From 6b3a251afab784610100d43e9f4d225ac525b486 Mon Sep 17 00:00:00 2001
From: Van Lyubov <33548464+dalpan@users.noreply.github.com>
Date: Thu, 18 Jul 2024 20:07:23 +0700
Subject: [PATCH] Update subt.py

---
 subt.py | 38 ++++++++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/subt.py b/subt.py
index ab6182b..ec43eea 100644
--- a/subt.py
+++ b/subt.py
@@ -25,6 +25,9 @@ def load_vulnerable_domains():
                 except yaml.YAMLError as e:
                     print(f"Error reading {filename}: {e}")
 
+    # Menambahkan entri dinamis
+    vulnerable_domains.append({'cname': 'github.io', 'status_code': 404, 'status': 'vulnerable can be takeover!'})
+    
     return vulnerable_domains
 
 def subfinder_scan(domain):
@@ -81,7 +84,8 @@ def main(input, listdomains=False, direct_subdomains=False):
 ▀▄▄▄▄▄▀▀▄▄▄▄▀▀▄▄▄▄▀▀▀▄▄▄▀▀
 
 Subdomain Takeover Scanner
-= Author by Van | Tegalsec
+Author by Van | Tegalsec
+--------------------------
 ''' + Style.RESET_ALL)
 
     if listdomains:
@@ -92,7 +96,7 @@ def main(input, listdomains=False, direct_subdomains=False):
         for domain in domains:
             subdomains = subfinder_scan(domain)
             if subdomains:
-                print(Fore.CYAN + f"[+] Checking subdomains for domain: {domain}" + Style.RESET_ALL)
+                print(Fore.CYAN + f"\n[+] Checking subdomains for domain: {domain}" + Style.RESET_ALL)
                 found_vulnerable = False
                 for subdomain in subdomains:
                     cname, status_code = check_subdomain(subdomain)
@@ -100,15 +104,21 @@ def main(input, listdomains=False, direct_subdomains=False):
                         is_vulnerable = False
                         for domain_info in vulnerable_domains:
                             if domain_info['cname'] in cname and domain_info['status_code'] == status_code:
-                                print(Fore.YELLOW + f"{subdomain} [{status_code}] | {domain_info['status']} [{domain_info['cname']}]" + Style.RESET_ALL)
+                                print(Fore.RED + f"{subdomain} [{status_code}] | {domain_info['status']} [{domain_info['cname']}]" + Style.RESET_ALL)
+                                found_vulnerable = True
+                                is_vulnerable = True
+                                break
+                            # Cek untuk CNAME dinamis
+                            elif '*' in domain_info['cname'] and domain_info['cname'].replace('*', '') in cname and domain_info['status_code'] == status_code:
+                                print(Fore.RED + f"{subdomain} [{status_code}] | {domain_info['status']} [{domain_info['cname']}]" + Style.RESET_ALL)
                                 found_vulnerable = True
                                 is_vulnerable = True
                                 break
                         if not is_vulnerable:
-                            print(Fore.RED + f"{subdomain} [{status_code}] | Not vulnerable" + Style.RESET_ALL)
+                            print(Fore.GREEN + f"{subdomain} [{status_code}] | Not vulnerable" + Style.RESET_ALL)
 
                 if not found_vulnerable:
-                    print(Fore.RED + "No vulnerable subdomains found." + Style.RESET_ALL)
+                    print(Fore.GREEN + "No vulnerable subdomains found." + Style.RESET_ALL)
 
     elif direct_subdomains:
         print(Fore.GREEN + "[+] Checking direct list of subdomains..." + Style.RESET_ALL)
@@ -124,15 +134,21 @@ def main(input, listdomains=False, direct_subdomains=False):
                     is_vulnerable = False
                     for domain_info in vulnerable_domains:
                         if domain_info['cname'] in cname and domain_info['status_code'] == status_code:
-                            print(Fore.BLUE + f"{subdomain} [{status_code}] | {domain_info['status']} [{domain_info['cname']}]" + Style.RESET_ALL)
+                            print(Fore.RED + f"{subdomain} [{status_code}] | {domain_info['status']} [{domain_info['cname']}]" + Style.RESET_ALL)
+                            found_vulnerable = True
+                            is_vulnerable = True
+                            break
+                        # Cek untuk CNAME dinamis
+                        elif '*' in domain_info['cname'] and domain_info['cname'].replace('*', '') in cname and domain_info['status_code'] == status_code:
+                            print(Fore.RED + f"{subdomain} [{status_code}] | {domain_info['status']} [{domain_info['cname']}]" + Style.RESET_ALL)
                             found_vulnerable = True
                             is_vulnerable = True
                             break
                     if not is_vulnerable:
-                        print(Fore.RED + f"{subdomain} [{status_code}] | Not vulnerable" + Style.RESET_ALL)
+                        print(Fore.GREEN + f"{subdomain} [{status_code}] | Not vulnerable" + Style.RESET_ALL)
 
             if not found_vulnerable:
-                print(Fore.YELLOW + "No vulnerable subdomains found." + Style.RESET_ALL)
+                print(Fore.GREEN + "No vulnerable subdomains found." + Style.RESET_ALL)
 
     else:
         # Single domain input or direct subdomain list
@@ -155,6 +171,12 @@ def main(input, listdomains=False, direct_subdomains=False):
                             found_vulnerable = True
                             is_vulnerable = True
                             break
+                        # Cek untuk CNAME dinamis
+                        elif '*' in domain_info['cname'] and domain_info['cname'].replace('*', '') in cname and domain_info['status_code'] == status_code:
+                            print(Fore.RED + f"{subdomain} [{status_code}] | {domain_info['status']} [{domain_info['cname']}]" + Style.RESET_ALL)
+                            found_vulnerable = True
+                            is_vulnerable = True
+                            break
                     if not is_vulnerable:
                         print(Fore.GREEN + f"{subdomain} [{status_code}] | Not vulnerable" + Style.RESET_ALL)