Module Todo: Subdomain Hijacking

[aconite33]

Create a module that will support the identification of vulnerable subdomains that could be victim of a take over

https://medium.com/@nynan/what-i-learnt-from-reading-217-subdomain-takeover-bug-reports-c0b94eda4366

Examples Projects:

• https://github.com/gfek/Lepus/blob/master/submodules/TakeOver.py
• https://github.com/EdOverflow/can-i-take-over-xyz
• https://github.com/haccer/subjack
• https://github.com/shmilylty/OneForAll/blob/master/data/fingerprints.json
• https://github.com/Ice3man543/SubOver
• https://0xpatrik.com/subdomain-takeover-basics

[TheTechromancer]

Messaged @EdOverflow on Twitter to see if he's open to collaborating on his can-i-take-over-xyz repo, which seems to be the best repository for subdomain hijacking data. @liquidsec

[liquidsec]

putting on hold until a suitable long-term solution is nailed down for maintaining

[TheTechromancer]

[TheTechromancer]

Pull request opened: https://github.com/EdOverflow/can-i-take-over-xyz/pull/336

[TheTechromancer]

TIL that nuclei is where all the subdomain hijacking stuff is happening these days https://github.com/projectdiscovery/nuclei-templates/tree/master/takeovers

@liquidsec

[TheTechromancer]

Added in https://github.com/blacklanternsecurity/bbot/pull/212