Another tool to test for subdomain take over. There are over 6 tools here hosted online.

Scan subdomains

Hello, sorry for such a silly question, but may I ask you to describe how exactly to create Heroku application. As I understood I need to create somehow application with `ololo-223` name in order to get site with a following hostname `ololo-223.herokussl.com` || `ololo-223.herokuapp.com`.. Thx

<h1>test</h1>

'"><h1>xss</h1>

hhh nice try

U 2

why Xss

How to find a website like example.com which serviceses are using via Sublist3r or other tool? Then check For Subdomain TakeOver?

Wow! it's cool.

nice

Hi Linus,

Today I found error on sub domain and CF but when I went clain it showed me this:
"com.amazonaws.services.cloudfront.model.CNAMEAlreadyExistsException:
One or more of the CNAMEs you provided are already associated with a
different resource. (Service: AmazonCloudFront; Status Code: 409; Error
Code: CNAMEAlreadyExists; Request ID:
9ab894fa-ca93-11e6-b854-c7ed94*****)
Cancel
Yes, Edit"

This means only error on both end doesnt confirm that there is sub domain vulnerability?

Hi,

What was the error you discovered on the subdomain? It does indeed sound like it is already taken.

Screenshot of error : http://prntscr.com/dnqgvj

[This comment has been answered elsewhere.]

Found cname with error "The request could not be satisfied." but getting same error "One or more of the CNAMEs you provided are already associated with a different resource", why it may not work? It's actually claimed by owner, but content just not served properly?

Hello Sir,
If there is a site called xyz.com and by using g suite i am claiming as it is my own domain...and i registered that as my own domain.....does that mean subdomain takeover ??

I thought you guys had a tool for testing this for sites. I can't find the link anymore.

Hi,

We stopped to offer this as a separate solution, but it is included in our main service. It is free to try out for 14 days (and more if you are non-commercial), so I would recommend to simple sign up at https://detectify.com instead.

hello every body., could any one please guide me after detect this problem,. how can we solve it? we can not see these subdomain in our server too..
my mail:info@keyhantrade.com

Can you suggest which tool is best when it comes to discovering sub domains? Any personal favorite?

Hi,

There are three main methods I would recommend for discovering subdomains, but there are of course many more possible.

1) Google the domain. By using Search operators you can control your search results and that way discover some subdomains that you might not have thought about. https://support.google.com/...

2) Use a tool that test some of the most common subdomains, there are many available but one of the most known one is Subbrute, https://github.com/TheRook/...

3) Search the domain in a database that collects subdomains. One of the most know here would be to simply search the domain at https://www.virustotal.com/

If you want to test your own domain you can just add it to our service as we have implemented several methods ourselves to make sure that we scan the whole scope of your domain.

Thanks Linus. As of now am using Subbrute. But many domain it shows are usually not reachable when tried from browser. Is there any reason to it.

Hi again,

The subdomain might be used for web on some other port, or it is simply used for something else. E.g., the subdomain might point to a server that exposes SSH, but it does not even have a web server installed.

Tl;dr: not all subdomains are used for web.

Gotcha.