Second-Order – Subdomain Takeover Scanner

The Second-Order tool is a cyber security-based tool that is used in the scanning of web applications for crawling the application and collecting the sensitive parameterized URLs and other data which match certain patterns and rules. This tool is developed in the Golang language and is available on the GitHub platform. This tool consists of various config files which are used for performing various crawling tasks and scanning tasks on the target domain.

Note: As Second-Order is a Golang language-based tool, you need to have a Golang environment on your system.

Installation of Second-Order Tool in Kali Linux OS

Step 1: If you have downloaded Golang in your system, verify the installation by checking the version of Golang, use the following command.

go version

Step 2: Get the second-order repository or clone the second-order tool from GitHub, use the following command.

go install -v github.com/mhmdiaa/second-order@latest

Step 3: Now Tool is installed successfully, check the help page of the tool to get a better understanding of tool usage.

second-order -h

Working with Second-Order Tool

Example 1: Scanning geeksforgeeks.org target domain

./second-order -target http://geeksforgeeks.org -config config/takeover.json

In this example, we are using the takeover.json config file for subdomain takeover. We are scanning the target domain geeksforgeeks.org.

Example 2: Using other config files

./second-order -target http://geeksforgeeks.org -config config/parameters.json

In the below screenshot, we have the list of JSON config files that can be used for crawling purposes.

We are using the parameters.json config file.

We have got the URLs which consist of parameters.