Simple but effective bash script to check a domain if it's vulnerable to subdomain takeover. It uses Amass and MassDNS tools for fast domain information gathering and records resolution. List of supported cloud providers vulnerable to takeover*:
- cloudapp.net
- azurewebsites.net
- trafficmanager.net
- azure-api.net
- cloudapp.net
- azureedget.net
- azure-api.net
- p.azurewebsites.net
- s3.amazonaws.com
- s3-websites
- cargocollective.com
- desk.com
- redirect.feedpress.me
- ghost.io
- github.com
- helpscoutdocs.com
- herokuapp.com
- herokuspace.com
- hs-sites.com
- myjetbrains.com
- myshopify.com
- statuspage.io
- surge.sh
- uservoice.com
- wordpress.com
- zendesk.com
*List may be not 100% accurate and needs a review.
./dnsTakeover.sh example.com