 4042 | premier 4043 | tele 4044 | wwwdev 4045 | www.pr 4046 | postmaster 4047 | haber 4048 | zen 4049 | nj 4050 | rap 4051 | planning 4052 | domain2 4053 | veronica 4054 | isa 4055 | www.vb 4056 | lamp 4057 | goldmine 4058 | www.geo 4059 | www.math 4060 | mcc 4061 | www.ua 4062 | vera 4063 | nav 4064 | nas2 4065 | autoconfig.staging 4066 | s33 4067 | boards 4068 | thumb 4069 | autodiscover.staging 4070 | carmen 4071 | ferrari 4072 | jordan 4073 | quatro 4074 | gazeta 4075 | www.test3 4076 | manga 4077 | techno 4078 | vm0 4079 | vector 4080 | hiphop 4081 | www.bbs 4082 | rootservers 4083 | dean 4084 | www.ms 4085 | win12 4086 | dreamer 4087 | alexandra 4088 | smtp03 4089 | jackson 4090 | wing 4091 | ldap3 4092 | www.webmaster 4093 | hobby 4094 | men 4095 | cook 4096 | ns70 4097 | olivia 4098 | tampa 4099 | kiss 4100 | nevada 4101 | live2 4102 | computers 4103 | tina 4104 | festival 4105 | bunny 4106 | jump 4107 | military 4108 | fj 4109 | kira 4110 | pacific 4111 | gonzo 4112 | ftp.dev 4113 | svpn 4114 | serial 4115 | webster 4116 | www.pe 4117 | s204 4118 | romania 4119 | gamers 4120 | guru 4121 | sh1 4122 | lewis 4123 | pablo 4124 | yoshi 4125 | lego 4126 | divine 4127 | italy 4128 | wallpapers 4129 | nd 4130 | myfiles 4131 | neptun 4132 | www.world 4133 | convert 4134 | www.cloud 4135 | proteus 4136 | medicine 4137 | bak 4138 | lista 4139 | dy 4140 | rhino 4141 | dione 4142 | sip1 4143 | california 4144 | 100 4145 | cosmic 4146 | electronics 4147 | openid 4148 | csm 4149 | adm2 4150 | soleil 4151 | disco 4152 | www.pp 4153 | xmail 4154 | www.movie 4155 | pioneer 4156 | phplist 4157 | elephant 4158 | ftp6 4159 | depo 4160 | icon 4161 | www.ns2 4162 | www.youtube 4163 | ota 4164 | capacitacion 4165 | mailfilter 4166 | switch1 4167 | ryazan 4168 | auth2 4169 | paynow 4170 | webtv 4171 | pas 4172 | www.v3 4173 | storage1 4174 | rs1 4175 | sakai 4176 | pim 4177 | vcse 4178 | ko 4179 | oem 4180 | theme 4181 | tumblr 4182 | smtp0 4183 | server14 4184 | lala 4185 | storage2 4186 | k2 4187 | ecm 4188 | moo 4189 | can 4190 | imode 4191 | webdisk.gallery 4192 | webdisk.jobs 4193 | howard 4194 | mes 4195 | eservices 4196 | noah 4197 | support1 4198 | soc 4199 | gamer 4200 | ekb 4201 | marco 4202 | information 4203 | heaven 4204 | ty 4205 | kursk 4206 | wilson 4207 | webdisk.wp 4208 | freebsd 4209 | phones 4210 | void 4211 | esx3 4212 | empleo 4213 | aida 4214 | s01 4215 | apc1 4216 | mysites 4217 | www.kazan 4218 | calc 4219 | barney 4220 | prohome 4221 | fd 4222 | kenny 4223 | www.filme 4224 | ebill 4225 | d6 4226 | era 4227 | big 4228 | goodluck 4229 | rdns2 4230 | everything 4231 | ns43 4232 | monty 4233 | bib 4234 | clip 4235 | alf 4236 | quran 4237 | aim 4238 | logon 4239 | wg 4240 | rabbit 4241 | ntp3 4242 | upc 4243 | www.stream 4244 | www.ogloszenia 4245 | abcd 4246 | autodiscover.en 4247 | blogger 4248 | pepper 4249 | autoconfig.en 4250 | stat1 4251 | jf 4252 | smtp7 4253 | video3 4254 | eposta 4255 | cache1 4256 | ekaterinburg 4257 | talent 4258 | jewelry 4259 | ecs 4260 | beta3 4261 | www.proxy 4262 | zsb 4263 | 44 4264 | ww6 4265 | nautilus 4266 | angels 4267 | servicos 4268 | smpp 4269 | we 4270 | siga 4271 | magnolia 4272 | smt 4273 | maverick 4274 | franchise 4275 | dev.m 4276 | webdisk.info 4277 | penza 4278 | shrek 4279 | faraday 4280 | s123 4281 | aleph 4282 | vnc 4283 | chinese 4284 | glpi 4285 | unix 4286 | leto 4287 | win10 4288 | answers 4289 | att 4290 | webtools 4291 | sunset 4292 | extranet2 4293 | kirk 4294 | mitsubishi 4295 | ppp 4296 | cargo 4297 | comercial 4298 | balancer 4299 | aire 4300 | karma 4301 | emergency 4302 | zy 4303 | dtc 4304 | asb 4305 | win8 4306 | walker 4307 | cougar 4308 | autodiscover.videos 4309 | bugtracker 4310 | autoconfig.videos 4311 | icm 4312 | tap 4313 | nuevo 4314 | ganymede 4315 | cell 4316 | www02 4317 | ticketing 4318 | nature 4319 | brazil 4320 | www.alex 4321 | troy 4322 | avatars 4323 | aspire 4324 | custom 4325 | www.mm 4326 | ebiz 4327 | www.twitter 4328 | kong 4329 | beagle 4330 | chess 4331 | ilias 4332 | codex 4333 | camel 4334 | crc 4335 | microsite 4336 | mlm 4337 | autoconfig.crm 4338 | o2 4339 | human 4340 | ken 4341 | sonicwall 4342 | biznes 4343 | pec 4344 | flow 4345 | autoreply 4346 | tips 4347 | little 4348 | autodiscover.crm 4349 | hardcore 4350 | egypt 4351 | ryan 4352 | doska 4353 | mumble 4354 | s34 4355 | pds 4356 | platon 4357 | demo8 4358 | total 4359 | ug 4360 | das 4361 | gx 4362 | just 4363 | tec 4364 | archiv 4365 | ul 4366 | craft 4367 | franklin 4368 | speedtest1 4369 | rep 4370 | supplier 4371 | crime 4372 | mail-relay 4373 | luigi 4374 | saruman 4375 | defiant 4376 | rome 4377 | tempo 4378 | sr2 4379 | tempest 4380 | azure 4381 | horse 4382 | pliki 4383 | barracuda2 4384 | www.gis 4385 | cuba 4386 | adslnat-curridabat-128 4387 | aw 4388 | test13 4389 | box1 4390 | aaaa 4391 | x2 4392 | exchbhlan3 4393 | sv6 4394 | disk 4395 | enquete 4396 | eta 4397 | vm4 4398 | deep 4399 | mx12 4400 | s111 4401 | budget 4402 | arizona 4403 | autodiscover.media 4404 | ya 4405 | webmin 4406 | fisto 4407 | orbit 4408 | bean 4409 | mail07 4410 | autoconfig.media 4411 | berry 4412 | jg 4413 | www.money 4414 | store1 4415 | sydney 4416 | kraken 4417 | author 4418 | diablo 4419 | wwwww 4420 | word 4421 | www.gmail 4422 | www.tienda 4423 | samp 4424 | golden 4425 | travian 4426 | www.cat 4427 | www.biz 4428 | 54 4429 | demo10 4430 | bambi 4431 | ivanovo 4432 | big5 4433 | egitim 4434 | he 4435 | unregistered.zmc 4436 | amanda 4437 | orchid 4438 | kit 4439 | rmr1 4440 | richard 4441 | offer 4442 | edge1 4443 | germany 4444 | tristan 4445 | seguro 4446 | kyc 4447 | maths 4448 | columbia 4449 | steven 4450 | wings 4451 | www.sg 4452 | ns38 4453 | grand 4454 | tver 4455 | natasha 4456 | r3 4457 | www.tour 4458 | pdns 4459 | m11 4460 | dweb 4461 | nurse 4462 | dsp 4463 | www.market 4464 | meme 4465 | www.food 4466 | moda 4467 | ns44 4468 | mps 4469 | jgdw 4470 | m.stage 4471 | bdsm 4472 | mech 4473 | rosa 4474 | sx 4475 | tardis 4476 | domreg 4477 | eugene 4478 | home2 4479 | vpn01 4480 | scott 4481 | excel 4482 | lyncdiscoverinternal 4483 | ncs 4484 | pagos 4485 | recovery 4486 | bastion 4487 | wwwx 4488 | spectre 4489 | static.origin 4490 | quizadmin 4491 | www.abc 4492 | ulyanovsk 4493 | test-www 4494 | deneb 4495 | www.learn 4496 | nagano 4497 | bronx 4498 | ils 4499 | mother 4500 | defender 4501 | stavropol 4502 | g3 4503 | lol 4504 | nf 4505 | caldera 4506 | cfd185 4507 | tommy 4508 | think 4509 | thebest 4510 | girls 4511 | consulting 4512 | owl 4513 | newsroom 4514 | us.m 4515 | hpc 4516 | ss1 4517 | dist 4518 | valentine 4519 | 9 4520 | pumpkin 4521 | queens 4522 | watchdog 4523 | serv1 4524 | web07 4525 | pmo 4526 | gsm 4527 | spam1 4528 | geoip 4529 | test03 4530 | ftp.forum 4531 | server19 4532 | www.update 4533 | tac 4534 | vlad 4535 | saprouter 4536 | lions 4537 | lider 4538 | zion 4539 | c6 4540 | palm 4541 | ukr 4542 | amsterdam 4543 | html5 4544 | wd 4545 | estadisticas 4546 | blast 4547 | phys 4548 | rsm 4549 | 70 4550 | vvv 4551 | kris 4552 | agro 4553 | msn-smtp-out 4554 | labor 4555 | universal 4556 | gapps 4557 | futbol 4558 | baltimore 4559 | wt 4560 | avto 4561 | workshop 4562 | www.ufa 4563 | boom 4564 | autodiscover.jobs 4565 | unknown 4566 | alliance 4567 | www.svn 4568 | duke 4569 | kita 4570 | tic 4571 | killer 4572 | ip176-194 4573 | millenium 4574 | garfield 4575 | assets2 4576 | auctions 4577 | point 4578 | russian 4579 | suzuki 4580 | clinic 4581 | lyncedge 4582 | www.tr 4583 | la2 4584 | oldwebmail 4585 | shipping 4586 | informatica 4587 | age 4588 | gfx 4589 | ipsec 4590 | lina 4591 | autoconfig.jobs 4592 | zoo 4593 | splunk 4594 | sy 4595 | urban 4596 | fornax 4597 | www.dating 4598 | clock 4599 | balder 4600 | steam 4601 | ut 4602 | zz 4603 | washington 4604 | lightning 4605 | fiona 4606 | im2 4607 | enigma 4608 | fdc 4609 | zx 4610 | sami 4611 | eg 4612 | cyclone 4613 | acacia 4614 | yb 4615 | nps 4616 | update2 4617 | loco 4618 | discuss 4619 | s50 4620 | kurgan 4621 | smith 4622 | plant 4623 | lux 4624 | www.kino 4625 | www.extranet 4626 | gas 4627 | psychologie 4628 | 01 4629 | s02 4630 | cy 4631 | modem 4632 | station 4633 | www.reg 4634 | zip 4635 | boa 4636 | www.co 4637 | mx04 4638 | openerp 4639 | bounces 4640 | dodge 4641 | paula 4642 | meetings 4643 | firmy 4644 | web26 4645 | xz 4646 | utm 4647 | s40 4648 | panorama 4649 | photon 4650 | vas 4651 | war 4652 | marte 4653 | gateway2 4654 | tss 4655 | anton 4656 | hirlevel 4657 | winner 4658 | fbapps 4659 | vologda 4660 | arcadia 4661 | www.cc 4662 | util 4663 | 16 4664 | tyumen 4665 | desire 4666 | perl 4667 | princess 4668 | papa 4669 | like 4670 | matt 4671 | sgs 4672 | datacenter 4673 | atlantic 4674 | maine 4675 | tech1 4676 | ias 4677 | vintage 4678 | linux1 4679 | gzs 4680 | cip 4681 | keith 4682 | carpediem 4683 | serv2 4684 | dreams 4685 | front1 4686 | lyncaccess 4687 | fh 4688 | mailer2 4689 | www.chem 4690 | natural 4691 | student2 4692 | sailing 4693 | radio1 4694 | models 4695 | evo 4696 | tcm 4697 | bike 4698 | bancuri 4699 | baseball 4700 | manuals 4701 | img8 4702 | imap1 4703 | oldweb 4704 | smtpgw 4705 | pulsar 4706 | reader 4707 | will 4708 | stream3 4709 | oliver 4710 | mail15 4711 | lulu 4712 | dyn 4713 | bandwidth 4714 | messaging 4715 | us1 4716 | ibm 4717 | idaho 4718 | camping 4719 | verify 4720 | seg 4721 | vs1 4722 | autodiscover.sms 4723 | blade1 4724 | blade2 4725 | leda 4726 | mail17 4727 | horo 4728 | testdrive 4729 | diet 4730 | www.start 4731 | mp1 4732 | claims 4733 | te 4734 | gcc 4735 | www.whois 4736 | nieuwsbrief 4737 | xeon 4738 | eternity 4739 | greetings 4740 | data2 4741 | asf 4742 | autoconfig.sms 4743 | kemerovo 4744 | olga 4745 | haha 4746 | ecc 4747 | prestashop 4748 | rps 4749 | img0 4750 | olimp 4751 | biotech 4752 | qa1 4753 | swan 4754 | bsd 4755 | webdisk.sandbox 4756 | sanantonio 4757 | dental 4758 | www.acc 4759 | zmail 4760 | statics 4761 | ns102 4762 | 39 4763 | idb 4764 | h5 4765 | connect2 4766 | jd 4767 | christian 4768 | luxury 4769 | ten 4770 | bbtest 4771 | blogtest 4772 | self 4773 | www.green 4774 | forumtest 4775 | olive 4776 | www.lab 4777 | ns63 4778 | freebies 4779 | ns64 4780 | www.g 4781 | jake 4782 | www.plus 4783 | ejournal 4784 | letter 4785 | works 4786 | peach 4787 | spoon 4788 | sie 4789 | lx 4790 | aol 4791 | baobab 4792 | tv2 4793 | edge2 4794 | sign 4795 | webdisk.help 4796 | www.mobi 4797 | php5 4798 | webdata 4799 | award 4800 | gf 4801 | rg 4802 | lily 4803 | ricky 4804 | pico 4805 | nod32 4806 | opus 4807 | sandiego 4808 | emploi 4809 | sfa 4810 | application 4811 | comment 4812 | autodiscover.search 4813 | www.se 4814 | recherche 4815 | africa 4816 | webdisk.members 4817 | multi 4818 | wood 4819 | xx 4820 | fan 4821 | reverse 4822 | missouri 4823 | zinc 4824 | brutus 4825 | lolo 4826 | imap2 4827 | www.windows 4828 | aaron 4829 | webdisk.wordpress 4830 | create 4831 | bis 4832 | aps 4833 | xp 4834 | outlet 4835 | www.cpanel 4836 | bloom 4837 | 6 4838 | ni 4839 | www.vestibular 4840 | webdisk.billing 4841 | roman 4842 | myshop 4843 | joyce 4844 | qb 4845 | walter 4846 | www.hr 4847 | fisher 4848 | daily 4849 | webdisk.files 4850 | michelle 4851 | musik 4852 | sic 4853 | taiwan 4854 | jewel 4855 | inbound 4856 | trio 4857 | mts 4858 | dog 4859 | mustang 4860 | specials 4861 | www.forms 4862 | crew 4863 | tes 4864 | www.med 4865 | elib 4866 | testes 4867 | richmond 4868 | autodiscover.travel 4869 | mccoy 4870 | aquila 4871 | www.saratov 4872 | bts 4873 | hornet 4874 | election 4875 | test22 4876 | kaliningrad 4877 | listes 4878 | tx 4879 | webdisk.travel 4880 | onepiece 4881 | bryan 4882 | saas 4883 | opel 4884 | florence 4885 | blacklist 4886 | skin 4887 | workspace 4888 | theta 4889 | notebook 4890 | freddy 4891 | elmo 4892 | www.webdesign 4893 | autoconfig.travel 4894 | sql3 4895 | faith 4896 | cody 4897 | nuke 4898 | memphis 4899 | chrome 4900 | douglas 4901 | www24 4902 | autoconfig.search 4903 | www.analytics 4904 | forge 4905 | gloria 4906 | harry 4907 | birmingham 4908 | zebra 4909 | www.123 4910 | laguna 4911 | lamour 4912 | igor 4913 | brs 4914 | polar 4915 | lancaster 4916 | webdisk.portal 4917 | autoconfig.img 4918 | autodiscover.img 4919 | other 4920 | www19 4921 | srs 4922 | gala 4923 | crown 4924 | v5 4925 | fbl 4926 | sherlock 4927 | remedy 4928 | gw-ndh 4929 | mushroom 4930 | mysql8 4931 | sv5 4932 | csp 4933 | marathon 4934 | kent 4935 | critical 4936 | dls 4937 | capricorn 4938 | standby 4939 | test15 4940 | www.portfolio 4941 | savannah 4942 | img13 4943 | veritas 4944 | move 4945 | rating 4946 | sound 4947 | zephyr 4948 | download1 4949 | www.ticket 4950 | exchange-imap.its 4951 | b5 4952 | andrea 4953 | dds 4954 | epm 4955 | banana 4956 | smartphone 4957 | nicolas 4958 | phpadmin 4959 | www.subscribe 4960 | prototype 4961 | experts 4962 | mgk 4963 | newforum 4964 | result 4965 | www.prueba 4966 | cbf2 4967 | s114 4968 | spp 4969 | trident 4970 | mirror2 4971 | s112 4972 | sonia 4973 | nnov 4974 | www.china 4975 | alabama 4976 | photogallery 4977 | blackjack 4978 | lex 4979 | hathor 4980 | inc 4981 | xmas 4982 | tulip 4983 | and 4984 | common-sw1 4985 | betty 4986 | vo 4987 | www.msk 4988 | pc2 4989 | schools 4990 | --------------------------------------------------------------------------------