Skip to content

SubHasPwn is a powerful tool designed for security researchers and penetration testers to identify potential subdomain takeover vulnerabilities.

Notifications You must be signed in to change notification settings

ThatNotEasy/SubHasPwned

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 

Repository files navigation

SubHasPwned

SubHasPwn is a Python-based tool designed to identify potential subdomain takeover vulnerabilities by analyzing CNAME records of specified subdomains. The tool uses DNS resolution and HTTP requests to assess if a subdomain is vulnerable to takeover by matching CNAME records against known vulnerable services.

Key Features

  1. CNAME Resolution:

    • Resolves CNAME records for given subdomains to identify associated domains.
    • Checks if the resolved CNAME points to any known vulnerable services.
  2. Vulnerability Checking:

    • Compares the resolved CNAME records against patterns of known vulnerable services.
    • Sends HTTP requests to determine if the service is active and potentially vulnerable.
  3. Multithreading Support:

    • Supports concurrent processing of multiple subdomains using threads for efficient execution.
    • Allows the user to specify the number of threads to optimize performance.

Usage

To use the Subdomain Takeover Checker, follow these steps:

  1. Install Required Libraries:

    • Ensure you have the required libraries installed. You can install them using pip:
      pip install dnspython requests beautifulsoup4 coloredlogs pyyaml
  2. Prepare the Input File:

    • Create a text file containing the list of subdomains you wish to check, with one subdomain per line.
  3. Create a Configuration File:

    • Create a vulnerable.yaml file that contains patterns and response messages for known vulnerable services. This file is used to identify potential takeovers.
  4. Run the Tool:

    • Execute the script from the command line, providing the path to the subdomain file and optionally specifying the number of threads. For example:
      python main.py -f subdomains.txt -t 10
  5. Review the Results:

    • After execution, check the output file (default: takeover.txt) for a list of vulnerable subdomains and their associated details.

About

SubHasPwn is a powerful tool designed for security researchers and penetration testers to identify potential subdomain takeover vulnerabilities.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages