Skip to content

Instantly share code, notes, and snippets.

Last active February 26, 2023 14:31
What would you like to do?
import re
import zipfile
import argparse
from urllib.parse import urlparse
from colorama import Fore
from colorama import Style
from colorama import init
ignore_list = list({
}) # use of set within list ensures that all items are unique
alert_list = list({
url = re.compile("(https?:\/\/[\w.-]+[\/\w .-]*)")
ap = argparse.ArgumentParser()
ap.add_argument("--input", "-i", required=True, help="Input file")
args = ap.parse_args()
with zipfile.ZipFile(args.input) as doc:
match = []
for i in doc.filelist:
with as file:
for line in file:
match = list(filter(
lambda x: not any((urlparse(x).hostname.endswith(y) for y in ignore_list)),
for item in match:
if any((urlparse(item).hostname.endswith(y) for y in alert_list)):
foreground_color = Fore.RED
foreground_color = Fore.YELLOW
print(foreground_color + item + Style.RESET_ALL)
Copy link

this is cool! we need a powershell one ;)

Copy link

n3tsurge commented Oct 31, 2022

Awesome stuff, really useful if you know the destination URL, but if someone is running their own Canary Token instance under a customer domain you may not find it. I started something similar here that detects the actual embedding technique Canary Tokens uses (at least for DOCX for now) but I never finished it

Copy link

C0axx commented Nov 3, 2022

Powershell version, it's janky but works :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment