Skip to content
/ subgomain Public

A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.

5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

topscoder/subgomain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

91 Commits
.github/workflows
.github/workflows
 
 
domainchecker
domainchecker
 
 
fingerprints
fingerprints
 
 
logger
logger
 
 
tests
tests
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Subgomain

Subgomain is a command-line tool for checking domains for vulnerabilities related to subdomain takeover. It checks a list of domains provided via input against known fingerprints stored in a JSON file. Possible vulnerabilities are identified through checks on DNS CNAME records, HTTP status codes, and string patterns in the HTML response content.

Installation

You can install Subgomain using the following command:

go install -v github.com/topscoder/subgomain@latest

Usage

subgomain -domain <domain> | -domains <filename> [-fingerprints <url_or_local_path>] [-resolvers <url>] [-threads <int>] [-timeout <seconds>] [-silent] [-debug]

Arguments

Required

  • -domain <domain>: Specifies the single domain to check.
  • -domains <path-to-domains-file>: Specifies the path to the file containing the list of domains to check.

Optional

  • -fingerprints <url-to-fingerprints-json> (optional): Specifies the URL or disk path to the JSON file containing fingerprints for identifying vulnerabilities. Optional. Defaults to a predefined URL.
  • -resolvers <url> (optional): Specifies the URL to the TXT file containing DNS servers (resolvers) to be used. Optional. Defaults to a predefined URL.
  • -threads <number-of-threads> (optional, default 5): Specifies the number of concurrent threads to use for domain checking. Optional. Defaults to the number of logical CPUs.
  • -timeout <seconds> (optional, default 2): Specifies the HTTP timeout in seconds. Optional. Defaults to 2 seconds.
  • -silent (optional): If provided, only prints vulnerable domains without any additional output. Optional.
  • -debug (optional): If provided, the application prints (loads of) debug messages.

Examples

  1. Check domains for vulnerabilities, printing both vulnerable and non-vulnerable domains:

    subgomain -domains domains.txt

  2. Check domains for vulnerabilities, printing only vulnerable domains:

    subgomain -silent -domains domains.txt

  3. Check domains using custom fingerprints file and increase the number of threads for faster processing:

    subgomain -domains domains.txt -fingerprints https://example.com/custom_fingerprints.json -threads 10

Contributing

Contributions are welcome! If you have suggestions, feature requests, or find a bug, please open an issue or submit a pull request.

License

This project is licensed under the MIT License.

About

A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.

Topics

security infosec bugbounty security-tools subdomain-takeover domain-takeover bugbounty-tool infosectools

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 8

2024.06.6 Latest
Jun 15, 2024
+ 7 releases

Languages