SubOver

A Powerful subdomain takeover tool

Image

image-source:

Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since its redesign, it has been aimed with speed and efficiency in mind. Till date, Sub Over detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijack able services is very comprehensive and it is what makes this tool so powerful.

Perquisite

Install Golang

Python 2.7

Steps

1. git clone https://github.com/Ice3man543/SubOver.git

2. cd SubOver

It is necessary to install Golang. To install follow below steps:

1. Create Directory

mkdir -p ~/git/GitHub/canha

2. Clone Git repository

- cd ~/git/GitHub/canha

- git clone https://github.com/canha/golang-tools-install-script

- cd golang-tools-install-script/

3. Install a 64 bit version

- bash goinstall.sh –64

4. Check that it was added to your shell config

- cat ~/.bashrc

5. Reload your shell

- source ~/.bashrc

6. Try if it works

- Go help

3. go build subover.go

- go build subover.go

Create a subdomains file and enter the subdomains you want to check

4. ./subover -l subdomains -v

Here, subdomains.txt contains the list of domains for which you need to take over the subdomains. While output.txt will dump all the subdomains associated with the primary domain.

You can actually use sublist3r tool to get the subdomains. This tool will make your life lot easier and help you get all the subdomains of a particualr main domain name.A perfect tool to enumerate the subdomains.

Image
Image

There are others flags as well e.g. –t, -v. you can get the details and working of these flags by using help command.

What are the services included?

Github

Heroku

Unbounce

tumblr

Shopify

Instapage

Desk

Tictail

Campaignmonitor

Cargocollective

Statuspage

Amazonaws

Cloudfront

Bitbucket

Squarespace

Smartling

Acquia

Fastly

Pantheon

Zendesk

Uservoice

WPEngine

Ghost

Freshdesk

Pingdom

Wordpress

Tilda

Teamwork

Helpjuice

Helpscout

Cargo

Feedpress

Freshdesk

Surge

Surveygizmo

You can download the tool from here.

RELATED ARTICLES

Image

4G LTE attacks

The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, and paging.

READ MORE
Image

Wifi Security Protocols

In today's world Wi-Fi has become the essential thing in our daily routine. The wireless networks are also not secure in this digital age.

READ MORE