API tools faq
paste
Advertisement
xosski

SoundCloud Probe

xosski
Jun 16th, 2025
25
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.23 KB | None | 0 0
raw download clone embed print report
  1. # SoundCloud Red-Team Recon & Risk Script
  2. # Author: GhostCore Recon Ops
  3. # Purpose: Identify exposed user data, DNS behavior, and test hydration vectors
  4.  
  5. import requests
  6. import json
  7. from urllib.parse import urlparse
  8.  
  9. # --- Config ---
  10. track_url = "https://soundcloud.com/viperrecordings/blaine-stranger-nev3r-vpr307"
  11. api_url = "https://api-v2.soundcloud.com/resolve?url={}&client_id=2t9loNQH90kzJcsFCODdigxfp325aq4z"
  12. headers = {
  13. "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
  14. }
  15.  
  16. # --- Step 1: Resolve Metadata and Hydration Payload ---
  17. print("[*] Resolving track metadata...")
  18. response = requests.get(api_url.format(track_url), headers=headers)
  19. data = response.json()
  20.  
  21. if 'id' not in data:
  22. print("[!] Failed to resolve track metadata.")
  23. exit()
  24.  
  25. track_id = data['id']
  26. hydrate_url = f"https://api-v2.soundcloud.com/tracks/{track_id}?client_id=2t9loNQH90kzJcsFCODdigxfp325aq4z"
  27. track_details = requests.get(hydrate_url, headers=headers).json()
  28.  
  29. # --- Step 2: Extract and Display Sensitive Fields ---
  30. def show_key_data(payload):
  31. print("\n[+] Extracted Metadata:")
  32. for key in ['permalink_url', 'title', 'user', 'playback_count', 'purchase_url', 'publisher_metadata']:
  33. print(f"{key}: {payload.get(key)}")
  34.  
  35. print("\n[+] GeoIP Data:")
  36. geo = payload.get('geoip', {})
  37. print(json.dumps(geo, indent=4))
  38.  
  39. print("\n[+] Email Leakage (if present):")
  40. if 'primary_email' in payload:
  41. print(f"Email: {payload['primary_email']}")
  42. print(f"SHA256: {payload.get('primary_email_sha256')}")
  43.  
  44. show_key_data(track_details)
  45.  
  46. # --- Step 3: DNS Prefetch Behavior Probe (Manual advisory) ---
  47. dns_targets = ["api-v2.soundcloud.com", "cf.soundcloud.com"]
  48. print("\n[*] Advisory: Test DNS prefetch behavior manually with dig/wireshark or below:")
  49. for domain in dns_targets:
  50. ip = requests.get(f"https://dns.google/resolve?name={domain}").json()
  51. answer = ip.get("Answer", [{}])[0].get("data", "N/A")
  52. print(f"Resolved {domain} to {answer}")
  53.  
  54. # --- Step 4: Permalink Injection Test Stub ---
  55. print("\n[*] Injection Probe Suggestion:")
  56. permalink = track_details.get("permalink", "")
  57. print(f"Example payload vector: https://soundcloud.com/viperrecordings/<script>alert('xss')</script>")
  58.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!