Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.

Notifications You must be signed in to change notification settings

topscoder/subgomain

Repository files navigation

Subgomain

Subgomain is a command-line tool for checking domains for vulnerabilities related to subdomain takeover. It checks a list of domains provided via input against known fingerprints stored in a JSON file. Possible vulnerabilities are identified through checks on DNS CNAME records, HTTP status codes, and string patterns in the HTML response content.

Installation

You can install Subgomain using the following command:

go install -v github.com/topscoder/subgomain@latest

Usage

subgomain -domain <domain> | -domains <filename> [-fingerprints <url_or_local_path>] [-resolvers <url>] [-threads <int>] [-timeout <seconds>] [-silent] [-debug]

Arguments

Required

  • -domain <domain>: Specifies the single domain to check.
  • -domains <path-to-domains-file>: Specifies the path to the file containing the list of domains to check.

Optional

  • -fingerprints <url-to-fingerprints-json> (optional): Specifies the URL or disk path to the JSON file containing fingerprints for identifying vulnerabilities. Optional. Defaults to a predefined URL.
  • -resolvers <url> (optional): Specifies the URL to the TXT file containing DNS servers (resolvers) to be used. Optional. Defaults to a predefined URL.
  • -threads <number-of-threads> (optional, default 5): Specifies the number of concurrent threads to use for domain checking. Optional. Defaults to the number of logical CPUs.
  • -timeout <seconds> (optional, default 2): Specifies the HTTP timeout in seconds. Optional. Defaults to 2 seconds.
  • -silent (optional): If provided, only prints vulnerable domains without any additional output. Optional.
  • -debug (optional): If provided, the application prints (loads of) debug messages.

Examples

  1. Check domains for vulnerabilities, printing both vulnerable and non-vulnerable domains:

    subgomain -domains domains.txt

  2. Check domains for vulnerabilities, printing only vulnerable domains:

    subgomain -silent -domains domains.txt

  3. Check domains using custom fingerprints file and increase the number of threads for faster processing:

    subgomain -domains domains.txt -fingerprints https://example.com/custom_fingerprints.json -threads 10

Contributing

Contributions are welcome! If you have suggestions, feature requests, or find a bug, please open an issue or submit a pull request.

License

This project is licensed under the MIT License.

About

A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.

Topics

Resources

Stars

Watchers

Forks

Languages

AltStyle によって変換されたページ (->オリジナル) /