diff --git a/README.md b/README.md index cc73f44..0a33bc4 100644 --- a/README.md +++ b/README.md @@ -1,33 +1,9 @@ # SubT | Subdomain Takeover Scanner +![image](Screenshoots/picture.png) ## Details -SubT is a Python tool designed to scan subdomains for potential takeover vulnerabilities based on CNAME and HTTP status codes. It checks each subdomain against a predefined list of vulnerable configurations stored in YAML files. -``` -┌──(root㉿tegalsec)-[/home/van/Project/subt] -└─# python subt.py example.com +SubT is a tool to check if a subdomain is vulnerable to subdomain takeover. It uses `subfinder` to search for subdomains, `dig` to check CNAME, and `curl` to check status code. -██████████████████████████ -█─▄▄▄▄█▄─██─▄█▄─▄─▀█─▄─▄─█ -█▄▄▄▄─██─██─███─▄─▀███─███ -▀▄▄▄▄▄▀▀▄▄▄▄▀▀▄▄▄▄▀▀▀▄▄▄▀▀ - -Subdomain Takeover Scanner -Author by Van | Tegalsec --------------------------- -[+] Checking subdomains for domain: example.com -hub.example.com [301] | Not vulnerable -creators.example.com [409] | vulnerable can be takeover! [cname.testimonial.to] -oneten.example.com [302] | Not vulnerable -video.example.com [404] | vulnerable can be takeover! [custom.gohire.io] -udacity.example.com [302] | Not vulnerable -tp-knowitgetit.example.com [404] | vulnerable can be takeover! [na-west1.surge.sh] -training.example.com [301] | Not vulnerable -forward-champions.example.com [301] | Not vulnerable -oneten-udacity.example.com [409] | vulnerable can be takeover! [cname.testimonial.to] -hello.example.com [302] | Not vulnerable -dashboard.example.com [302] | Not vulnerable -testimonial.example.com [301] | Not vulnerable -``` ## Features - **Subdomain Scanning**: Supports scanning subdomains from a file, a list of domains, or directly provided subdomains. - **Vulnerability Detection**: Identifies subdomains vulnerable to takeover based on CNAME and HTTP status codes. @@ -63,8 +39,39 @@ Scan Single Domain ``` python subt.py example.com ``` +``` +┌──(root㉿tegalsec)-[/home/van/Project/subt] +└─# python subt.py example.com + +██████████████████████████ +█─▄▄▄▄█▄─██─▄█▄─▄─▀█─▄─▄─█ +█▄▄▄▄─██─██─███─▄─▀███─███ +▀▄▄▄▄▄▀▀▄▄▄▄▀▀▄▄▄▄▀▀▀▄▄▄▀▀ + +Subdomain Takeover Scanner +Author by Van | Tegalsec +-------------------------- +[+] Checking subdomains for domain: example.com +hub.example.com [301] | Not vulnerable +creators.example.com [409] | vulnerable can be takeover! [cname.testimonial.to] +oneten.example.com [302] | Not vulnerable +video.example.com [404] | vulnerable can be takeover! [custom.gohire.io] +udacity.example.com [302] | Not vulnerable +tp-knowitgetit.example.com [404] | vulnerable can be takeover! [na-west1.surge.sh] +training.example.com [301] | Not vulnerable +forward-champions.example.com [301] | Not vulnerable +oneten-udacity.example.com [409] | vulnerable can be takeover! [cname.testimonial.to] +hello.example.com [302] | Not vulnerable +dashboard.example.com [302] | Not vulnerable +testimonial.example.com [301] | Not vulnerable +``` ### Contribution -Contributions are welcome! If you find any issues or have suggestions for improvement, please open an issue or submit a pull request. Make sure to follow the contribution guidelines. +If you discover a new vulnerable CNAME susceptible to subdomain takeover, feel free to create a new YAML file and upload it to the vulnerable/ folder. Please include accurate information about the CNAME and relevant status codes to ensure the vulnerability's validity. +``` +cname: "custom.example.com" +status_code: 404 +status: "vulnerable can be takeover!" +``` ### License This project is licensed under the MIT License - see the LICENSE file for details.