subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go’s speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives
How To Install subjack Hostile Subdomain Takeover Tool?
git clone https://github.com/haccer/subjack.git
go build subjack.go
How To Use subjack Hostile Subdomain Takeover Tool:
./subjack -w domains.txt -t 100 -timeout 30 -o results.txt -https
-w domains.txt is your list of subdomains. I recommend using cname.sh (included in repository) to sift through your subdomain list for ones that have CNAME records attached and use that list to optimize and speed up testing. -t is the number of threads (Default: 10 threads). -timeout is the seconds to wait before timeout connection (Default: 10 seconds). -o results.txt where to save results to (Optional). -https enforces https requests which may return a different set of results and increase accuracy (Optional). Currently checks for: Amazon S3 Bucket Amazon Cloudfront Cargo Fastly FeedPress Ghost Github Helpjuice Help Scout Heroku Pantheon.io Shopify Surge Tumblr UserVoice WordPress WP Engine