|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Scanners Box||7,483||a month ago||2|
|A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑|
|Reconftw||4,679||2 days ago||26||mit||HTML|
|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|
|Dnstake||727||7 months ago||5||April 15, 2022||8||mit||Go|
|DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover|
|Garud||694||3 months ago||5||mit||Shell|
|An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.|
|Subzy||676||4 months ago||4||April 23, 2021||3||gpl-2.0||Go|
|Subdomain takeover vulnerability checker|
|Aort||556||9 months ago||8||October 12, 2022||4||gpl-3.0||Python|
|All in One Recon Tool for Bug Bounty|
|Sub404||257||9 months ago||1||gpl-3.0||Python|
|A python tool to check subdomain takeover vulnerability|
|Cazador_unr||119||8 months ago|
|Takeover V1||91||7 months ago||1||gpl-3.0||Shell|
|Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability.|
|Firebase||85||4 years ago||mit||Python|
|Exploiting misconfigured firebase databases|
Subdomain Takeover is a type of vulnerability that arises when a subdomain points to an external service that has been deleted or is no longer in use. Common examples of these external services include Github, Heroku, Gitlab, and Tumblr. In this scenario, an attacker can exploit this vulnerability if the original owner fails to remove the DNS entry that points to the deleted service, allowing the attacker to takeover the subdomain by adding a CNAME file containing the subdomain name. This type of vulnerability can have significant security implications and requires careful attention to prevent exploitation.
Here is the command that checks CNAME record of a subdomain.
$dig CNAME apt.shopify.com --> apt.shopify.com.s3-website-us-east-1.amazonaws.com.
Managing and securing large numbers of subdomains can be a challenging task for organizations. In order to effectively monitor subdomains for potential security risks, it is important to have a tool that can automate the process of checking CNAME records for each domain. The script in question takes a file name as input, and performs a series of actions to produce output that displays the CNAME record for each domain in the input file. This approach enables security professionals to easily manage and monitor a large number of subdomains, and can help to identify potential vulnerabilities more efficiently.
When a service is deleted, it is important to analyze the fingerprints that may be left behind when the DNS entry remains in place. In some cases, a vulnerable subdomain may display an error message when visited by an attacker, such as "There isn't a Github Pages site here." By carefully examining these error messages, security professionals can gain valuable insight into potential vulnerabilities that may exist within a domain or subdomain, and take steps to mitigate these risks. This type of analysis is essential for identifying and addressing security issues that may arise from improperly configured or abandoned services.
Security researcher @edoverflow has listed all services and their fingerprints. For more detail visit EdOverflow/can-i-take-over-xyz