Skip to content
/ Subdomain-Takeover-Checker Public

Python tool for detecting subdomain takeover vulnerabilities by resolving CNAME records and checking for known error messages. It supports bulk domain scanning and logs detailed results for analysis.

14 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fdzdev/Subdomain-Takeover-Checker

BranchesTags

Repository files navigation

Subdomain Takeover Checker

A Python script to analyze URLs for potential subdomain takeover vulnerabilities. It checks the CNAME records of provided subdomains against a list of known vulnerable services and analyzes the server response to detect takeover possibilities.

Features

  • CNAME Record Checks: Identify subdomains with CNAME records pointing to vulnerable services (e.g., AWS, GitHub Pages).
  • Server Response Analysis: Inspect server responses for error messages commonly associated with subdomain takeovers.
  • Custom or Pre-defined URL List: Accept user-specified URLs or load a list from a file for batch analysis.
  • Parallel Execution: Perform checks concurrently for faster processing of multiple URLs.
  • Logging: Save results, including unique CNAMEs and takeover statuses, in a detailed log file.

Requirements

  • Python 3.x
  • The necessary Python libraries (listed in requirements.txt)

Installation

  1. Clone the repository: 
    git clone https://github.com/yourusername/subdomain-takeover-checker.git
  2. Navigate to the directory: 
    cd subdomain-takeover-checker
  3. Install the required libraries using requirements.txt: 
    pip install -r requirements.txt

Usage

You can run the script with either a single domain or a list of domains:

  1. To check a single domain: 
    python3 checker.py -d example.com
  2. To check a multiple domains: 
    python3 checker.py -l domains.txt

The results will be saved in a log file, which can be customized based on the input source.

Sample Output

The output will display the CNAME records found for each subdomain and indicate if it is potentially vulnerable to takeover. It also logs progress and errors in real-time.

Example Keywords for Vulnerable Services

The script uses a keywords.txt file to load CNAME patterns associated with vulnerable services. Make sure the file includes keywords like, feel free to add additional vulnerable domains. We currently have 42 fingerprints:

s3.amazonaws.com
github.io
unbounce.com

Logging

Every time you scan using the -d flag it will be added to results.log. Every time you scan using the -l flag it will create a new file text with the report of the CNAMES/Vulnerable Subdomains. Example log entry:

[!] Vulnerable: example.com (CNAME: s3.amazonaws.com)
[-] No takeover detected: anotherdomain.com

Contributions

Feel free to fork the repository and submit pull requests with improvements or additional features.

About

Python tool for detecting subdomain takeover vulnerabilities by resolving CNAME records and checking for known error messages. It supports bulk domain scanning and logs detailed results for analysis.

Topics

bug-bounty bugbounty penetrationtesting

Resources

Readme
Activity

Stars

14 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages