Skip to content

A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.

Notifications You must be signed in to change notification settings

topscoder/subgomain

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

91 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Subgomain

Subgomain is a command-line tool for checking domains for vulnerabilities related to subdomain takeover. It checks a list of domains provided via input against known fingerprints stored in a JSON file. Possible vulnerabilities are identified through checks on DNS CNAME records, HTTP status codes, and string patterns in the HTML response content.

Installation

You can install Subgomain using the following command:

go install -v github.com/topscoder/subgomain@latest

Usage

subgomain -domain <domain> | -domains <filename> [-fingerprints <url_or_local_path>] [-resolvers <url>] [-threads <int>] [-timeout <seconds>] [-silent] [-debug]

Arguments

Required

  • -domain <domain>: Specifies the single domain to check.
  • -domains <path-to-domains-file>: Specifies the path to the file containing the list of domains to check.

Optional

  • -fingerprints <url-to-fingerprints-json> (optional): Specifies the URL or disk path to the JSON file containing fingerprints for identifying vulnerabilities. Optional. Defaults to a predefined URL.
  • -resolvers <url> (optional): Specifies the URL to the TXT file containing DNS servers (resolvers) to be used. Optional. Defaults to a predefined URL.
  • -threads <number-of-threads> (optional, default 5): Specifies the number of concurrent threads to use for domain checking. Optional. Defaults to the number of logical CPUs.
  • -timeout <seconds> (optional, default 2): Specifies the HTTP timeout in seconds. Optional. Defaults to 2 seconds.
  • -silent (optional): If provided, only prints vulnerable domains without any additional output. Optional.
  • -debug (optional): If provided, the application prints (loads of) debug messages.

Examples

  1. Check domains for vulnerabilities, printing both vulnerable and non-vulnerable domains:

    subgomain -domains domains.txt
  2. Check domains for vulnerabilities, printing only vulnerable domains:

    subgomain -silent -domains domains.txt
  3. Check domains using custom fingerprints file and increase the number of threads for faster processing:

    subgomain -domains domains.txt -fingerprints https://example.com/custom_fingerprints.json -threads 10

Contributing

Contributions are welcome! If you have suggestions, feature requests, or find a bug, please open an issue or submit a pull request.

License

This project is licensed under the MIT License.