Skip to content
/ scope Public

SCOPE [Subdomain Cache Observation, Poisoning & Evaluation] is a simple, yet powerful tool designed to help you find and test vulnerabilities in subdomains that might be exposed to cache poisoning attacks. If a website isn't properly handling cache, it could lead to security issues where malicious content gets stored and served to users.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

progprnv/scope

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
readme.md
readme.md
 
 
scope.py
scope.py
 
 

Repository files navigation

SCOPE - Subdomain Cache Observation, Poisoning & Evaluation

image

SCOPE is a Python-based tool designed to identify cache poisoning vulnerabilities in subdomains. It performs the following operations for each subdomain in a given list:

  1. Sends a PURGE request to clear the cache.
  2. Checks for a specific cache hit (X-Cache-Hits: 1).
  3. Attempts a GET request with an illegal header to poison the cache.
  4. Verifies if the page is cached and accessible, indicating a potential vulnerability.

Features

  • Automated cache poisoning testing for multiple subdomains.
  • Checks for X-Cache-Hits: 1 to identify cache-related vulnerabilities.
  • Easy integration with a list of subdomains via a .txt file.
  • Terminal-based for efficient usage.

Installation

Prerequisites

  • Python 3.x
  • curl installed (used for sending HTTP requests)

Step-by-Step Setup

  1. Clone or download the SCOPE repository:

    git clone https://github.com/yourusername/scope.git
cd scope

  2. Install dependencies (if any) and make sure Python 3 is installed:

    pip install -r requirements.txt  # If you have any dependencies listed

Usage

Usage

Step 1: Prepare the Subdomain List

Create a subdomain.txt file, and list all the subdomains you want to test (one per line). Example:

subdomain1.example.com
subdomain2.example.com
subdomain3.example.com

Step 2: Run the Tool

Execute the script with the path to your subdomain.txt file:

python3 scope.py /path/to/subdomain.txt

The tool will process each subdomain in the file and perform the following checks:

  • Sends a PURGE request.
  • Looks for X-Cache-Hits: 1 to determine if the subdomain is vulnerable.
  • Attempts to poison the cache with an illegal header.
  • Verifies if the random path is cached and accessible.

Output

  • For each subdomain, you will receive output like the following: 
    [SCOPE] Testing subdomain1.example.com - Sending PURGE request...
[SCOPE] X-Cache-Hits: 1 found - Potentially vulnerable. Proceeding with GET request...
[SCOPE] Vulnerable! Cached page accessible at: https://subdomain1.example.com/random-path
  • If the subdomain is not vulnerable, the output will indicate that no cache poisoning was detected.

About

SCOPE [Subdomain Cache Observation, Poisoning & Evaluation] is a simple, yet powerful tool designed to help you find and test vulnerabilities in subdomains that might be exposed to cache poisoning attacks. If a website isn't properly handling cache, it could lead to security issues where malicious content gets stored and served to users.

Topics

automation scanner cybersecurity penetration-testing pentesting bugbounty pentest vulnerability-detection vulnerability-scanners ethical-hacking penetration-testing-tools vapt bugbounty-tool cache-scanner

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages