dnsReaper – Subdomain Takeover Tool For Attackers, Bug Bounty Hunters And The Blue Team!

DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds. YouRead More

Pretender – Your MitM Sidekick For Relaying Attacks Featuring DHCPv6 DNS Takeover As Well As mDNS, LLMNR And NetBIOS-NS Spoofing

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeoveras well as mDNS, LLMNR and NetBIOS-NS spoofing pretender is a tool developed by RedTeam Pentesting to obtain machine-in-the-middle positions via spoofed local name resolution and DHCPv6 DNS takeover attacks. pretender primarily targets Windows hosts, as it is intended to be used for relaying attacks butRead More

Second-Order – Subdomain Takeover Scanner

Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain rules, or respond in a certain way. Installation From binary Download a prebuilt binary from the releases page and unzip it. From source Go version 1.17 is recommended. go install -v github.com/mhmdiaa/[email protected] Docker docker pullRead More

Domain-Protect – Protect Against Subdomain Takeover

Protect Against Subdomain Takeover scans Amazon Route53 across an AWS Organization for domain records vulnerable to takeover vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP deploy to security audit account scan your entire AWS Organization receive alerts by Slack or email or manually scan from your laptop subdomain detectionRead More

DNSTake – A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover. What is a DNS takeover? DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted.Read More

Tko-Subs – A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records

This tool allows: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over. a dangling CNAME pointing to a non-existent domain name one or more wrong/typoed NS records pointing to a nameserverRead More

NtHiM – Super Fast Sub-domain Takeover Detection

NtHiM – Super Fast Sub-domain Takeover Detection Installation Method 1: Using Pre-compiled Binaries The pre-compiled binaries for different systems are available in the Releases page. You can download the one suitable for your system, unzip the file and start using NtHiM. Method 2: Using Crates.io NtHiM is available on Crates.io. So, if you have RustRead More

Sub404 – A Python Tool To Check Subdomain Takeover Vulnerability

Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it is fast as it is Asynchronous. Why During recon process you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or urllib methodRead More

Garud – An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters. Requirements: Go Language, Python 2.7 or Python 3. System requirements: Recommended to run on vps with 1VCPU and 2GB ram. Tools used – You must need to install these tools to use this script SubFinderRead More

Taken – Takeover AWS Ips And Have A Working POC For Subdomain Takeover

Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain takeover POC. NotifyRead More

X