Crossdomainscanner
Python tool for expired domain discovery in crossdomain.xml files
Install / Use
/learn @NetSPI/CrossdomainscannerREADME
crossdomainscanner
Python tool to check for expired domains still allowed in crossdomain.xml files.
For more on this tool please go here.
Installation
~$ git clone https://github.com/NetSPI/crossdomainscanner
~$ cd crossdomainScanner
~$ pip install -r requirements.txt
[follow the example below for runtime usage]
Example:
~$ python scanner.py https://jakereynolds.co -v -o output.txt
~$ cat output.txt
Searching crossdomain.xml on https://jakereynolds.co for unregistered domains
=============================================================
Crossdomain contents:
- asdaasdasfwkjhcjhbwrgkljsv.com
- thisisanexpireddomainaswell.es
- thishasaninvalidTLD.invalidtld
- Invalid TLD: invalidtld
- jakereynoldsexpireddomain.com
Possible expired domains:
asdaasdasfwkjhcjhbwrgkljsv.com
thisisanexpireddomainaswell.es
jakereynoldsexpireddomain.com
This means that https://jakereynolds.co allows http://jakereynoldsexpireddomain.com in their crossdomain.xml file. However, the latter is not registered to any DNS. An attacker could now buy that domain and get full cross-domain access to https://jakereynolds.co
This tool is created for Ethical Hacking purposes, any illicit use is not related to its creator.
Related Skills
node-connect
349.2kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
109.5kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
349.2kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
349.2kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
