/takeover

Sub-Domain TakeOver Vulnerability Scanner

Primary LanguagePythonMIT LicenseMIT

TakeOver - Subdomain Takeover Finder

screen

Sub-domain takeover vulnerability occur when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com. For more information: here

Supported Services

'AWS/S3'         		
'BitBucket'      		
'CloudFront'     		
'Github'         		
'Shopify'        		
'Desk'           		
'Fastly'         		
'FeedPress'      		
'Ghost'          		
'Heroku'         		
'Pantheon'       		
'Tumbler'        		
'Wordpress'      		
'Desk'           		
'ZenDesk'        		
'TeamWork'       		
'Helpjuice'      		
'Helpscout'      		
'S3Bucket'       		
'Cargo'          		
'StatuPage'      		
'Uservoice'      		
'Surge'          		
'Intercom'       		
'Webflow'        		
'Kajabi'         		
'Thinkific'      		
'Tave'           		
'Wishpond'       		
'Aftership'      		
'Aha'            		
'Tictail'        		
'Brightcove'     		
'Bigcartel'      		
'ActiveCampaign' 		
'Campaignmonitor'		
'Acquia'         		
'Proposify'      		
'Simplebooklet'  		
'GetResponse'    		
'Vend'           		
'Jetbrains'      		
'Unbounce'       		
'Tictail'        		
'Smartling'      		
'Pingdom'        		
'Tilda'          		
'Surveygizmo'    		
'Mashery'        	

Installation:

# git clone https://github.com/m4ll0k/takeover.git
# cd takeover
# python takeover.py

or:

wget -q https://raw.githubusercontent.com/m4ll0k/takeover/master/takeover.py && python takeover.py

or:

pip install git+https://github.com/m4ll0k/takeover.git

Usage

$ python takeover.py --sub-domain site.site.com
$ python takeover.py --sub-domain site.site.com --set-proxy xxx.xxx.xxx.xxx
$ python takeover.py --sub-domain-list sub.txt --set-output sub_out.txt
$ python takeover.py --sub-domain-list sub.txt --set-output sub_out.txt --set-proxt xxx.xxx.xxx.xxx
$ python takeover.py --sub-domain-list sub.txt --set-output sub_out.txt --set-timeout 3