Skip to content
/ dead-domain-discovery Public

This Chromium extension scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.

License

Apache-2.0 license
42 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lauritzh/dead-domain-discovery

BranchesTags

Repository files navigation

Dead Domain Discovery

This Chromium extensions aims to identify abandoned domains that are referenced by a website for instance within an iFrame, as script or as CSS source.
If an abandoned domain is used within these sinks, which can be registered by malicious actors, this could for instance lead to Cross-Site Scripting or website defacement vulnerabilities.

Features

  • Gather relevant sources, keep track of previously encountered domains.
  • Lookup domains and send a Chrome Notification in case a domain lookup fails.

Installation

Always keep in mind that browser extensions have broad access to sensitive data! Therefore, it is recommended to install this extension only to browsers that are solely used for security analysis or development purposes. One great example for this is PortSwigger's Burp Suite embedded browser.

Steps to install:

  1. Clone this repository via git clone https://github.com/lauritzh/dead-domain-discovery.
  2. Navigate to chrome://extensions/ with your Chromium browser.
  3. Enable Developer mode (attention, do not enable this option in your "productive" browser!).
  4. Load the unpacked extension from /dead-domain-discovery.

FAQ

Why do I not get any results?

This extension uses the Chrome Notification API. Make sure to allow notifications for Chrome/Chromium:

Settings Notification

Notable Releases

  • 0.1: Initial Release
  • 0.2: Skip IPs
  • 0.3: Add basic options (@svennergr)
  • 0.4: Add basic history
  • 0.5: Scan for dead domains in e-mail addresses
  • 0.6: Fix history of findings in pop-up (previously all cached domains were printed)
  • 0.7: Exclude domains from scanning

Privacy

The extension does not disclose any information to its author, but uses an HTTP GET request to https://dns.google/resolve?name=${domain} to lookup newly discovered domains. Please note that when activated, the extension runs in background and analyses all page loads.

Security Considerations

If you found any vulnerability in this repository, please use GitHub's private vulnerability reporting instead of opening a public issue.

Credits

This project was inspired by Süleyman Çelikarslan's (@slymn_clkrsln) tweets about second order domain takeover vulnerabilities.

In v0.5, a lookup for domains encountered in mailto: URLs was added, based on @0xLupin's awesome blog post about ATOs caused by abandoned e-mail domains.

Contributors

If you are missing a feature or found a bug, feel free to open a pull request!

These awesome people already contributed to this repo:

svennergr

TightropeMonkey

Thanks a lot!

Disclaimer

Any information shared within this repository must not be used with malicious intentions. This tool is shared for educational purposes only. Any malicious use will not hold the author responsible.

Example

If set up correctly, the extension should complain about this link and the following image.

About

This Chromium extension scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity

Stars

42 stars

Watchers

2 watching

Forks

16 forks
Report repository

Releases 6

v0.7 Latest
Nov 12, 2024
+ 5 releases

Packages

No packages published

Contributors 2

Languages