Subdominator: Open-source tool for detecting subdomain takeovers - Help Net Security (2024)

Subdominator is a dependable and fast open-source command-line interface tool to identify subdomain takeovers. It boasts superior accuracy and reliability, offering improvements compared to other tools.

Subdominator: Open-source tool for detecting subdomain takeovers - Help Net Security (1)

“Initially, Subdominator was created internally because all the current subdomain takeover tools had gaps in their functionality. No tool had a complete set of accurate service fingerprints or features. As a cybersecurity company, we want to ensure our clients get consistent and comprehensive testing, so I developed a new tool to fill the gaps. While developing it, I discovered that there were features and optimizations that none of the existing tools had too, even if you used them in combination,” Colin Watson, CTO at Stratus Security, told Help Net Security.

Subdominator features

Service fingerprint accuracy: All of them have been vetted and consolidated, so they are all accurate. This was a big issue in other tools.

Fingerprint count: The tool has 97 service fingerprints. Stratus Security reviewed every other tool the internet offered, and the next best was 80. Most popular tools have less than 50.

Nested DNS support: Subdominator will check the entire CNAME chain until it finds an A record, making sure nothing is missed (None of the other tools went past the first CNAME).

Alternate DNS records: The fingerprints support A and AAAA record matching, finding takeovers that have never been detectable before.

Speed: The tool runs ~8x faster than existing tools, a test on ~100,000 records took 19 minutes for us and 2.5 hours for every other tool (give or take a few minutes for each tool).

Plans for the future

Watson told us they are currently adding support for additional fingerprints, more output formats, and validators. The validators, in particular, will be great for cutting down on false positives from services like Azure, which historically needed to be manually checked. They are also hoping for the community to suggest some features.

Subdominator is available for free on GitHub.

Subdominator: Open-source tool for detecting subdomain takeovers - Help Net Security (2)

Must read:

Subdominator: Open-source tool for detecting subdomain takeovers - Help Net Security (3)

Subdominator: Open-source tool for detecting subdomain takeovers - Help Net Security (2024)

FAQs

What is the best tool to check subdomain takeover? ›

Subdominator is a dependable and fast open-source command-line interface tool to identify subdomain takeovers.

What are some measures that can be taken to prevent subdomain takeover attacks? ›

Regularly Audit and Clean DNS Records

Regular DNS configuration reviews, especially CNAME and TXT records, are crucial. Removing or updating any outdated or irrelevant subdomain entries that point to third-party services that are no longer in use prevents vulnerable subdomains that attackers could take advantage of.

What is a subdomain takeover vulnerability? ›

A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), but no host is providing content for it.

Is subdomain takeover illegal? ›

Subdomain takeover can have severe legal implications, as attackers may engage in illegal activities or host malicious content on compromised subdomains. It's crucial to report any such incidents to law enforcement authorities and take immediate steps to mitigate the risks to protect your reputation and users.

What is the best tool to find subdomains? ›

The Best Subdomain Enumeration Tools
  • Google Dorking. Google Dorking is a passive subdomain enumeration technique using Google's advanced search operators, like "site:" to find information about a target, including subdomains. ...
  • Sublist3r. ...
  • Amass. ...
  • Recon-ng. ...
  • SubDomainizer. ...
  • Pentest Tools Subdomain Finder. ...
  • crt.sh. ...
  • Shodan.
May 13, 2024

What is the difference between DNS takeover and subdomain takeover? ›

A subdomain takeover occurs when you take over the service that some DNS records are pointing to. A DNS takeover occurs when you take over the DNS server that is assigned to that host. DNS takeovers are typically more severe because they give the attacker more control.

How to find dangling subdomains? ›

To identify DNS entries within your organization that might be dangling, use Microsoft's GitHub-hosted PowerShell tools "Get-DanglingDnsRecords". This tool helps Azure customers list all domains with a CNAME associated to an existing Azure resource that was created on their subscriptions or tenants.

What are subdomains in cyber security? ›

Subdomains are an integral part of the domain naming system (DNS) and serve as a means to organize and compartmentalize web content. These subdomains, typically represented as "sub.example.com," extend the functionality of a primary domain and often house distinct web services, applications, or microsites.

What is DNSSEC support? ›

The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups. It does not provide privacy protections for those lookups, but prevents attackers from manipulating or poisoning the responses to DNS requests.

Who owns a subdomain? ›

Let's say you are making a pitch to a client to create their new website. You can create a subdomain that is specifically intended for them to give an idea of what their new website might look like. This is hosted on your own main domain, while retaining ownership of the subdomain.

Which type of vulnerability can lead to account takeover? ›

Attackers can execute ATO attacks through various methods, including phishing, credential stuffing, malware, and exploiting security vulnerabilities. These techniques aim to steal or guess login credentials or exploit authenticated sessions.

What is a dangling subdomain? ›

A subdomain takeover can occur when you have a DNS record that points to a deprovisioned Azure resource. Such DNS records are also known as "dangling DNS" entries. Subdomain takeovers enable malicious actors to redirect traffic intended for an organization's domain to a site performing malicious activity.

What can hackers do with subdomains? ›

Here are just the 11 most common ways cybercriminals use hacked subdomains:
  • 1) Deface a website page and hurt a company's reputation. ...
  • 2) Steal user data. ...
  • 3) Create a “phishing” page on a credible subdomain. ...
  • 4) Put a redirect to a malicious website. ...
  • 5) Blackmail a company to get paid. ...
  • 6) Steal the source code of a website.
Jul 14, 2021

Why is subdomain not secure? ›

to secure a subdomain you need to either generate a new certificate for each subdomain or use a wildcard SSL certificate. A wildcard SSL certificate will automatically secure the main domain and all subdomains. A wildcard SSL certificate can be generated by using the Let's Encrypt DNS verification method.

Can a subdomain be malicious? ›

Phishing: SubdoMailing attackers use compromised subdomains to send massive amounts of spam emails. These emails can appear legitimate, tricking recipients into clicking malicious links or opening attachments.

What is subdomain checker? ›

Guardio Labs' SubdoMailing Checker

Guardio released a SubdoMailing Checker tool that quickly allows users to check if a domain has been compromised. It flags the affected subdomain and the date it was hijacked, along with clear guidance on how to protect your domain in the future.

What is subdomain hijacking? ›

It's a cyber threat executed when an attacker gains control of a legitimate subdomain that's no longer in use, then cleverly exploits the forgotten or misconfigured dangling DNS to host their own content on the previously used zone.

What is subdomain enumeration tool? ›

Subdomain enumeration is the process of listing out all the valid subdomains that are part of the larger domain.

References

Top Articles
Funeral for Johnny and Matthew Gaudreau scheduled for church Monday in suburban Philadelphia | CBC Sports
All Obituaries | Lynch-Green Funeral Home | St. Marys PA funeral home and cremation
Walgreens Boots Alliance, Inc. (WBA) Stock Price, News, Quote & History - Yahoo Finance
Craigslist Houses For Rent In Denver Colorado
Missing 2023 Showtimes Near Cinemark West Springfield 15 And Xd
Hawkeye 2021 123Movies
Sprague Brook Park Camping Reservations
Publix 147 Coral Way
Tight Tiny Teen Scouts 5
Otr Cross Reference
Transformers Movie Wiki
Culvers Tartar Sauce
5808 W 110Th St Overland Park Ks 66211 Directions
No Strings Attached 123Movies
Conan Exiles Thrall Master Build: Best Attributes, Armor, Skills, More
Truth Of God Schedule 2023
WEB.DE Apps zum mailen auf dem SmartPhone, für Ihren Browser und Computer.
Comics Valley In Hindi
How do I get into solitude sewers Restoring Order? - Gamers Wiki
Nail Salon Goodman Plaza
Voy Boards Miss America
Roll Out Gutter Extensions Lowe's
Divina Rapsing
Accuweather Mold Count
Craigslist West Valley
Walgreens Tanque Verde And Catalina Hwy
Leccion 4 Lesson Test
Never Give Up Quotes to Keep You Going
Optum Urgent Care - Nutley Photos
Certain Red Dye Nyt Crossword
Tom Thumb Direct2Hr
How rich were the McCallisters in 'Home Alone'? Family's income unveiled
Top Songs On Octane 2022
Shauna's Art Studio Laurel Mississippi
Mobile Maher Terminal
Newcardapply Com 21961
Tributes flow for Soundgarden singer Chris Cornell as cause of death revealed
Breckie Hill Fapello
Uhaul Park Merced
Louisville Volleyball Team Leaks
Giantess Feet Deviantart
Bismarck Mandan Mugshots
Emerge Ortho Kronos
3302577704
Miami Vice turns 40: A look back at the iconic series
Cl Bellingham
Trivago Sf
Tattoo Shops In Ocean City Nj
Haunted Mansion (2023) | Rotten Tomatoes
Race Deepwoken
Unpleasant Realities Nyt
Glowforge Forum
Latest Posts
Article information

Author: Pres. Carey Rath

Last Updated:

Views: 6283

Rating: 4 / 5 (61 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Pres. Carey Rath

Birthday: 1997-03-06

Address: 14955 Ledner Trail, East Rodrickfort, NE 85127-8369

Phone: +18682428114917

Job: National Technology Representative

Hobby: Sand art, Drama, Web surfing, Cycling, Brazilian jiu-jitsu, Leather crafting, Creative writing

Introduction: My name is Pres. Carey Rath, I am a faithful, funny, vast, joyous, lively, brave, glamorous person who loves writing and wants to share my knowledge and understanding with you.