WJDigby · April 2, 2019 15:02
diff --git a/dtf.py b/dtf.py
 # based on https://github.com/rvrsh3ll/FindFrontableDomains by Steve Borosh (rvrsh3ll)
 # no subdomain enumeration functionality. 

 import argparse
 import dns.resolver

 resolver = dns.resolver.default_resolver = dns.resolver.Resolver(configure=False)
 resolver.nameservers = ['8.8.8.8']
 frontable = {'cloudfront': 'Cloudfront',
             'appspot.com': 'Google',
             'msecnd.net': 'Azure',
             'aspnetcdn.com': 'Azure',
             'azureedge.net': 'Azure',
             'a248.e.akamai.net': 'Akamai',
             'secure.footprint.net': 'Level 3',
             'cloudflare': 'Cloudflare',
             'unbouncepages.com': 'Unbounce',
             'x.incapdns.net': 'Incapsula',
             'fastly': 'Fastly'}


 def resolve(resolver, host):
 	print(f'Lookup for {host}...')
 	try:
 		query = resolver.query(host, 'a')
 		cname = str(query.canonical_name)
 		for k, v in frontable.items():
 			if k in cname:
 				print(f'[+] Frontable domain: {host} has CNAME {cname} {frontable[k]} frontable domain.')
 	except:
 		pass


 def main():
 	parser = argparse.ArgumentParser(description='domain fronting')
 	parser.add_argument('-l', '--list', dest='file', required=False)
 	parser.add_argument('-d', '--domain', dest='domain', required=False)
 	args = parser.parse_args()
 	file = args.file
 	domain = args.domain

 	if not file and not domain:
 		print('[-] -l/--list and/or -d/--domain argument required.')
 		exit()

 	if file:
 		with open(file) as f:
 			lines = f.readlines()
 			for host in lines:
 				resolve(resolver, host.lower().rstrip())

 	if domain:
 		resolve(resolver, domain)

 if __name__ == '__main__':
 	main()
	# based on https://github.com/rvrsh3ll/FindFrontableDomains by Steve Borosh (rvrsh3ll)
	# no subdomain enumeration functionality.

	import argparse
	import dns.resolver

	resolver = dns.resolver.default_resolver = dns.resolver.Resolver(configure=False)
	resolver.nameservers = ['8.8.8.8']
	frontable = {'cloudfront': 'Cloudfront',
	'appspot.com': 'Google',
	'msecnd.net': 'Azure',
	'aspnetcdn.com': 'Azure',
	'azureedge.net': 'Azure',
	'a248.e.akamai.net': 'Akamai',
	'secure.footprint.net': 'Level 3',
	'cloudflare': 'Cloudflare',
	'unbouncepages.com': 'Unbounce',
	'x.incapdns.net': 'Incapsula',
	'fastly': 'Fastly'}


	def resolve(resolver, host):
	print(f'Lookup for {host}...')
	try:
	query = resolver.query(host, 'a')
	cname = str(query.canonical_name)
	for k, v in frontable.items():
	if k in cname:
	print(f'[+] Frontable domain: {host} has CNAME {cname} {frontable[k]} frontable domain.')
	except:
	pass


	def main():
	parser = argparse.ArgumentParser(description='domain fronting')
	parser.add_argument('-l', '--list', dest='file', required=False)
	parser.add_argument('-d', '--domain', dest='domain', required=False)
	args = parser.parse_args()
	file = args.file
	domain = args.domain

	if not file and not domain:
	print('[-] -l/--list and/or -d/--domain argument required.')
	exit()

	if file:
	with open(file) as f:
	lines = f.readlines()
	for host in lines:
	resolve(resolver, host.lower().rstrip())

	if domain:
	resolve(resolver, domain)

	if __name__ == '__main__':
	main()