Locked second-order: Scans web applications for second-order subdomain takeover

By itsMe
December 26, 2021 in Pentesting

Followers 0

Start new topic

Recommended Posts

itsMe

Posted December 26, 2021

- Share

Posted December 26, 2021

This is the hidden content, please

Second Order

Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain rules, or respond in a certain way.

Usage Ideas

This is a list of tips and ideas (not necessarily related to second-order subdomain takeover) on what to use Second Order for.

    Check for second-order subdomain takeover: takeover.json. (Duh!)
    Collect inline and imported JS code: javascript.json.
    Find where a target hosts static files cdn.json. (S3 buckets, anyone?)
    Collect <input> names to build a tailored parameter bruteforcing wordlist: parameters.json.
    Feel free to contribute more ideas!

This is the hidden content, please

Link to comment

Share on other sites

This topic is now closed to further replies.

Followers 0

Go to topic listing

Similar Content
- html 200 TEMPLATES WEBSITE PROFESSIONAL
  
  By ~~kevinsocute2~~ , December 31, 2023
  - website
  - web
  - (and 1 more)
    
    Tagged with:
    
    website
    
    web
    
    php
  - 0 replies
  - 226 views
- SharpOD x64 (A_AntiDebug Plugin. Support for x64dbg)
  
  By itsMe, December 5, 2021
  - for
  - support
  - (and 5 more)
    
    Tagged with:
    
    for
    
    support
    
    plugin.
    
    (a_antidebug
    
    x64
    
    sharpod
    
    x64dbg)
  - 0 replies
  - 1,648 views
- How to sniff API of android aps For making configs
  
  By itsMe, May 20, 2021
  - making
  - for
  - (and 6 more)
    
    Tagged with:
    
    making
    
    for
    
    aps
    
    android
    
    api
    
    sniff
    
    how
    
    configs
  - 0 replies
  - 246 views
- I want to create a forum web site, I need help. but...
  
  By ~~kedi~~ , October 11, 2023
  - php
  - html
  - (and 2 more)
    
    Tagged with:
    
    php
    
    html
    
    web
    
    forum
  - 3 replies
  - 165 views
  - Guest
  - October 13, 2023
- How To Make Simple APP Config(API) In OPENBULLET Using Fiddler
  
  By itsMe, March 24, 2023
  - easiest
  - configs
  - (and 8 more)
    
    Tagged with:
    
    easiest
    
    configs
    
    openbullet
    
    api
    
    android
    
    making
    
    for
    
    setup
    
    how
    
    method
  - 0 replies
  - 501 views

Sign In

Locked second-order: Scans web applications for second-order subdomain takeover

Recommended Posts

itsMe

Link to comment

Share on other sites

Similar Content

html 200 TEMPLATES WEBSITE PROFESSIONAL

SharpOD x64 (A_AntiDebug Plugin. Support for x64dbg)

How to sniff API of android aps For making configs

I want to create a forum web site, I need help. but...

How To Make Simple APP Config(API) In OPENBULLET Using Fiddler

Browse

Activity

Store

Important Information