Filtering http responses for subdomain takeover

Information Security Asked by kirill .z on December 21, 2020

I try to automate a solution to check hosts for Subdomain takeover vuln. First I get all subdomain’s responses, then use the loop to checking keywords:

if grep -l 'Repository not found|The specified bucket does not exist|Github Pages site here|No such app|Sorry, this shop is currently unavailable|404 Blog is not found|is not a registered InCloud YouTrack' "$X"; then
    echo "$line" >> ./$1/$foldername/vulnerable.txt
fi

Do I need more specific keywords to catch subdomain takeover vuln inside http response bodies? Or something different at all?

sub domain

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Joshua Engel on Why fry rice before boiling?
Lex on Does Google Analytics track 404 page responses as valid page views?
haakon.io on Why fry rice before boiling?
Peter Machado on Why fry rice before boiling?
Jon Church on Why fry rice before boiling?