GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → haccer → Subjack

haccer / Subjack

Licence: apache-2.0
Subdomain Takeover tool written in Go

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

securitypentestinginfosecbugbountybug-bountysubdomain

Projects that are alternatives of or similar to Subjack

sub404
A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-82.83%)
Mutual labels:  subdomain, bug-bounty, pentesting, bugbounty
Subtake
Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.
Stars: ✭ 104 (-91.29%)
Mutual labels:  subdomain, pentesting, infosec, bug-bounty
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+188.02%)
Mutual labels:  bug-bounty, infosec, pentesting, bugbounty
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+506.87%)
Mutual labels:  pentesting, infosec, bug-bounty, bugbounty
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-57.37%)
Mutual labels:  pentesting, infosec, bugbounty, bug-bounty
Subover
A Powerful Subdomain Takeover Tool
Stars: ✭ 607 (-49.16%)
Mutual labels:  subdomain, pentesting, bugbounty, bug-bounty
Sub-Drill
A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-94.14%)
Mutual labels:  subdomain, bug-bounty, bugbounty
aquatone
A Tool for Domain Flyovers
Stars: ✭ 43 (-96.4%)
Mutual labels:  bug-bounty, infosec, bugbounty
Cloudbrute
Awesome cloud enumerator
Stars: ✭ 268 (-77.55%)
Mutual labels:  pentesting, infosec, bugbounty
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-94.81%)
Mutual labels:  pentesting, infosec, bugbounty
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-88.11%)
Mutual labels:  bug-bounty, infosec, bugbounty
Xxe Injection Payload List
🎯 XML External Entity (XXE) Injection Payload List
Stars: ✭ 304 (-74.54%)
Mutual labels:  infosec, bugbounty, bug-bounty
Getaltname
Extract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-73.2%)
Mutual labels:  subdomain, pentesting, infosec
lit-bb-hack-tools
Little Bug Bounty & Hacking Tools⚔️
Stars: ✭ 180 (-84.92%)
Mutual labels:  bug-bounty, infosec, bugbounty
magicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (-59.97%)
Mutual labels:  subdomain, infosec, bugbounty
flydns
Related subdomains finder
Stars: ✭ 29 (-97.57%)
Mutual labels:  bug-bounty, infosec, bugbounty
Hetty
Hetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+201.17%)
Mutual labels:  pentesting, infosec, bugbounty
Metabigor
Intelligence tool but without API key
Stars: ✭ 424 (-64.49%)
Mutual labels:  pentesting, infosec, bugbounty
Dictionary Of Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (-58.79%)
Mutual labels:  subdomain, pentesting, bugbounty
Can I Take Over Xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+135.18%)
Mutual labels:  subdomain, infosec, bugbounty
View All Similar Projects ➔

subjack

Build Status Build status Go Report Card GoDoc GitHub license

Subjack is a Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives.

Subjack will also check for subdomains attached to domains that don't exist (NXDOMAIN) and are available to be registered. No need for dig ever again! This is still cross-compatible too.

What's New? (Last Updated 09/17/18)

  • Custom fingerprint support
  • New Services (Re-added Zendesk && Added Readme, Bitly, and more)
  • Slight performance enhancements

Installing

Requires Go

go get github.com/haccer/subjack

How To Use:

Examples:

  • ./subjack -w subdomains.txt -t 100 -timeout 30 -o results.txt -ssl

Options:

  • -d test.com if you want to test a single domain.
  • -w domains.txt is your list of subdomains.
  • -t is the number of threads (Default: 10 threads).
  • -timeout is the seconds to wait before timeout connection (Default: 10 seconds).
  • -o results.txt where to save results to. For JSON: -o results.json
  • -ssl enforces HTTPS requests which may return a different set of results and increase accuracy.
  • -a skips CNAME check and sends requests to every URL. (Recommended)
  • -m flag the presence of a dead record, but valid CNAME entry.
  • -v verbose. Display more information per each request.
  • -c Path to configuration file.

Practical Use

You can use scanio.sh which is kind of a PoC script to mass-locate vulnerable subdomains using results from Rapid7's Project Sonar. This script parses and greps through the dump for desired CNAME records and makes a large list of subdomains to check with subjack if they're vulnerable to Hostile Subdomain Takeover. Of course this isn't the only method to get a large amount of data to test. Please use this responsibly ;)

Adding subjack to your workflow

package main

import (
	"fmt"
	"encoding/json"
	"io/ioutil"
	"strings"

	"github.com/haccer/subjack/subjack"
)
 

func main() {
	var fingerprints []subjack.Fingerprints
	config, _ := ioutil.ReadFile("custom_fingerprints.json")
	json.Unmarshal(config, &fingerprints)

	subdomain := "dead.cody.su"
	/* Use subjack's advanced detection to identify 
	if the subdomain is able to be taken over. */
	service := subjack.Identify(subdomain, false, false, 10, fingerprints)

	if service != "" {
		service = strings.ToLower(service)
		fmt.Printf("%s is pointing to a vulnerable %s service.\n", subdomain, service)
	}
}

See the godoc for more functions.

FAQ

Q: What should my wordlist look like?

A: Your wordlist should include a list of subdomains you're checking and should look something like:

assets.cody.su
assets.github.com
b.cody.su
big.example.com
cdn.cody.su
dev.cody.su
dev2.twitter.com

References

Extra information about Hostile Subdomain Takeovers:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].