Subdominator: CLI tool for detecting subdomain takeovers
Subdominator
Meet Subdominator, your new favorite CLI tool for detecting subdomain takeovers. It’s designed to be fast, accurate, and dependable, offering a significant improvement over other available tools.
Benchmark 📊
A benchmark was run across ~100,000 subdomains to compare performance with other popular tools
| Tool | Threads | Time Taken |
|---|---|---|
| Subdominator | 50 | 19 minutes, 8 seconds |
| Subjack | 50 | 2 hours, 30 minutes, 2 seconds |
| Subdover | 50 | 2 hours, 33 minutes, 27 seconds |
Key Features 🔥
- Advanced DNS Matching: Supports DNS matching for CNAME, A, and AAAA records.
- Recursive DNS Queries: Performs in-depth queries to enhance accuracy and reduce false positives.
- Intelligent Domain Matching: Uses a custom public_suffix_list.dat for more effective domain matching.
- Domain Registration Detection: Checks for unregistered domains, with a more reliable method compared to other tools.
- High-Speed Performance: Achieves faster results through intelligent DNS record matching.
- Vetted Ruleset: Includes a thoroughly reviewed and updated ruleset.
- Comprehensive Detection: Capable of identifying takeovers missed by other tools.
- Validation: Dynamic takeover validation modules to check beyond fingerprints.
Feature Comparison 🥊
| Feature | Subdominator | Subjack | Subdover |
|---|---|---|---|
| Advanced DNS Matching | ✅ | ❌ | ❌ |
| Recursive DNS Queries | ✅ | ❌ | ❌ |
| Intelligent Domain Matching | ✅ | ❌ | ❌ |
| Domain Registration Detection | ✅ | ✅ | ❌ |
| High-Speed Performance | ✅ | ❌ | ❌ |
| Vetted and Updated Ruleset | ✅ | ❌ | ❌ |
| Comprehensive Detection | ✅ | ❌ | ❌ |
| Custom Fingerprint Support | ✅ | ✅ | ❌ |
| Validation | ✅ | ❌ | ❌ |
| Fingerprints | 97 | 35 | 80 |
Fingerprints
The fingerprints and services are dynamically pulled from the CanITakeOverXYZ repo as a source of truth. To fill in the gaps and correct incorrect fingerprints, this tool also has its own custom fingerprints list which is used in conjunction.
Below is the current list of services supported, to ignore edge cases use the -eu flag.
| Service | Status |
|---|---|
| Acquia | Edge case |
| ActiveCampaign | Vulnerable |
| Aftership | Vulnerable |
| Agile CRM | Vulnerable |
| Aha | Vulnerable |
| Airee.ru | Vulnerable |
| Amazon Cognito | Vulnerable |
| Anima | Vulnerable |
| Announcekit | Vulnerable |
| Apigee | Vulnerable |
| Appery.io | Vulnerable |
| AWS/Elastic Beanstalk | Vulnerable |
| AWS/S3 | Vulnerable |
| Better Uptime | Vulnerable |
| BigCartel | Vulnerable |
| Bitbucket | Vulnerable |
| Branch.io | Vulnerable |
| Brandpad | Vulnerable |
| Brightcove | Vulnerable |
| Bubble.io | Vulnerable |
| Campaign Monitor | Vulnerable |
| Canny | Vulnerable |
| Cargo Collective | Vulnerable |
| ConvertKit | Vulnerable |
| DatoCMS.com | Vulnerable |
| Digital Ocean | Vulnerable |
| Discourse | Vulnerable |
| EasyRedir | Vulnerable |
| Fastly | Edge case |
| Flexbe | Edge Case |
| Flywheel | Vulnerable |
| Frontify | Edge case |
| Gemfury | Vulnerable |
| GetCloudApp | Vulnerable |
| Getresponse | Vulnerable |
| Ghost | Vulnerable |
| Gitbook | Vulnerable |
| Github | Edge case |
| HatenaBlog | Vulnerable |
| Help Juice | Vulnerable |
| Help Scout | Vulnerable |
| Helprace | Vulnerable |
| Heroku | Edge case |
| Instapage | Edge case |
| Intercom | Edge case |
| JazzHR | Edge Case |
| JetBrains | Vulnerable |
| Kajabi | Vulnerable |
| Landingi | Edge case |
| LaunchRock | Vulnerable |
| LeadPages.com | Vulnerable |
| Mashery | Edge case |
| Meteor Cloud (Galaxy) | Vulnerable |
| Microsoft Azure | Vulnerable |
| Netlify | Edge case |
| Ngrok | Vulnerable |
| Pagewiz | Vulnerable |
| Pantheon | Vulnerable |
| Pingdom | Vulnerable |
| Proposify | Vulnerable |
| Readme.io | Vulnerable |
| Readthedocs | Vulnerable |
| Refined | Vulnerable |
| Shopify | Edge case |
| Short.io | Vulnerable |
| SimpleBooklet | Vulnerable |
| SmartJobBoard | Vulnerable |
| Smartling | Edge case |
| Smugsmug | Vulnerable |
| Softr | Vulnerable |
| Sprintful | Vulnerable |
| Strikingly | Vulnerable |
| Surge.sh | Vulnerable |
| Surveygizmo | Vulnerable |
| SurveySparrow | Vulnerable |
| Tave | Vulnerable |
| Teamwork | Vulnerable |
| Thinkific | Vulnerable |
| Tictail | Vulnerable |
| Tilda | Edge case |
| Tribe | Vulnerable |
| Tumblr | Edge case |
| Uberflip | Vulnerable |
| Unbounce | Edge case |
| Uptimerobot | Vulnerable |
| UseResponse | Vulnerable |
| UserVoice | Edge case |
| Vend | Vulnerable |
| Vercel | Edge case |
| Webflow | Edge case |
| Wishpond | Vulnerable |
| Wix | Edge case |
| WordPress | Vulnerable |
| Worksites | Vulnerable |
| Wufoo | Vulnerable |
| Zendesk | Edge case |
| Zoho Forms | Vulnerable |
| Zoho Forms India | Vulnerable |
