By Ashish Chhatani - April 11, 2018
A Powerful subdomain takeover tool
Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since its redesign, it has been aimed with speed and efficiency in mind. Till date, Sub Over detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijack able services is very comprehensive and it is what makes this tool so powerful.
1. git clone https://github.com/Ice3man543/SubOver.git
2. cd SubOver
It is necessary to install Golang. To install follow below steps:
1. Create Directory
mkdir -p ~/git/GitHub/canha
2. Clone Git repository
- cd ~/git/GitHub/canha
- git clone https://github.com/canha/golang-tools-install-script
- cd golang-tools-install-script/
3. Install a 64 bit version
- bash goinstall.sh –64
4. Check that it was added to your shell config
- cat ~/.bashrc
5. Reload your shell
- source ~/.bashrc
6. Try if it works
- Go help
3. go build subover.go
- go build subover.go
Create a subdomains file and enter the subdomains you want to check
4. ./subover -l subdomains -v
Here, subdomains.txt contains the list of domains for which you need to take over the subdomains. While output.txt will dump all the subdomains associated with the primary domain.
You can actually use sublist3r tool to get the subdomains. This tool will make your life lot easier and help you get all the subdomains of a particualr main domain name.A perfect tool to enumerate the subdomains.
There are others flags as well e.g. –t, -v. you can get the details and working of these flags by using help command.
What are the services included?
You can download the tool from here.