SubHasPwn is a Python-based tool designed to identify potential subdomain takeover vulnerabilities by analyzing CNAME records of specified subdomains. The tool uses DNS resolution and HTTP requests to assess if a subdomain is vulnerable to takeover by matching CNAME records against known vulnerable services.
-
CNAME Resolution:
- Resolves CNAME records for given subdomains to identify associated domains.
- Checks if the resolved CNAME points to any known vulnerable services.
-
Vulnerability Checking:
- Compares the resolved CNAME records against patterns of known vulnerable services.
- Sends HTTP requests to determine if the service is active and potentially vulnerable.
-
Multithreading Support:
- Supports concurrent processing of multiple subdomains using threads for efficient execution.
- Allows the user to specify the number of threads to optimize performance.
To use the Subdomain Takeover Checker, follow these steps:
-
Install Required Libraries:
- Ensure you have the required libraries installed. You can install them using pip:
pip install dnspython requests beautifulsoup4 coloredlogs pyyaml
- Ensure you have the required libraries installed. You can install them using pip:
-
Prepare the Input File:
- Create a text file containing the list of subdomains you wish to check, with one subdomain per line.
-
Create a Configuration File:
- Create a
vulnerable.yaml
file that contains patterns and response messages for known vulnerable services. This file is used to identify potential takeovers.
- Create a
-
Run the Tool:
- Execute the script from the command line, providing the path to the subdomain file and optionally specifying the number of threads. For example:
python main.py -f subdomains.txt -t 10
- Execute the script from the command line, providing the path to the subdomain file and optionally specifying the number of threads. For example:
-
Review the Results:
- After execution, check the output file (default:
takeover.txt
) for a list of vulnerable subdomains and their associated details.
- After execution, check the output file (default: