SubOver – Subdomain Takeover Tool

Published On: June 22, 2018

Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since it’s redesign, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful.

Installing You need to have Golang installed on your machine. There are no additional requirements for this tool.

go get github.com/Ice3man543/SubOver

Usage
./SubOver -l subdomains.txt

  • -l List of Subdomains
  • -a Check all hosts regardless of CNAME (Time Consuming and prone to fp’s)
  • -t Number of concurrent threads. (Default 10)
  • -v Show verbose output (Default False)
  • -https Force HTTPS Connection (Default HTTP)
  • -timeout Set custom timeout (Default 10)
  • -h Show help message

Currently Check Services

Github, Heroku, Unbounce, Tumblr, Shopify, Instapage, Desk, Tictail, Campaignmonitor, Cargocollective, Statuspage, Amazonaws, Cloudfront, Bitbucket, Smartling, Acquia, Fastly, Pantheon, Zendesk, Uservoice, Ghost, Freshdesk, Pingdom, Tilda, WordPress, Teamwork, Helpjuice, Helpscout, Cargo, Feedpress, Surge, Surveygizmo, Mashery, Intercom, Webflow, Kajabi, Thinkific, Tave, Wishpond, Aftership, Aha, Brightcove, Bigcartel, Activecompaign, Compaignmonitor, Acquia, Proposify, Simplebooklet, Getresponse, Vend, Jetbrains, Azure .

Related Post

CF-Hero : Find Real IP Behind Cloudflare

Related Post March 31, 2025

HExHTTP – HTTP Header Exploitation Tool

Related Post January 28, 2025

GWPSan: Sampling-Based Sanitizer Framework

Related Post June 10, 2024

Leave a Comment