explaingit

ddanchev123/domain_exploit_detector

Analysis updated 2026-05-18

0PythonAudience · researcherComplexity · 5/5Setup · moderate

TLDR

A Python security tool that crawls websites with a real browser and proxy to detect malicious redirects, third-party domains, and injected JavaScript.

Mindmap

mindmap
  root((Domain Exploit Detector))
    What it does
      Records browser and proxy traffic
      Finds third party domains
      Enriches with threat intel
    Tech stack
      Python
      Chromium DevTools
      mitmproxy
    Use cases
      Investigate suspicious redirects
      Monitor client domains on a schedule
      Scan captured JavaScript for malware
    Audience
      Security analysts
      Threat researchers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Investigate whether a suspicious website redirects visitors to malicious infrastructure

USE CASE 2

Build an evidence package of third-party domains and scripts a page loads

USE CASE 3

Check whether third-party domains a site contacts were registered very recently

USE CASE 4

Run recurring monitoring on a set of client domains and flag new findings

What is it built with?

PythonChromium DevToolsmitmproxyClamAV

How does it compare?

ddanchev123/domain_exploit_detector0xhassaan/nn-from-scratch3ks/embedoc
Stars00
LanguagePythonPythonPython
Last pushed2023-06-08
MaintenanceDormant
Setup difficultymoderatemoderatehard
Complexity5/54/51/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Needs a Chromium install plus optional API keys for Abuse.ch and IsMalicious.com enrichment, and local AV engines for scanning.

The README does not state a license.

In plain English

Domain Exploit Detector, also called the Commercial JavaScript Malware Domain Crawler, is a Python tool for security analysts who need to investigate whether a website is redirecting visitors somewhere malicious, injecting suspicious JavaScript, or quietly loading content from newly registered or untrustworthy third-party domains. It is built for authorized commercial monitoring work, where the goal is not just to visit a site once but to produce a structured, repeatable evidence package that an analyst can review later. Each crawl opens the target domain in a real Chromium browser session while also routing traffic through a local proxy similar to Fiddler, so it captures both what the browser actually renders and the raw network traffic underneath. From that it builds an inventory of every third-party domain and IP address the page contacted, reconstructs any redirect chains, and records DOM changes, cookies, forms, and injected scripts along the way. The collected evidence is then enriched with outside context: WHOIS and RDAP lookups reveal how recently a domain was registered, Abuse.ch and IsMalicious.com provide reputation data on domains and IPs, and any downloaded JavaScript files can be scanned locally with ClamAV, Microsoft Defender, or Emsisoft. A separate worker component lets the same crawl run repeatedly on a schedule for ongoing monitoring, comparing each new run against a baseline to flag what changed. The repository is organized as a set of focused Python modules, one for the browser crawler itself, one for the proxy capture, one for reputation lookups, one for WHOIS and RDAP, and one for the antivirus scanning, along with tests and documentation covering setup, usage, and security considerations. It is aimed at security researchers and commercial monitoring teams doing authorized investigation of suspicious web infrastructure.

Copy-paste prompts

Prompt 1
Walk me through running this crawler against a single suspicious domain and reading the evidence output
Prompt 2
Explain how the browser session and the proxy capture work together to record the same page load
Prompt 3
Show me how to set up the recurring commercial monitoring mode for a list of client domains
Prompt 4
Help me interpret a WHOIS and RDAP result flagging a newly registered third-party domain

Frequently asked questions

What is domain_exploit_detector?

A Python security tool that crawls websites with a real browser and proxy to detect malicious redirects, third-party domains, and injected JavaScript.

What language is domain_exploit_detector written in?

Mainly Python. The stack also includes Python, Chromium DevTools, mitmproxy.

What license does domain_exploit_detector use?

The README does not state a license.

How hard is domain_exploit_detector to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is domain_exploit_detector for?

Mainly researcher.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.