SubOver
By Ashish Chhatani - April 11, 2018
A Powerful subdomain takeover tool
image-source:
Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since its redesign, it has been aimed with speed and efficiency in mind. Till date, Sub Over detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijack able services is very comprehensive and it is what makes this tool so powerful.
Perquisite
Install Golang
Python 2.7
Steps
1. git clone https://github.com/Ice3man543/SubOver.git
2. cd SubOver
It is necessary to install Golang. To install follow below steps:
1. Create Directory
mkdir -p ~/git/GitHub/canha
2. Clone Git repository
- cd ~/git/GitHub/canha
- git clone https://github.com/canha/golang-tools-install-script
- cd golang-tools-install-script/
3. Install a 64 bit version
- bash goinstall.sh –64
4. Check that it was added to your shell config
- cat ~/.bashrc
5. Reload your shell
- source ~/.bashrc
6. Try if it works
- Go help
3. go build subover.go
- go build subover.go
Create a subdomains file and enter the subdomains you want to check
4. ./subover -l subdomains -v
Here, subdomains.txt contains the list of domains for which you need to take over the subdomains. While output.txt will dump all the subdomains associated with the primary domain.
You can actually use sublist3r tool to get the subdomains. This tool will make your life lot easier and help you get all the subdomains of a particualr main domain name.A perfect tool to enumerate the subdomains.
There are others flags as well e.g. –t, -v. you can get the details and working of these flags by using help command.
What are the services included?
Github
Heroku
Unbounce
tumblr
Shopify
Instapage
Desk
Tictail
Campaignmonitor
Cargocollective
Statuspage
Amazonaws
Cloudfront
Bitbucket
Squarespace
Smartling
Acquia
Fastly
Pantheon
Zendesk
Uservoice
WPEngine
Ghost
Freshdesk
Pingdom
Wordpress
Tilda
Teamwork
Helpjuice
Helpscout
Cargo
Feedpress
Freshdesk
Surge
Surveygizmo
You can download the tool from here.
RELATED ARTICLES
4G LTE attacks
By Md. Oosman - March 23, 2018The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, and paging.
READ MORE
Wifi Security Protocols
By Ashish Chhatani - March 15, 2018In today's world Wi-Fi has become the essential thing in our daily routine. The wireless networks are also not secure in this digital age.
READ MORE