Skip to content

Instantly share code, notes, and snippets.

@kant01ne

kant01ne/gist:a91f870c38d0da9bf7ed90c63d4748d5

Created March 5, 2021 09:33
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kant01ne/a91f870c38d0da9bf7ed90c63d4748d5 to your computer and use it in GitHub Desktop.
Save kant01ne/a91f870c38d0da9bf7ed90c63d4748d5 to your computer and use it in GitHub Desktop.
Download ZIP
auth0-list
Raw
gistfile1.txt
https://accept-logins.delijn.be
https://acc-auth.leaseplan.com
https://a0.sluglab.com
https://abc.dse.ninja
https://acceso.julieta.ai
https://access.cognison.com
https://2019.textoutthevote.org
https://a.id.mufg.jd2.jp
https://access.hackplus.services
https://a0-xmas-test.dse.ninja
https://acc-auth-ap.leaseplan.com
https://access.perchsecurity.com
https://access.operam.com
https://access.qa.perchsecurity.com
https://access.rateinc.cl
https://access.slingshot.fm
https://access.practicevision.com
https://account-demo.findandfundmycar.com
https://account-dev.neo4j.com
https://account-dev.fubo.tv
https://account-int.strowr.com
https://access.realinsurance.com.au
https://access.seniors.com.au
https://account-test.makonium.de
https://accessasiadev.realinsurance.com.au
https://accessasiasit.realinsurance.com.au
https://accessasiapp.realinsurance.com.au
https://accessdev.realinsurance.com.au
https://account.approximagined.com
https://account.arnoldclark.com
https://accesspp.realinsurance.com.au
https://accesssit.realinsurance.com.au
https://account.activix.ca
https://account.dev-thetimes.co.uk
https://account.headbits.app
https://account.advancingpretrial.org
https://account.johnlewis.style
https://account.juntos.audio
https://account.linq.bio
https://account.mbed.com
https://account.marknadsinformation.se
https://account.datarobot.com
https://account.enjoymovie.net
https://account.demozero.net
https://account.crushitlocal.com
https://account.si-thesun.co.uk
https://account.si-talksport.com
https://account.insightsapp.net
https://account.nzpost.co.nz
https://account.sixmorevodka.com
https://account.kindbody.ai
https://account.sso-dev.countercept.com
https://account.nalu.ai
https://account.mercarto.com
https://account.sso.countercept.com
https://account.staging-the-sun.com
+ 7k more
@kant01ne
Copy link
Author

kant01ne commented Mar 5, 2021

Auth0 list

The process to get the list is the following:

Download the compressed database from rapid7 sonar project ( the cname one) => https://opendata.rapid7.com/sonar.fdns_v2/

Then I ran:

zcat 2020-07-25-1595720464-fdns_cname.json.gz | grep 'auth0'

which iterates over each lines and returns all the lines containing auth0 with the following format:

{"timestamp":"1595722581","name":"123apps-cd-nvwmpzehxykogwld.edge.tenants.auth0.com","type":"cname","value":"tenants.auth0.com"}

Now, we are only interested in domains which do not belongs to auth0.com so an exclusion grep (flag -v) must be added first:

zcat 2020-07-25-1595720464-fdns_cname.json.gz | grep -v '.auth0.com",' | grep 'auth0"}'

To isolate the name from this json I use jq.

zcat 2020-07-25-1595720464-fdns_cname.json.gz | grep 'auth0"}' | grep -v '.auth0.com","type"' | jq -r .name

That gave me a list containing:

accounts.zenvia.com
accounts.zerohr.app
accounts.zomentum.com
accountstg1.worldvision.org
accountuat.worldvision.org
acgauth.sofmen.com
actonsoftware.us.webtask.io
acumen.slc.silverlink.com
(...)

Then I used the excellent tool from Tomnomnom httprobe to probe for domains that are live

zcat 2020-07-25-1595720464-fdns_cname.json.gz | grep -v '.auth0.com",' | grep 'auth0.com"}' | jq -r .name | httprobe --prefer-https

https://auth-acc.tunify.com
https://au-auth.dev-protect.jamfcloud.com
https://au-auth.protect.jamfcloud.com
https://au-auth.sbox-protect.jamfcloud.com
https://auth-advisor-dev.astrumu.com
https://auth-advisor-staging.astrumu.com
https://au-auth.stage-protect.jamfcloud.com
https://au-stage-auth.hailie.com
https://au-test-auth.hailie.com
https://auth-advisor.astrumu.com
https://auth-app.string.ai
https://auth-asp.collegeconsortium.org
https://auth-app.verb.net
https://auth-atx-int.fnf.com

To add to a unique list I like to use anew

zcat 2020-07-25-1595720464-fdns_cname.json.gz | grep -v '.auth0.com",' | grep 'auth0.com"}' | jq -r .name | httprobe --prefer-https | anew auth0-list

Live domains might be that resolve directly or that are redirecting to another domain (which is the case when you get domains that do not work):

For instance:

https://stage-protect.jamfcloud.com redirects to https://stage-protect.jamfcloud.com which is not live.

Tthe simple fact that they have configured a DNS redirection to anything.tenants.auth0.com gives us the information that they have expressed interest in using auth0.com, which lets us know that they are at least informed about the authentication/session management issue which makes them good leads imo.

An optimisation for this list imo would be to group by domains:
For example for:

https://au-stage-auth.hailie.com
https://au-test-auth.hailie.com

We are only really interested in

https://hailie.com

I would start by reverting the list with:

cat auth0-list | rev | sort | rev

And then we would have to filter the subdomains out and make it unique but I'll live that to you if you are reading this file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment