分享一个找到目标相关联域名的办法

  • A+
所属分类:WooYun-Zone

利用crossdomain.xml的跨域策略设置特性

http://t.qq.com/crossdomain.xml

<cross-domain-policy>

<allow-access-from domain="*.qq.com" secure="true"/>

<allow-access-from domain="*.gtimg.com" secure="true"/>

</cross-domain-policy>

http://all.vic.sina.com.cn/crossdomain.xml

<cross-domain-policy>

<allow-access-from domain="*.sina.com.cn"/>

<allow-access-from domain="*.sinaimg.cn"/>

<allow-access-from domain="*.snowbeer.com.cn"/>

<allow-access-from domain="*.otm.cn"/>

<allow-access-from domain="*.sonymobile.com"/>

<allow-access-from domain="*.hpreal.com"/>

<allow-access-from domain="*.361sport.com"/>

<allow-access-from domain="*.ferrero-rocher.com.cn"/>

<allow-access-from domain="*.rocherchocolate.com.cn"/>

<allow-access-from domain="*.letvimg.com"/>

<allow-access-from domain="*.letv.com"/>

<allow-access-from domain="*.youku.com"/>

<allow-access-from domain="*.kankan.com"/>

<allow-access-from domain="*.sohu.com"/>

<allow-access-from domain="*.sandai.net"/>

<allow-access-from domain="*.hdtmedia.com"/>

<allow-access-from domain="*.tudou.com"/>

<allow-access-from domain="*.itnode.cn"/>

<allow-access-from domain="*.harbin-beer.com.cn"/>

<allow-access-from domain="*.im20.com.cn"/>

<allow-access-from domain="182.92.80.96"/>

</cross-domain-policy>

http://weibo.com/crossdomain.xml

<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">

<allow-access-from domain="js.wcdn.cn"/>

<allow-access-from domain="js.t.sinajs.cn"/>

<site-control permitted-cross-domain-policies="all"/>

<allow-http-request-headers-from domain="js.wcdn.cn" headers="*"/>

<allow-http-request-headers-from domain="js.t.sinajs.cn" headers="*"/>

</cross-domain-policy>

http://www.10jqka.com.cn/crossdomain.xml

<cross-domain-policy>

<allow-access-from domain="*.10jqka.com.cn" to-ports="80"/>

<allow-access-from domain="*.hexin.com.cn" to-ports="80"/>

<allow-access-from domain="*.foundersc.com" to-ports="80"/>

<allow-access-from domain="*.300033.info" to-ports="80"/>

<allow-access-from domain="*.0033.com" to-ports="80"/>

<allow-access-from domain="business.online.cq.cn" to-ports="80"/>

<allow-access-from domain="www.zjlca.com" to-ports="80"/>

<allow-access-from domain="*.cnht.com.cn" to-ports="80"/>

<allow-access-from domain="116.114.80.74" to-ports="80"/>

<allow-access-from domain="*.0033.com" to-ports="80"/>

<allow-access-from domain="*.thsi.cn" to-ports="80"/>

<allow-access-from domain="*.ijijin.cn" to-ports="80"/>

<allow-access-from domain="www.gf.com.cn" to-ports="80"/>

<allow-access-from domain="*.capco.org.cn" to-ports="80"/>

<allow-access-from domain="*.iwencai.com" to-ports="80"/>

</cross-domain-policy>

  1. 1#

    hkAssassin | 2016-04-22 11:07

    这个真是个好东西!

  2. 2#

    李旭敏 (˿̖̗̀́̂̃̄̅̆̇̈̉̊̋̌̍̎̏̐̑̒̓̔̕) | 2016-04-22 11:08

    我以为只是用来防CSRF的。

  3. 3#

    Hex (◐_◑) | 2016-04-22 11:09

    学习了,赞!!

  4. 4#

    MayIKissYou (“><svg>) | 2016-04-22 11:14

    貌似也可以查备案的咯

  5. 5#

    打电话叫人 (没事,打电话叫人) | 2016-04-22 11:51

    http://cloud.video.taobao.com/crossdomain.xml这算吗?

  6. 6#

    IOT | 2016-04-22 13:53

    http://www.sina.com.cn/crossdomain.xml
    http://www.discuz.net/crossdomain.xml
    http://www.rising.com.cn/crossdomain.xml
    http://www.ifeng.com//crossdomain.xml
    http://www.sdo.com/crossdomain.xml
    http://www.sogou.com/crossdomain.xml
    http://www.163.com/crossdomain.xml
    http://www.9you.com/crossdomain.xml
    http://www.ctrip.com/crossdomain.xml
    http://www.19lou.com/crossdomain.xml
    http://shooter.cn/crossdomain.xml
    http://www.verycd.com//crossdomain.xml
    http://www.ourgame.com//crossdomain.xml
    http://www.douban.com//crossdomain.xml
    http://www.youku.com/crossdomain.xml
    http://www.wanmei.com/crossdomain.xml
    http://www.taobao.com/crossdomain.xml
    http://www.shopex.cn/crossdomain.xml
    http://www.gtja.com/crossdomain.xml
    http://www.phpwind.net//crossdomain.xml
    http://www.ftchinese.com/crossdomain.xml
    http://www.17173.com/crossdomain.xml
    http://www.qiyi.com/crossdomain.xml
    http://www.tudou.com/crossdomain.xml
    http://www.51.com/crossdomain.xml
    http://www.dxy.cn/crossdomain.xml
    http://www.xiami.com/crossdomain.xml
    http://www.phpcms.cn/crossdomain.xml
    http://www.ganji.com/crossdomain.xml
    http://www.songtaste.com/crossdomain.xml
    http://tuchong.com//crossdomain.xml
    http://www.yeepay.com/crossdomain.xml
    http://www.ylmf.com/crossdomain.xml
    http://www.91wan.com/crossdomain.xml
    http://www.lashou.com/crossdomain.xml
    http://www.cnbeta.com/crossdomain.xml
    http://www.pptv.com/crossdomain.xml
    http://www.ubox.cn//crossdomain.xml
    http://www.sangfor.com.cn/crossdomain.xml
    http://www.vancl.com/crossdomain.xml
    http://www.10jqka.com.cn/crossdomain.xml
    http://www.zhenai.com/crossdomain.xml
    http://www.aipai.com/crossdomain.xml
    http://www.changyou.com/crossdomain.xml
    http://www.sf-express.com/crossdomain.xml
    http://www.jiayuan.com/crossdomain.xml
    http://www.7k7k.com/crossdomain.xml
    http://www.guosen.com.cn/crossdomain.xml
    http://www.cntv.cn/crossdomain.xml
    http://cenwor.com/crossdomain.xml
    http://www.ftsafe.com.cn/crossdomain.xml
    http://www.wanda.cn/crossdomain.xml
    http://www.diandian.com/crossdomain.xml
    http://www.kugou.com//crossdomain.xml
    http://www.yupoo.com/crossdomain.xml
    http://www.tianya.cn/crossdomain.xml
    http://www.zol.com.cn/crossdomain.xml
    http://www.gome.com.cn/crossdomain.xml
    http://www.dajie.com/crossdomain.xml
    http://guang.com/crossdomain.xml
    http://www.lvmama.com/crossdomain.xml
    http://www.99.com/crossdomain.xml
    http://www.xd.com//crossdomain.xml
    http://www.docin.com/crossdomain.xml
    http://www.iciba.com/crossdomain.xml
    http://www.xoyo.com//crossdomain.xml
    http://www.tiexue.net/crossdomain.xml
    http://www.house365.com/crossdomain.xml
    http://www.weibo.com/crossdomain.xml
    http://www.zhubajie.com/crossdomain.xml
    http://www.baixing.com//crossdomain.xml
    http://www.2cto.com/crossdomain.xml
    http://www.1ting.com/crossdomain.xml
    http://www.oschina.net//crossdomain.xml
    http://www.tuniu.com/crossdomain.xml
    http://www.3158.com/crossdomain.xml
    http://www.meituan.com/crossdomain.xml
    http://www.cins.cn/crossdomain.xml
    http://papa.me/crossdomain.xml
    http://www.cheshi.com/crossdomain.xml
    http://www.1905.com/crossdomain.xml
    http://www.argos.cn/crossdomain.xml
    http://www.mafengwo.cn/crossdomain.xml
    http://www.fun.tv/crossdomain.xml
    http://changba.com/crossdomain.xml
    http://www.chinaz.com/crossdomain.xml
    http://www.iiyi.com/crossdomain.xml
    http://www.tiancity.com/crossdomain.xml
    http://www.looyu.com//crossdomain.xml
    http://www.zhuna.cn/crossdomain.xml
    http://www.huanqiu.com/crossdomain.xml
    http://www.xdf.cn/crossdomain.xml
    http://www.admin5.com/crossdomain.xml
    http://www.autonavi.com/crossdomain.xml
    http://www.lusen.com/crossdomain.xml
    http://www.mbaobao.com/crossdomain.xml
    http://www.jstv.com/crossdomain.xml
    http://www.yesky.com/crossdomain.xml
    http://www.hexun.com/crossdomain.xml
    http://www.youmi.cn/crossdomain.xml
    http://www.sdcms.cn/crossdomain.xml
    http://www.gewara.com/crossdomain.xml
    http://www.yinyuetai.com//crossdomain.xml
    http://www.ppdai.com/crossdomain.xml
    http://www.candou.com/crossdomain.xml
    http://www.52pk.com//crossdomain.xml
    http://www.jiankongbao.com/crossdomain.xml
    http://www.aicai.com/crossdomain.xml
    http://www.haier.net/crossdomain.xml
    http://www.haier.com/crossdomain.xml
    http://www.ehaier.com/crossdomain.xml
    http://www.ooopic.com/crossdomain.xml
    http://www.che168.com/crossdomain.xml
    http://www.amazon.cn/crossdomain.xml
    http://www.u51.com//crossdomain.xml
    http://www.leiphone.com/crossdomain.xml
    http://www.codoon.com/crossdomain.xml
    http://www.nuomi.com/crossdomain.xml
    http://www.tuan800.com/crossdomain.xml
    http://www.destoon.com/crossdomain.xml
    http://www.22.cn/crossdomain.xml
    http://www.chinapost.com.cn/crossdomain.xml
    http://www.oupeng.com/crossdomain.xml
    http://forum.h3c.com/crossdomain.xml
    http://www.pcauto.com.cn/crossdomain.xml
    http://www.pclady.com.cn/crossdomain.xml
    http://www.pcbaby.com.cn/crossdomain.xml
    http://www.pchouse.com.cn/crossdomain.xml
    http://www.baomihua.com/crossdomain.xml
    http://www.pcpop.com/crossdomain.xml
    http://www.itpub.net/crossdomain.xml
    http://www.zhe800.com/crossdomain.xml
    http://www.hikvision.com/crossdomain.xml
    http://www.app111.com/crossdomain.xml
    http://www.jumei.com/crossdomain.xml
    http://www.sfbest.com/crossdomain.xml
    http://www.csair.com/crossdomain.xml
    http://115.com/crossdomain.xml
    http://feixin.10086.cn//crossdomain.xml
    http://www.paidai.com/crossdomain.xml
    http://www.fumu.com/crossdomain.xml
    http://www.jj.cn/crossdomain.xml
    http://www.immomo.com/crossdomain.xml
    http://www.cnaaa.com/crossdomain.xml
    http://www.duobei.com/crossdomain.xml
    http://www.onlylady.com/crossdomain.xml
    http://www.cyzone.cn/crossdomain.xml
    http://www.damai.cn/crossdomain.xml
    http://www.zdnet.com.cn/crossdomain.xml
    http://www.cmstop.com/crossdomain.xml
    http://www.yongche.com/crossdomain.xml
    http://www.pingan.com/crossdomain.xml
    http://www.btcchina.com/crossdomain.xml
    http://www.kaspersky.com.cn/crossdomain.xml
    http://www.antiy.com/crossdomain.xml
    http://www.uzai.com/crossdomain.xml
    http://www.t3.com.cn/crossdomain.xml
    http://www.aibang.com/crossdomain.xml
    http://www.1hai.cn/crossdomain.xml
    http://www.tebon.com.cn/crossdomain.xml
    http://www.tdxinfo.com/crossdomain.xml
    http://www.woniu.com/crossdomain.xml
    http://www.mcafee.com/crossdomain.xml
    http://www.juesheng.com/crossdomain.xml
    http://www.wasu.cn/crossdomain.xml
    http://www.wowsai.com/crossdomain.xml
    http://www.chinadaily.com.cn/crossdomain.xml
    http://www.51talk.com/crossdomain.xml
    http://www.ifanr.com/crossdomain.xml
    http://www.boc.cn/crossdomain.xml
    http://www.jiathis.com/crossdomain.xml
    http://www.imooc.com/crossdomain.xml
    http://www.gf.com.cn/crossdomain.xml
    http://www.ebay.com/crossdomain.xml
    http://www.7po.com/crossdomain.xml
    http://www.enorth.com.cn/crossdomain.xml
    http://www.haodai.com/crossdomain.xml
    http://www.cnpc.com.cn//crossdomain.xml
    http://www.kf5.com/crossdomain.xml
    http://www.ehaier.com//crossdomain.xml
    http://www.unionpayintl.com/crossdomain.xml
    http://haigou.unionpay.com//crossdomain.xml
    http://www.youzu.com//crossdomain.xml
    http://www.56.com//crossdomain.xml
    http://www.sfn.cn/crossdomain.xml
    http://www.hp.com/crossdomain.xml
    http://www.itouzi.com/crossdomain.xml
    http://www.to8to.com//crossdomain.xml
    http://www.yohobuy.com/crossdomain.xml
    http://www.aol.com/crossdomain.xml
    http://www.weizhonggou.com/crossdomain.xml
    http://www.m6go.com/crossdomain.xml
    http://www.xiangshe.com/crossdomain.xml
    http://www.chaoxing.com/crossdomain.xml
    http://www.pinganfang.com/crossdomain.xml
    http://www.plu.cn/crossdomain.xml
    http://www.beibei.com/crossdomain.xml
    http://www.mizhe.com/crossdomain.xml
    http://www.ahtv.cn/crossdomain.xml
    http://www.cankaoxiaoxi.com/crossdomain.xml
    http://www.fanhuan.com/crossdomain.xml
    http://www.cec.com.cn/crossdomain.xml
    http://www.fxiaoke.com/crossdomain.xml
    http://www.phfund.com.cn//crossdomain.xml
    http://www.hzhz.co/crossdomain.xml
    http://www.qidian.com/crossdomain.xml
    http://www.flyertea.com//crossdomain.xml
    http://www.jjwxc.net//crossdomain.xml
    http://www.99fund.com/crossdomain.xml
    http://www.dongfeng-nissan.com.cn/crossdomain.xml
    http://www.ifensi.com/crossdomain.xml
    http://www.ymatou.com/crossdomain.xml
    http://www.xiaozufan.com/crossdomain.xml
    http://www.21cake.com/crossdomain.xml
    http://www.genshuixue.com/crossdomain.xml
    http://www.made-in-china.com//crossdomain.xml
    http://www.zol.com/crossdomain.xml
    http://www.sanhao.com/crossdomain.xml
    http://www.spider.com.cn/crossdomain.xml
    http://www.yusys.com.cn/crossdomain.xml
    http://www.lianjia.com/crossdomain.xml
    http://www.cnhubei.com/crossdomain.xml
    http://corp.b2b.cn/crossdomain.xml
    http://www.iiyi.com//crossdomain.xml
    http://www.panda.tv/crossdomain.xml
    http://www.zhcw.com/crossdomain.xml
    http://www.agrite.com.cn/crossdomain.xml
    http://www.flyertrip.com//crossdomain.xml
    http://www.longzhu.com/crossdomain.xml
    http://www.feidee.com/crossdomain.xml
    http://www.cang.com/crossdomain.xml

    #coding=utf-8
    import requests
    f = open("crossdomain.txt","w")
    headers = {"User-Agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"}
    urls = [urls.strip("\n")+"/crossdomain.xml" for urls in open("域名.txt","r")]
    for url in urls:
      try:
        status = requests.head(url,headers = headers).status_code
      except:
        continue
      if status == 200:
        print url
        f.writelines(url+"\n")

  7. 7#

    IOT | 2016-04-22 13:55

    不对–好像有问题–404也判断为200了!!

  8. 8#

    老黑 | 2016-04-22 14:35

    我只对你的神器感兴趣

  9. 9#

    DaveX (好好学习) | 2016-04-22 14:36

    好哒,谢谢猪哥,明天更新~

  10. 10#

    生鲜一手 (重剑无锋,大巧不工) | 2016-04-22 21:43

    我只对你的神器感兴趣

  11. 11#

    Annabelle | 2016-04-22 21:55

    受教了~~~

  12. 12#

    zhxs (宁愿做一天的英雄,也不愿意平淡一生!) | 2016-04-22 22:49

    一看你们入手就是淘宝百度、腾讯、我默默的低下了头

  13. 13#

    autO_pw | 2016-04-23 00:10

    @zhxs 男人不能说不行,要抬头挺胸!

  14. 14#

    Sct7p (.)V(.) (.)_(.) (.)*(.) (.)^(.) (|)(and 1=2)(|) (.)^(.) (.)*(.) (.)_(.) (.)V(.) | 2016-04-23 00:46

    查询whois信息.

  15. 15#

    _Evil (科普是一种公益行为) | 2016-04-23 02:01

    是个思路~~~~~

  16. 16#

    zhxs (宁愿做一天的英雄,也不愿意平淡一生!) | 2016-04-23 20:05

    @autO_pw 听了你这番话 我顿时有的动力

  17. 17#

    我在不想理你 (你在干嘛) | 2016-04-28 11:51

  18. 18#

    BeenQuiver | 2016-04-28 12:19

    flash马上都淘汰了

  19. 19#

    y1ngz1 | 2016-04-28 13:04

    一看你们入手就是淘宝百度、腾讯、我默默的低下了头

  20. 20#
    感谢(1)

    U神 (此号被社!by 泳少) | 2016-04-28 17:24

    这个是防跨域的,不过这个方法已经很老了吧

  21. 21#

    小金猪 | 2016-07-07 19:07

    一看你们入手就是淘宝百度、腾讯、我默默的低下了头