Skip to content

Instantly share code, notes, and snippets.

Last active Jan 15, 2023
What would you like to do?
import re
import zipfile
import argparse
from urllib.parse import urlparse
from colorama import Fore
from colorama import Style
from colorama import init
ignore_list = list({
}) # use of set within list ensures that all items are unique
alert_list = list({
url = re.compile("(https?:\/\/[\w.-]+[\/\w .-]*)")
ap = argparse.ArgumentParser()
ap.add_argument("--input", "-i", required=True, help="Input file")
args = ap.parse_args()
with zipfile.ZipFile(args.input) as doc:
match = []
for i in doc.filelist:
with as file:
for line in file:
match = list(filter(
lambda x: not any((urlparse(x).hostname.endswith(y) for y in ignore_list)),
for item in match:
if any((urlparse(item).hostname.endswith(y) for y in alert_list)):
foreground_color = Fore.RED
foreground_color = Fore.YELLOW
print(foreground_color + item + Style.RESET_ALL)
Copy link

this is cool! we need a powershell one ;)

Copy link

n3tsurge commented Oct 31, 2022

Awesome stuff, really useful if you know the destination URL, but if someone is running their own Canary Token instance under a customer domain you may not find it. I started something similar here that detects the actual embedding technique Canary Tokens uses (at least for DOCX for now) but I never finished it

Copy link

C0axx commented Nov 3, 2022

Powershell version, it's janky but works :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment