Created
March 5, 2021 09:33
-
-
Save kant01ne/a91f870c38d0da9bf7ed90c63d4748d5 to your computer and use it in GitHub Desktop.
auth0-list
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://accept-logins.delijn.be | |
https://acc-auth.leaseplan.com | |
https://a0.sluglab.com | |
https://abc.dse.ninja | |
https://acceso.julieta.ai | |
https://access.cognison.com | |
https://2019.textoutthevote.org | |
https://a.id.mufg.jd2.jp | |
https://access.hackplus.services | |
https://a0-xmas-test.dse.ninja | |
https://acc-auth-ap.leaseplan.com | |
https://access.perchsecurity.com | |
https://access.operam.com | |
https://access.qa.perchsecurity.com | |
https://access.rateinc.cl | |
https://access.slingshot.fm | |
https://access.practicevision.com | |
https://account-demo.findandfundmycar.com | |
https://account-dev.neo4j.com | |
https://account-dev.fubo.tv | |
https://account-int.strowr.com | |
https://access.realinsurance.com.au | |
https://access.seniors.com.au | |
https://account-test.makonium.de | |
https://accessasiadev.realinsurance.com.au | |
https://accessasiasit.realinsurance.com.au | |
https://accessasiapp.realinsurance.com.au | |
https://accessdev.realinsurance.com.au | |
https://account.approximagined.com | |
https://account.arnoldclark.com | |
https://accesspp.realinsurance.com.au | |
https://accesssit.realinsurance.com.au | |
https://account.activix.ca | |
https://account.dev-thetimes.co.uk | |
https://account.headbits.app | |
https://account.advancingpretrial.org | |
https://account.johnlewis.style | |
https://account.juntos.audio | |
https://account.linq.bio | |
https://account.mbed.com | |
https://account.marknadsinformation.se | |
https://account.datarobot.com | |
https://account.enjoymovie.net | |
https://account.demozero.net | |
https://account.crushitlocal.com | |
https://account.si-thesun.co.uk | |
https://account.si-talksport.com | |
https://account.insightsapp.net | |
https://account.nzpost.co.nz | |
https://account.sixmorevodka.com | |
https://account.kindbody.ai | |
https://account.sso-dev.countercept.com | |
https://account.nalu.ai | |
https://account.mercarto.com | |
https://account.sso.countercept.com | |
https://account.staging-the-sun.com | |
+ 7k more |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Auth0 list
The process to get the list is the following:
Download the compressed database from rapid7 sonar project ( the cname one) => https://opendata.rapid7.com/sonar.fdns_v2/
Then I ran:
which iterates over each lines and returns all the lines containing auth0 with the following format:
Now, we are only interested in domains which do not belongs to auth0.com so an exclusion grep (flag -v) must be added first:
To isolate the name from this json I use jq.
That gave me a list containing:
Then I used the excellent tool from Tomnomnom httprobe to probe for domains that are live
To add to a unique list I like to use anew
Live domains might be that resolve directly or that are redirecting to another domain (which is the case when you get domains that do not work):
For instance:
https://stage-protect.jamfcloud.com redirects to https://stage-protect.jamfcloud.com which is not live.
Tthe simple fact that they have configured a DNS redirection to anything.tenants.auth0.com gives us the information that they have expressed interest in using auth0.com, which lets us know that they are at least informed about the authentication/session management issue which makes them good leads imo.
An optimisation for this list imo would be to group by domains:
For example for:
We are only really interested in
I would start by reverting the list with:
And then we would have to filter the subdomains out and make it unique but I'll live that to you if you are reading this file.