RKh-SNI-Spoofing

RKh-SNI-Spoof Scanner is a tool that checks whether a list of domain names is suitable for SNI spoofing. SNI (Server Name Indication) is a part of how HTTPS connections are established: it tells the server which domain a client wants to reach before the encrypted session begins. SNI spoofing exploits this by making a connection appear to target one domain while actually routing traffic through another, a technique used in some censorship-circumvention setups to reach blocked services.

The tool takes a list of domains and a VPS (virtual private server) IP address that you control. For each domain, it checks whether the IP returned by the connection matches your VPS IP. If it matches, the domain is marked as a success for spoofing use; if not, it is marked as failed. The README is written in Farsi and the context suggests this is aimed at users in regions with restricted internet access.

There are two versions. The Bash version is lightweight, requires no installed dependencies, and reads a domains.txt file. The Python version adds multi-threading for speed, automatic retries, input sanitization, and saves results in three files: success.txt, fail.txt, and a result.json that includes the domain, IP, Cloudflare data-center code, and country for each successful entry.

Both versions run from the command line. You enter your VPS IP and a timeout value, then the scanner works through the domain list and prints results as it goes. The Python version is described as better suited for large-scale scans. No external Python libraries are required beyond the standard Python 3 installation.