samhaxr/TakeOver-v1 samhaxr/TakeOver-v1

  • Stars
    star
    101
  • Rank 338,166 (Top 7 %)
  • Language
    Shell
  • License
    GNU General Publi...
  • Created about 6 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
samhaxr/TakeOver-v1
github

samhaxr

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability.

TakeOver-v1

What is Subdomain Takeover?

Subdomain Takeover is a type of vulnerability that arises when a subdomain points to an external service that has been deleted or is no longer in use. Common examples of these external services include Github, Heroku, Gitlab, and Tumblr. In this scenario, an attacker can exploit this vulnerability if the original owner fails to remove the DNS entry that points to the deleted service, allowing the attacker to takeover the subdomain by adding a CNAME file containing the subdomain name. This type of vulnerability can have significant security implications and requires careful attention to prevent exploitation.

Here is the command that checks CNAME record of a subdomain.

$dig CNAME apt.shopify.com --> apt.shopify.com.s3-website-us-east-1.amazonaws.com.

How Can Takeover script help bug bounty hunters?

Managing and securing large numbers of subdomains can be a challenging task for organizations. In order to effectively monitor subdomains for potential security risks, it is important to have a tool that can automate the process of checking CNAME records for each domain. The script in question takes a file name as input, and performs a series of actions to produce output that displays the CNAME record for each domain in the input file. This approach enables security professionals to easily manage and monitor a large number of subdomains, and can help to identify potential vulnerabilities more efficiently.

How can I recognise if the subdomain is vulnerable to subdomain takeover?

When a service is deleted, it is important to analyze the fingerprints that may be left behind when the DNS entry remains in place. In some cases, a vulnerable subdomain may display an error message when visited by an attacker, such as "There isn't a Github Pages site here." By carefully examining these error messages, security professionals can gain valuable insight into potential vulnerabilities that may exist within a domain or subdomain, and take steps to mitigate these risks. This type of analysis is essential for identifying and addressing security issues that may arise from improperly configured or abandoned services.

Alt text

Security researcher @edoverflow has listed all services and their fingerprints. For more detail visit https://github.com/EdOverflow/can-i-take-over-xyz

Youtube

Takeover-v1

More Repositories

1

hackbox

HackBox is a powerful and comprehensive tool that combines a variety of techniques for web application and network security assessments, including XSS testing, subdomain scanning, SSRF injection, and more. Its user-friendly interface and wide range of features make it a valuable asset for security professionals.
Python
371
star
2

recox

Master script for web reconnaissance
Shell
316
star
3

SXDork

A powerful tool that utilizes the technique of google dorking to search for specific information on the internet.
Python
97
star
4

VTScanner

A comprehensive Python-based security tool for file scanning, malware detection, and analysis in an ever-evolving cyber landscape.
Python
92
star
5

XXRF-Shots

XXRF Shots - Useful for testing SSRF vulnerability
JavaScript
74
star
6

AnonX

An Encrypted File transfer via AES-256-CBC
Shell
43
star
7

ASSAMEE

Free Advance encryptor for Anon Cloud
Shell
17
star
8

ssrfpayload4digitalocean

6
star
9

xsrf-webshots

Python
4
star
10

BlockChain-v1.2

Blockchain v1.2 is a BTC lookup script written in Bash. The script can be used to track any Bitcoin address including total transactions, total received amount, final amount etc.
Shell
4
star
11

exp-db-script

Shell
3
star
12

Prototype-pollution-exploit-ctf

RCE exploit via prototype pollution vulnerability
Python
2
star
13

pstrom

Shell
1
star
14

luhn

Luhn checksum formula from Luhn algorithm/ mod10
Shell
1
star
15

BlockCypherv1.0

BlockCypher script extracts information from Bitcoin transaction ID including Transaction Code, Fee, Transacted amount, Final amount, Block hash, Block size and the date and time when the transaction was comepleted.
Shell
1
star