ddanchev123/domain_exploit_detector — explained in plain English
Analysis updated 2026-05-18
Investigate whether a suspicious website redirects visitors to malicious infrastructure
Build an evidence package of third-party domains and scripts a page loads
Check whether third-party domains a site contacts were registered very recently
Run recurring monitoring on a set of client domains and flag new findings
| ddanchev123/domain_exploit_detector | 0xhassaan/nn-from-scratch | 3ks/embedoc | |
|---|---|---|---|
| Stars | 0 | 0 | — |
| Language | Python | Python | Python |
| Last pushed | — | — | 2023-06-08 |
| Maintenance | — | — | Dormant |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 5/5 | 4/5 | 1/5 |
| Audience | researcher | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Needs a Chromium install plus optional API keys for Abuse.ch and IsMalicious.com enrichment, and local AV engines for scanning.
Domain Exploit Detector, also called the Commercial JavaScript Malware Domain Crawler, is a Python tool for security analysts who need to investigate whether a website is redirecting visitors somewhere malicious, injecting suspicious JavaScript, or quietly loading content from newly registered or untrustworthy third-party domains. It is built for authorized commercial monitoring work, where the goal is not just to visit a site once but to produce a structured, repeatable evidence package that an analyst can review later. Each crawl opens the target domain in a real Chromium browser session while also routing traffic through a local proxy similar to Fiddler, so it captures both what the browser actually renders and the raw network traffic underneath. From that it builds an inventory of every third-party domain and IP address the page contacted, reconstructs any redirect chains, and records DOM changes, cookies, forms, and injected scripts along the way. The collected evidence is then enriched with outside context: WHOIS and RDAP lookups reveal how recently a domain was registered, Abuse.ch and IsMalicious.com provide reputation data on domains and IPs, and any downloaded JavaScript files can be scanned locally with ClamAV, Microsoft Defender, or Emsisoft. A separate worker component lets the same crawl run repeatedly on a schedule for ongoing monitoring, comparing each new run against a baseline to flag what changed. The repository is organized as a set of focused Python modules, one for the browser crawler itself, one for the proxy capture, one for reputation lookups, one for WHOIS and RDAP, and one for the antivirus scanning, along with tests and documentation covering setup, usage, and security considerations. It is aimed at security researchers and commercial monitoring teams doing authorized investigation of suspicious web infrastructure.
A Python security tool that crawls websites with a real browser and proxy to detect malicious redirects, third-party domains, and injected JavaScript.
Mainly Python. The stack also includes Python, Chromium DevTools, mitmproxy.
The README does not state a license.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.