3rd Party Tracer

🚧 Work in Progress
This page is currently being updated as and when Anant gets time. Once it is fully updated, this message will be removed.

TL;DR

🚀 What it does: Third-party service discovery tool via DNS analysis

💡 Best for: Security professionals and researchers analyzing digital footprints

🔍 Key features: DNS analysis, service discovery, attack surface mapping

🌐 Website 📁 GitHub

3rd Party Tracer is an advanced third-party service discovery tool that analyzes DNS records to identify third-party services associated with any domain. This powerful client-side web application provides comprehensive insights into an organization’s digital footprint and cloud service dependencies.

Project Overview

Built with pure HTML, JavaScript, and CSS, 3rd Party Tracer is a sophisticated OSINT tool that helps security professionals, researchers, and organizations understand their external service dependencies and potential attack surface through DNS analysis.

Key Features

🔍 Comprehensive DNS Analysis

DoH (DNS over HTTPS) queries using Google and Cloudflare DNS servers
Multiple DNS record types: A, CNAME, TXT, MX, NS, SPF, DMARC
Certificate Transparency logs via crt.sh and Cert Spotter
Threat intelligence integration with OTX AlienVault and HackerTarget

🏢 Service Detection & Classification

Cloud Providers: AWS, Azure, Google Cloud, DigitalOcean, Linode, Vultr
Email Services: ProofPoint, Mimecast, Barracuda, Sophos
CDN & Hosting: Cloudflare, Firebase, GitHub Pages, GitLab Pages
DNS Services: GoDaddy, Namecheap, Google Domains, Route53
Security Services: Various email security and threat protection providers

🔒 Security Analysis

Subdomain takeover detection via CNAME resolution checks
DMARC policy analysis with detailed policy parsing
Security issue categorization by severity (High, Medium, Low)
Infrastructure risk assessment based on IP ranges and ASN data

📊 Rich Data Visualization

Service categorization with detailed descriptions
Historical subdomain records with discovery source tracking
CNAME mapping visualization showing service relationships
Statistics dashboard with comprehensive metrics
Hyperlinked subdomains for easy navigation

Technology Stack

Frontend: Pure HTML5, CSS3, Vanilla JavaScript
DNS: DNS over HTTPS (DoH) with multiple providers
APIs: Certificate Transparency, Threat Intelligence, ASN Lookup
Architecture: Client-side only, no server dependencies
Deployment: GitHub Pages ready

How It Works

1. DNS Record Analysis

The tool starts by querying various DNS record types:

TXT records reveal service ownership proofs and configurations
SPF records identify authorized email service providers
DMARC records show email security and reporting services
MX records indicate email hosting providers

2. Subdomain Discovery

Leverages multiple sources for comprehensive subdomain enumeration:

Certificate Transparency logs via crt.sh and Cert Spotter
Threat intelligence platforms like OTX AlienVault
DNS enumeration APIs for additional coverage

3. Service Classification

Each discovered subdomain is analyzed and categorized:

IP-based classification using ASN data from ipinfo.io
CNAME target analysis for service identification
Pattern matching against known service providers
Vendor consolidation to prevent duplicate entries

4. Security Assessment

Comprehensive security analysis including:

Subdomain takeover detection via CNAME resolution
DMARC policy evaluation with detailed tag parsing
Infrastructure risk assessment based on IP ranges
Cloud service dependency mapping

Key Components

DNS Analyzer

Handles all DNS queries using DoH
Manages rate limiting and error handling
Integrates with multiple APIs for subdomain discovery
Processes various DNS record types

Service Registry

Manages service detection and categorization
Handles vendor consolidation and deduplication
Maintains service metadata and descriptions
Provides service statistics

Service Patterns

Contains regex patterns for service detection
Maps domains to vendor categories
Includes IP range classifications
Supports custom service definitions

Subdomain Registry

Tracks discovered subdomains
Manages subdomain metadata
Handles CNAME chain resolution
Provides subdomain statistics

Use Cases

3rd Party Tracer is valuable for:

Security Assessments: Understanding third-party dependencies and attack surface
Compliance Auditing: Mapping external service usage for regulatory requirements
Digital Forensics: Investigating service relationships and dependencies
Threat Intelligence: Identifying potential security risks from third-party services
Cloud Migration Planning: Understanding current service dependencies before migration
Vendor Risk Management: Assessing third-party service security postures

Privacy & Security

Client-side only: No data sent to external servers
DNS over HTTPS: Encrypted DNS queries
No tracking: No analytics or user tracking
Open source: Transparent code for security review

Impact

This tool addresses critical needs in:

Cloud Security Research: Advancing understanding of third-party service dependencies
OSINT Capabilities: Providing comprehensive DNS-based reconnaissance tools
Security Automation: Enabling automated third-party service discovery
Risk Assessment: Supporting informed decision-making about external dependencies

Live Demo

The tool is available as a live web application at https://cyfinoid.github.io/3ptracer/ , making it easily accessible for immediate use without installation.

🔬 Built with ❤️ by Cyfinoid Research - Advancing Cloud Security Research