Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/topscoder/subgomain

A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.
https://github.com/topscoder/subgomain

bugbounty bugbounty-tool domain-takeover infosec infosectools security security-tools subdomain-takeover

Last synced: 2 days ago
JSON representation

A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.

Host: GitHub
URL: https://github.com/topscoder/subgomain
Owner: topscoder
Created: 2024-05-30T12:40:54.000Z (6 months ago)
Default Branch: main
Last Pushed: 2024-06-25T07:15:45.000Z (5 months ago)
Last Synced: 2024-06-25T08:56:58.601Z (5 months ago)
Topics: bugbounty, bugbounty-tool, domain-takeover, infosec, infosectools, security, security-tools, subdomain-takeover
Language: Go
Homepage:
Size: 192 KB
Stars: 4
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Subgomain

Subgomain is a command-line tool for checking domains for vulnerabilities related to subdomain takeover. It checks a list of domains provided via input against known fingerprints stored in a JSON file. Possible vulnerabilities are identified through checks on DNS CNAME records, HTTP status codes, and string patterns in the HTML response content.

## Installation

You can install Subgomain using the following command:

```bash
go install -v github.com/topscoder/subgomain@latest
```

## Usage

```bash
subgomain -domain | -domains [-fingerprints ] [-resolvers ] [-threads ] [-timeout ] [-silent] [-debug]
```

### Arguments

#### Required
- `-domain `: Specifies the single domain to check.
- `-domains `: Specifies the path to the file containing the list of domains to check.

#### Optional
- `-fingerprints ` (optional): Specifies the URL or disk path to the JSON file containing fingerprints for identifying vulnerabilities. Optional. Defaults to a predefined URL.
- `-resolvers ` (optional): Specifies the URL to the TXT file containing DNS servers (resolvers) to be used. Optional. Defaults to a predefined URL.
- `-threads ` (optional, default 5): Specifies the number of concurrent threads to use for domain checking. Optional. Defaults to the number of logical CPUs.
- `-timeout ` (optional, default 2): Specifies the HTTP timeout in seconds. Optional. Defaults to 2 seconds.
- `-silent` (optional): If provided, only prints vulnerable domains without any additional output. Optional.
- `-debug` (optional): If provided, the application prints (loads of) debug messages.

## Examples

1. Check domains for vulnerabilities, printing both vulnerable and non-vulnerable domains:
```bash
subgomain -domains domains.txt
```

2. Check domains for vulnerabilities, printing only vulnerable domains:
```bash
subgomain -silent -domains domains.txt
```

3. Check domains using custom fingerprints file and increase the number of threads for faster processing:
```bash
subgomain -domains domains.txt -fingerprints https://example.com/custom_fingerprints.json -threads 10
```

## Contributing

Contributions are welcome! If you have suggestions, feature requests, or find a bug, please open an issue or submit a pull request.

## License

This project is licensed under the MIT License.