Subdomain Takeover

tko-subs

Repo: https://github.com/anshumanbh/tko-subs

Info: This tool allows:

To check whether a subdomain has a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over.
To actually take over those subdomain by providing a flag -takeover. Currently, take over is only supported for Github Pages and Heroku Apps and by default the take over functionality is off.
To specify your own CMS providers and check for them via the providers-data.csv file. In that file, you would mention the CMS name, their CNAME value, their string that you want to look for and whether it only works over HTTP or not. Check it out for some examples.

# Installation
go install github.com/anshumanbh/tko-subs@latest

#Execution
~/go/bin/./tko-subs -takeover -domains=domains.txt -output=subdomaintakeovers.csv

To actually take over those subdomain by providing a flag -takeover. Currently, take over is only supported for Github Pages and Heroku Apps and by default the take over functionality is off.

PreviousSecond DNS Brute-Force Round NextNetwork Host Scan/Discovery

Last updated 7 months ago