{"id":15115236,"url":"https://github.com/Stratus-Security/Subdominator","last_synced_at":"2025-09-27T20:32:12.670Z","repository":{"id":208000858,"uuid":"718493113","full_name":"Stratus-Security/Subdominator","owner":"Stratus-Security","description":"The Internets #1 Subdomain Takeover Tool","archived":false,"fork":false,"pushed_at":"2025-01-13T16:14:44.000Z","size":227,"stargazers_count":233,"open_issues_count":0,"forks_count":19,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-01-13T17:25:01.678Z","etag":null,"topics":["bug-bounty","infosec","penetration-testing","penetration-testing-tools","pentesting","security","subdomain","subdomain-takeover"],"latest_commit_sha":null,"homepage":"https://www.stratussecurity.com","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Stratus-Security.png","metadata":{"files":{"readme":"ReadMe.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-14T07:37:28.000Z","updated_at":"2025-01-13T16:14:48.000Z","dependencies_parsed_at":"2024-01-12T09:07:00.509Z","dependency_job_id":"dae033db-f948-4345-8869-ff26f1f590d2","html_url":"https://github.com/Stratus-Security/Subdominator","commit_stats":null,"previous_names":["stratus-security/subdominator"],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Stratus-Security%2FSubdominator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Stratus-Security%2FSubdominator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Stratus-Security%2FSubdominator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Stratus-Security%2FSubdominator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Stratus-Security","download_url":"https://codeload.github.com/Stratus-Security/Subdominator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234460505,"owners_count":18836837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","infosec","penetration-testing","penetration-testing-tools","pentesting","security","subdomain","subdomain-takeover"],"created_at":"2024-09-26T01:43:43.561Z","updated_at":"2025-09-27T20:32:12.664Z","avatar_url":"https://github.com/Stratus-Security.png","language":"C#","funding_links":[],"categories":["C# #"],"sub_categories":[],"readme":"![GitHub Actions CI](https://github.com/Stratus-Security/Subdominator/workflows/CI/badge.svg)\n![GitHub all releases](https://img.shields.io/github/downloads/Stratus-Security/Subdominator/total)\n\n# Subdominator šŸš€\n\n## Welcome to the Subdominator Club!\nMeet **Subdominator**, your new favourite CLI tool for detecting subdomain takeovers. It's designed to be fast, accurate, and dependable, offering [a significant improvement over other available tools](https://www.stratussecurity.com/post/the-ultimate-subdomain-takeover-tool).\n\nšŸ” Precision and speed are our goal. Subdominator delivers better results without the wait, see the benchmark and feature comparison below for details.\n\n## Installing šŸ› ļø\nTo quickly, get up and running, you can download the latest release for [windows](https://github.com/Stratus-Security/Subdominator/releases/latest/download/Subdominator.exe) or [linux](https://github.com/Stratus-Security/Subdominator/releases/latest/download/Subdominator).\nAlternatively, download it via CLI (remove .exe for linux version):\n```bash\nwget https://github.com/Stratus-Security/Subdominator/releases/latest/download/Subdominator.exe\n```\n\n## Quick Start šŸš¦\nTo quickly check a list of domains, simply run: \n```bash\nSubdominator -l subdomains.txt -o takeovers.txt\n```\nOr to quickly check a single domain, run:\n```bash\nSubdominator -d sub.example.com\n```\n\n## Options šŸŽ›ļø\n```\n-d, --domain \u003cdomain\u003e A single domain to check\n-l, --list \u003clist\u003e A list of domains to check (line delimited)\n-o, --output \u003coutput\u003e Output subdomains to a file\n-t, --threads \u003cthreads\u003e Number of domains to check at once; values \\\u003c= 0 use the default [default: 50]\n-v, --verbose Print extra information\n-q, --quiet Quiet mode: Only print found results\n-eu, --exclude-unlikely Exclude unlikely (edge-case) fingerprints\n-c, --csv \u003ccsv\u003e Column index or heading to parse for CSV file. Forces -l to read as CSV instead of line-delimited\n--validate Validate the takeovers are exploitable (where possible)\n--version Show version information\n-?, -h, --help Show help and usage information\n```\n\n## Output\nThere will be a periodic progress updates to the CLI, additionally output for vulnerable domains is indicated as shown below.\n\nBy default, only vulnerable domains will be printed or saved to the file along with the vulnerable DNS record(s).\nThe output format is as follows:\n```\n[Service Name] vulnerable.domain.com - RecordType: dns.record.com\n```\n\nFor example, a vulnerable Azure CDN takeover will look like this:\n```\n[Microsoft Azure] example.stratussecurity.com - CNAME: stratus-cdn-stg.azureedge.net\n``` \n\nIf you use the verbose flag, it will print all domains checked. \nFor example, this shows the same vulnerable domain and another non-vulnerable domain indicated by [-]:\n```\n[Microsoft Azure] example.stratussecurity.com - CNAME: stratus-cdn-stg.azureedge.net\n[-] www.stratussecurity.com\n```\n\nFinally, if a domain is vulnerable and passes validation with the --validation flag, it will be prepended with a āœ….\nThese domains have been validated to be vulnerable with the services directly, not just the fingerprint. For example:\n```\nāœ… [Microsoft Azure] example.stratussecurity.com - CNAME: stratus-cdn-stg.azureedge.net\n```\n\n## Demo\nThe tool running across 1000 passively gathered subdomains:\n![Demo](https://raw.githubusercontent.com/Stratus-Security/Subdominator/master/Demo.gif)\n\n## Benchmark šŸ“Š\nA benchmark was run across ~100,000 subdomains to compare performance with other popular tools\n| Tool | Threads | Time Taken |\n|--------------|---------|--------------------|\n| **Subdominator** | 50 | 19 minutes, 8 seconds |\n| Subjack | 50 | 2 hours, 30 minutes, 2 seconds |\n| Subdover | 50 | 2 hours, 33 minutes, 27 seconds |\n\n## Key Features šŸ”„\n- **Advanced DNS Matching**: Supports DNS matching for CNAME, A, and AAAA records.\n- **Recursive DNS Queries**: Performs in-depth queries to enhance accuracy and reduce false positives.\n- **Intelligent Domain Matching**: Uses a custom `public_suffix_list.dat` for more effective domain matching.\n- **Domain Registration Detection**: Checks for unregistered domains, with a more reliable method compared to other tools.\n- **High-Speed Performance**: Achieves faster results through intelligent DNS record matching.\n- **Vetted Ruleset**: Includes a thoroughly reviewed and updated ruleset.\n- **Comprehensive Detection**: Capable of identifying takeovers missed by other tools.\n- **Validation**: Dynamic takeover validation modules to check beyond fingerprints.\n\n## Feature Comparison šŸ„Š\n| Feature | Subdominator | Subjack | Subdover |\n|----------------------------------|--------------|---------|----------|\n| Advanced DNS Matching | āœ… | āŒ | āŒ |\n| Recursive DNS Queries | āœ… | āŒ | āŒ |\n| Intelligent Domain Matching | āœ… | āŒ | āŒ |\n| Domain Registration Detection | āœ… | āœ… | āŒ |\n| High-Speed Performance | āœ… | āŒ | āŒ |\n| Vetted and Updated Ruleset | āœ… | āŒ | āŒ |\n| Comprehensive Detection | āœ… | āŒ | āŒ |\n| Custom Fingerprint Support | āœ… | āœ… | āŒ |\n| Validation | āœ… | āŒ | āŒ |\n| Fingerprints | 97 | 35 | 80 |\n\n## Contributions\nGot a suggestion, fingerprint, or want to chip in? We're all ears! Open a PR or issue ā€“ this will keep subdominator on top! šŸ˜„\n\n## Fingerprints \nThe fingerprints and services are dynamically pulled from the [CanITakeOverXYZ repo](https://github.com/EdOverflow/can-i-take-over-xyz) as a source of truth. To fill in the gaps and correct incorrect fingerprints, this tool also has its own [custom fingerprints list](https://github.com/Stratus-Security/Subdominator/blob/master/Subdominator/custom_fingerprints.json) which is used in conjunction.\n\nBelow is the current list of services supported, to ignore edge cases use the `-eu` flag.\n| Service | Status |\n|---------|--------|\n| Acquia | Edge case |\n| ActiveCampaign | Vulnerable |\n| Aftership | Vulnerable |\n| Agile CRM | Vulnerable |\n| Aha | Vulnerable |\n| Airee.ru | Vulnerable |\n| Amazon Cognito | Vulnerable |\n| Anima | Vulnerable |\n| Announcekit | Vulnerable |\n| Apigee | Vulnerable |\n| Appery.io | Vulnerable |\n| AWS/Elastic Beanstalk | Vulnerable |\n| AWS/S3 | Vulnerable |\n| Better Uptime | Vulnerable |\n| BigCartel | Vulnerable |\n| Bitbucket | Vulnerable |\n| Branch.io | Vulnerable |\n| Brandpad | Vulnerable |\n| Brightcove | Vulnerable |\n| Bubble.io | Vulnerable |\n| Campaign Monitor | Vulnerable |\n| Canny | Vulnerable |\n| Cargo Collective | Vulnerable |\n| ConvertKit | Vulnerable |\n| DatoCMS.com | Vulnerable |\n| Digital Ocean | Vulnerable |\n| Discourse | Vulnerable |\n| EasyRedir | Vulnerable |\n| Fastly | Edge case |\n| Flexbe | Edge Case |\n| Flywheel | Vulnerable |\n| Frontify | Edge case |\n| Gemfury | Vulnerable |\n| GetCloudApp | Vulnerable |\n| Getresponse | Vulnerable |\n| Ghost | Vulnerable |\n| Gitbook | Vulnerable |\n| Github | Edge case |\n| HatenaBlog | Vulnerable |\n| Help Juice | Vulnerable |\n| Help Scout | Vulnerable |\n| Helprace | Vulnerable |\n| Heroku | Edge case |\n| Instapage | Edge case |\n| Intercom | Edge case |\n| JazzHR | Edge Case |\n| JetBrains | Vulnerable |\n| Kajabi | Vulnerable |\n| Landingi | Edge case |\n| LaunchRock | Vulnerable |\n| LeadPages.com | Vulnerable |\n| Mashery | Edge case |\n| Meteor Cloud (Galaxy) | Vulnerable |\n| Microsoft Azure | Vulnerable |\n| Netlify | Edge case |\n| Ngrok | Vulnerable |\n| Pagewiz | Vulnerable |\n| Pantheon | Vulnerable |\n| Pingdom | Vulnerable |\n| Proposify | Vulnerable |\n| Readme.io | Vulnerable |\n| Readthedocs | Vulnerable |\n| Refined | Vulnerable |\n| Shopify | Edge case |\n| Short.io | Vulnerable |\n| SimpleBooklet | Vulnerable |\n| SmartJobBoard | Vulnerable |\n| Smartling | Edge case |\n| Smugsmug | Vulnerable |\n| Softr | Vulnerable |\n| Sprintful | Vulnerable |\n| Strikingly | Vulnerable |\n| Surge.sh | Vulnerable |\n| Surveygizmo | Vulnerable |\n| SurveySparrow | Vulnerable |\n| Tave | Vulnerable |\n| Teamwork | Vulnerable |\n| Thinkific | Vulnerable |\n| Tictail | Vulnerable |\n| Tilda | Edge case |\n| Tribe | Vulnerable |\n| Tumblr | Edge case |\n| Uberflip | Vulnerable |\n| Unbounce | Edge case |\n| Uptimerobot | Vulnerable |\n| UseResponse | Vulnerable |\n| UserVoice | Edge case |\n| Vend | Vulnerable |\n| Vercel | Edge case |\n| Webflow | Edge case |\n| Wishpond | Vulnerable |\n| Wix | Edge case |\n| Wordpress | Vulnerable |\n| Worksites | Vulnerable |\n| Wufoo | Vulnerable |\n| Zendesk | Edge case |\n| Zoho Forms | Vulnerable |\n| Zoho Forms India | Vulnerable |","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FStratus-Security%2FSubdominator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FStratus-Security%2FSubdominator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FStratus-Security%2FSubdominator/lists"}