Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since it’s redesign, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful.
You need to have Golang installed on your machine. There are no additional requirements for this tool.
go get github.com/Ice3man543/SubOver
./SubOver -l subdomains.txt
-lList of Subdomains
-tNumber of concurrent threads. (Default 10)
-vShow verbose output (Default False)
-httpsForce HTTPS Connection (Default HTTP)
-timeoutSet custom timeout (Default 10)
-hShow help message
Currently Checked Services
Github, Heroku, Unbounce, Tumblr, Shopify, Instapage, Desk, Tictail, Campaignmonitor, Cargocollective, Statuspage, Amazonaws, Cloudfront, Bitbucket, Smartling, Acquia, Fastly, Pantheon, Zendesk, Uservoice, Ghost, Freshdesk, Pingdom, Tilda, WordPress, Teamwork, Helpjuice, Helpscout, Cargo, Feedpress, Surge, Surveygizmo, Mashery, Intercom, Webflow, Kajabi, Thinkific, Tave, Wishpond, Aftership, Aha, Brightcove, Bigcartel, Activecompaign, Compaignmonitor, Acquia, Proposify, Simplebooklet, Getresponse, Vend, Jetbrains, Azure
Count : 51
Q: What should my wordlist look like?
A: Your wordlist should include a list of subdomains you’re checking and should look something like:
[1.1.1] – 2018-03-20
- Providers corrected using EdOverflow’s Awesome List
- Added Information regarding various takeovers to the tool
[1.1.0] – 2018-03-16
- Rewritten from scratch in Golang
- This time it’s damn fast because of Go Concurrency.
- The console output looks better 🙂
[1.0.0] – 2018-02-04
- Initial Release with 35 Services written in Python.
- Pretty Slow 🙂