0xbharath/domains-from-csp

Stars
105
Rank 328,196 (Top 7 %)
Language
Python
License
MIT License
Created over 6 years ago
Updated over 5 years ago

0xbharath/domains-from-csp

0xbharath

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A script to extract domain names from Content Security Policy(CSP) headers

domains-from-csp

A Python script to parse domain names from CSP header

A script to extract domain names from Content Security Policy(CSP) headers
The output is print to stdout for now

Demo

Screenshots

3rd party package dependency

Setup

Clone this repo

$ git clone [email protected]:yamakira/censys-enumeration.git

Install dependencies

$ pipenv install

Check help menu

$ python csp_parser.py --help
                                                                                                   2 ↵
Usage: csp_parser.py [OPTIONS] URL

Options:
  -r, --resolve / --no-resolve  Enable/Disable DNS resolution
  --help                        Show this message and exit.

Usage

Parse the CSP header for domain names but don't do DNS resolution

$ python csp_parser.py target_url

Parse the CSP header for domain names and also do DNS resolution

$ python csp_parser.py target_url --resolve

$ python csp_parser.py target_url -r

censys-enumeration

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys

art-of-packet-crafting-with-scapy

A workshop on Packet Crafting using Scapy.

assets-from-spf

A Python script to parse net blocks & domain names from SPF record

slurp-old

A tool to enumerate S3 buckets manually or via certstream

hardware-hacking-for-software-folks

datasploit

Utilizing various Open Source Intelligence (OSINT) tools and techniques that we have found to be effective, DataSploit brings them all into one place, correlates the raw data captured and gives the user, all the relevant information about the domain/email/ phone number/person, etc. It allows you to collect relevant information about a target which can expand your attack/defence surface very quickly. Sometimes it might even pluck the low hanging fruits for you without even touching the target and give you quick wins. More documentation here: http://datasploit.readthedocs.io/en/latest/.

scapy-scripts

A collection of scapy scripts, mostly security stuff.

python-network-programming

A workshop on network programming using the Python language.

nic.in-subdomain-tracker

A repo to track subdomains of nic.in

Effective-OpenSSH-Client-Usage-Workshop

A workshop on using OpenSSH client suite effectively

ctlog-utilities

Quick and dirty utilities I scribbled while digging through Certificate Transparency logs using crt.sh

GoI-subdomains-directory

List of subdomains/web apps by Government of India (GoI).

talks

Collection of slides/presentations from various talk that I have given in the past.

understanding-wmi

Repo for "Understanding WMI" talk given at Null, Bangalore March 10th 2018

dotfiles

A collection of personal dotfiles. i3wm, zsh and Dell XPS 13 9350

dns-for-penetration-testers-nullblr

DNS for penetration testers talk given at Nullblr June 2017.

yamakira.github.io

personal website/blog - http://disruptivelabs.in

pyliners

A collection of Python onliners

python-for-system-administration

A workshop on using Python language for system administration

python-foundations

Online notes for this workshop is available at -

protocols-for-penetration-testers

A meta repository to keep track of infomation about series of workshops, titled "Protocols for Penetration Testers"

insecuredns

insecuredns is a damn vulnerable DNS server to demonstrate common vulnerabilities in DNS implementations