Subdover is a MultiThreaded Subdomain Takeover Vulnerability Scanner Written In Python3
Alternatives To Subdover
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
a day ago25gpl-3.0HTML
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Web Attack Cheat Sheet3,541
a month ago
Web Attack Cheat Sheet
4 months ago65gpl-3.0Python
Knock Subdomain Scan
3 years ago5mitPython
K8Ladon大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
10 months ago11
Ladon 911 for Cobalt Strike & Cracked Download,Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force/psexec/atexec/sshexec/webshell/smbexec/netcat/osscan/netscan/struts2Poc/weblogicExp
10 months agomitShell
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Awesome Bbht390
a year agoShell
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
2 months ago2September 04, 20202gpl-3.0Rust
Scan only once by IP address and reduce scan times with Nmap for large amounts of data.
3 years ago24mitPython
An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.
3 years ago2Vue
Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
Alternatives To Subdover
Select To Compare

Alternative Project Comparisons


Subdover is a MultiThreaded Subdomain Takeover Vulnerability Scanner Written In Python3, Which has more than 88+ Fingerprints of potentially vulnerable services. Uses CNAME record for verification of findings.

Built-in Subdomain Enumeration Feature & Auto HTTP prober [Uses Open Source Tool for Subdomain Enum & HTTP probing i.e. findomain & httpx]

Total_Fingerprints(Aquatone + Subjack + Subzy + SubOver) <<< Total_Fingerprints(SubDover)


💻 This project was created only for good purposes and personal use.



  • [x] More than 70+ Fingerprints of potentially vulnerable services
  • [x] Uses CNAME record for verification of findings
  • [x] Built-in Subdomain Enumeration Method [Used findomain for Subdomain Enum]
  • [x] Can Scan targets from subdomain list
  • [x] Can Test Single Target for Subdomain Takeover
  • [x] MultiThread, Extermely Fast Scanner [Default Threads: 10]
  • [x] You can choose number of threads
  • [X] You can save result in TXT file
  • [x] Extremely Clean Output
  • [x] OS Independent [Can be used on any OS which supports Python3]
  • [X] Auto Command Line Updater

Tested On

Kali) Kali Linux - ROLLING EDITION

Windows) Windows 10

Windows) Windows 8.1 - Pro


  • [x] Python 3.X
  • [x] Few External Modules

How To Use in Linux

# Navigate to the /opt directory (optional)
$ cd /opt/

# Clone this repository
$ git clone

# Navigate to subdover folder
$ cd subdover

# Installing dependencies
$ chmod +x
$ sudo python3

# Giving Executable Permission & Checking Help Menu
$ chmod +x
$ sudo python3 --help

# Testing Single Target [Running Without Giving Parameter]
$ sudo python3

# Enumerating Subdomain & Testing them for Subdomain Takeover
$ sudo python3 -d 

# Testing targets for Subdomain Takeover from subdomain list
$ sudo python3 --list example_target.txt 

# Changing Number of Threads
$ sudo python3 --thread 30 -d

# Saving Result
$ sudo python3 -d -o result.txt

# Show Fingerprints & Exit
$ sudo python3 -s

How To Use in Windows

# Download this project as zip

# Navigate to subdover folder
$ cd subdover

# Installing dependencies
$ python -m pip install -r requirements.txt

# Checking Help Menu
$ python --help

# Testing Single Target [Running Without Giving Parameter]
$ python

# Enumerating Subdomain & Testing them for Subdomain Takeover
$ python -d 

# Testing targets for Subdomain Takeover from subdomain list
$ python --list example_target.txt 

# Changing Number of Threads
$ python --thread 30 -d

# Saving Result
$ python -d -o result.txt

# Show Fingerprints & Exit
$ python -s

How to Install Subdover in PentestBox

# Navigate to C:\PentestBox\bin\customtools Directory
$ cd C:\PentestBox\bin\customtools

# Clone This GitHub Repo
$ git clone

# Navigate to subdover folder
$ cd subdover

# Install Python Dependencies
$ python -m pip install -r requirements.txt

# Add Console Shortcut/Alias In PentestBox
$ echo subdover=python "%pentestbox_ROOT%\bin\customtools\subdover\" $* >> ../customaliases

Available Arguments

  • Optional Arguments
Short Hand Full Hand Description
-h --help show this help message and exit
-t --thread Number of Threads to Used. Default=10
-o --output Save Result in TXT file
-skip --skip-httpx Skip HTTP/HTTPS Protocal Resolution (HTTP Probing) [NOTE]: You must manually use httpx/httprobe on your subdomain list & then provide that final subdomains list using --list or -l flag
-s --fingerprints Show Available Fingerprints & Exit
  • Required Arguments
Short Hand Full Hand Description
-d --domain Target Wildcard Domain [For AutoSubdomainEnumeration], ex:-
-l --list Target Subdomain List, ex:- google_subdomain.txt

Available Fingerprints & CNAMES of potentially vulnerable services

No. Service Name Status CNAME Fingerprints
1. Acquia Vulnerable [''] The site you are looking for could not be found.
2. ActiveCampaign Vulnerable [''] alt="LIGHTTPD - fly light."
3. AfterShip Vulnerable [''] Oops.</h2><p class="text-muted text-tight">The page you're looking for doesn't exist.
4. AgileCRM Vulnerable ['', ''] Sorry, this page is no longer available.
5. Aha Vulnerable [''] There is no portal here ... sending you back to Aha!
6. Vulnerable ['', ''] LaterADD
7. Anima Vulnerable ['NOT_AVAILABLE'] If this is your website and you've just created it, try refreshing in a minute
8. Apigee Vulnerable ['']
9. AWS/S3 Vulnerable ['amazonaws'] The specified bucket does not exist
10. Bigcartel Vulnerable [''] <h1>Oops! We could&#8217;t find that page.</h1>
11. Bitbucket Vulnerable [''] Repository not found
12. Brightcove Vulnerable ['', '', ''] <p class="bc-gallery-error-code">Error Code: 404</p>
13. Vulnerable [''] There is no such company. Did you enter the right URL?
14. CampaignMonitor Vulnerable ['', ''] Double check the URL or <a href="mailto:[email protected]
15. Cargo Vulnerable [''] If you're moving your domain away from Cargo you must make this configuration through your registrar's DNS control panel.
16. CargoCollective Vulnerable [''] 404 Not Found
17. Cloudfront Edge case [''] Bad Request: ERROR: The request could not be satisfied
18. Desk Not vulnerable [''] Please try again or try free for 14 days.
19. ElasticBeanstalk_AWS_service Vulnerable ['']
20. Fastly Edge case [''] Fastly error: unknown domain:
21. Feedpress Vulnerable [''] The feed has not been found.
22. Freshdesk Vulnerable [''] May be this is still fresh!
23. Frontify Vulnerable [''] 404 - Page Not Found</h1>
24. GetResponse Vulnerable [''] With GetResponse Landing Pages, lead generation has never been easier
25. Ghost Vulnerable [''] The thing you were looking for is no longer here, or never was
26. Github Vulnerable [''] There isn't a GitHub Pages site here.
27. Help Juice Vulnerable [''] We could not find what you're looking for
28. Helprace Vulnerable [''] Admin of this Helprace account needs to set up domain alias
29. Help Scout Vulnerable [''] No settings were found for this company
30. Heroku Edge case ['herokuapp'] No such app
31. Hubspot Vulnerable [''] Domain Not found
32. Instapage Vulnerable ['', '', ''] You've Discovered A Missing Link. Our Apologies!
33. InterCom Vulnerable [''] <h1 class="headline"Uh oh. That page doesn't exist.</h1>
34. JetBrains Vulnerable [''] is not a registered InCloud YouTrack
35. Kajabi Vulnerable [''] <h1>The page you were looking for doesn't exist.</h1>
36. Landingi Vulnerable [''] <p>The page you are looking for is not found.</p>
37. LaunchRock Vulnerable [''] It looks like you may have taken a wrong turn somewhere. Don't happens to all of us.
38. Vulnerable ['', ''] Double check that you have the right web address and give it another go!</p>
39. Mashery Edge Case [''] Unrecognized domain
40. MicrosoftAzure Vulnerable ['', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', ''] 404 Web Site not found
41. Ngrok Vulnerable [''] not found
42. Pantheon Vulnerable [''] The gods are wise, but do not know of the site which you seek.
43. Pingdom Vulnerable [''] This public report page has not been activated by the user
44. Proposify Vulnerable [''] If you need immediate assistance, please contact <a href="mailto:[email protected]
45. Vulnerable [''] Project doesnt exist... yet!
46. Vulnerable [''] is unknown to Read the Docs
47. Shopify Edge Case [''] Sorry, this shop is currently unavailable
48. SimpleBooklet Vulnerable [''] We can't find this <a href="
49. Smartling Vulnerable [''] Domain is not configured
50. Smugmug Vulnerable ['']
51. StatusPage Vulnerable [''] You are being <a href="">redirected
52. Strikingly Vulnerable [''] But if you're looking to build your own website,
53. Vulnerable [''] project not found
54. Surveygizmo Vulnerable ['', '', ''] data-html-name
55. Tave Vulnerable [''] <h1>Error 404: Page Not Found</h1>
56. Teamwork Vulnerable [''] Oops - We didn't find your site.
57. Thinkific Vulnerable [''] You may have mistyped the address or the page may have moved.
58. Tictail Vulnerable [''] to target URL: <a href="
59. Tilda Edge Case [''] Please renew your subscription
60. Tumblr Vulnerable [''] Whatever you were looking for doesn't currently exist at this address
61. Uberflip Vulnerable ['', ''] Non-hub domain, The URL you've accessed does not provide a hub. Please check the URL and try again.
62. Unbounce Edge Case [''] The requested URL was not found on this server
63. UptimeRobot Vulnerable [''] This public status page <b>does not seem to exist</b>.
64. UserVoice Vulnerable [''] This UserVoice subdomain is currently available
65. Vend Vulnerable [''] Looks like you've traveled too far into cyberspace
66. WebFlow Vulnerable ['', ''] <p class="description">The page you are looking for doesn't exist or has been moved.</p>
67. WishPond Vulnerable ['']
68. Vulnerable ['NOT_AVAILABLE'] Hello! Sorry, but the website you&rsquo;re looking for doesn&rsquo;t exist.
69. Wordpress Vulnerable [''] Do you want to register
70. Zendesk Not Vulnerable [''] Help Center Closed
71. Vulnerable [''] <p>This page will be updated automatically when your app is published.</p>
72. Vulnerable [''] The deployment could not be found on Vercel.
73. Vulnerable [''] <!doctype html><html><head><meta charset=\"utf-8\"><title>Loading...</title>
74. Jazzhr Edge Case [""] "This account no longer active"
75. Kinsta Vulnerable [""] "No Site For Domain"
76. Smartjob Vulnerable ["", ""] "This job board website is either expired or its domain name is invalid"
77. Wufoo Vulnerable ["", "", "", ""] "Hmmm....something is not right."
78. Wix Vulnerable [""] "Error ConnectYourDomain occurred"
79. Sprintful Vulnerable ["", "", ""] "This domain name does not have a default page configured."
80. Short-io Vulnerable [""] "This domain is not configured on"
81. Pagewiz Vulnerable [""] "pagewiz"
82. Netlify Edge case ["", "", "", ""] "Not found - Request ID:"
83. Gitbook Vulnerable [""] "Domain not found"
84. Flywheel Vulnerable [""] "We're sorry, you've landed on a page that is hosted by Flywheel"
85. Announcekit Vulnerable [""] "Error 404 - AnnounceKit"
86. Flexbe Edge Case [""] "flexbe"
87. Gemfury Vulnerable [""] "404: This page could not be found."
88. Hatenablog Vulnerable [""] "404 Blog is not found"
  • NOTE: Make sure to confirm Vulnerable Subdomain
  • If you got a false positive result, then you can open a issue in this repo with that false +ve
  • It will help us to decrease the false +ve count & will improve detection mechanism


Help Menu

Scan Single Target

Enumerate Subdomain & Scan

Scan Targets from SubdomainList

Saving Result

Result of Scan


  • All Contributors are welcome, this repo needs contributors who will improve this tool to make it best.


  • [ ] Add More Fingerprints & CNAMES
  • [ ] If in future exisiting Vulnerable become Edge Case or Not Vulnerable, then please tell me know by opening a issue


  • Pushpender (@PushpenderIndia)
  • gauravdrago (@gauravdrago)


[email protected]

More Features Coming Soon...

Popular Scanner Projects
Popular Subdomain Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Vulnerability Scanners