Subgomain is a command-line tool for checking domains for vulnerabilities related to subdomain takeover. It checks a list of domains provided via input against known fingerprints stored in a JSON file. Possible vulnerabilities are identified through checks on DNS CNAME records, HTTP status codes, and string patterns in the HTML response content.
You can install Subgomain using the following command:
go install -v github.com/topscoder/subgomain@latest
subgomain -domain <domain> | -domains <filename> [-fingerprints <url_or_local_path>] [-resolvers <url>] [-threads <int>] [-timeout <seconds>] [-silent] [-debug]
-domain <domain>
: Specifies the single domain to check.-domains <path-to-domains-file>
: Specifies the path to the file containing the list of domains to check.
-fingerprints <url-to-fingerprints-json>
(optional): Specifies the URL or disk path to the JSON file containing fingerprints for identifying vulnerabilities. Optional. Defaults to a predefined URL.-resolvers <url>
(optional): Specifies the URL to the TXT file containing DNS servers (resolvers) to be used. Optional. Defaults to a predefined URL.-threads <number-of-threads>
(optional, default 5): Specifies the number of concurrent threads to use for domain checking. Optional. Defaults to the number of logical CPUs.-timeout <seconds>
(optional, default 2): Specifies the HTTP timeout in seconds. Optional. Defaults to 2 seconds.-silent
(optional): If provided, only prints vulnerable domains without any additional output. Optional.-debug
(optional): If provided, the application prints (loads of) debug messages.
-
Check domains for vulnerabilities, printing both vulnerable and non-vulnerable domains:
subgomain -domains domains.txt
-
Check domains for vulnerabilities, printing only vulnerable domains:
subgomain -silent -domains domains.txt
-
Check domains using custom fingerprints file and increase the number of threads for faster processing:
subgomain -domains domains.txt -fingerprints https://example.com/custom_fingerprints.json -threads 10
Contributions are welcome! If you have suggestions, feature requests, or find a bug, please open an issue or submit a pull request.
This project is licensed under the MIT License.