Filtering http responses for subdomain takeover

Information Security Asked by kirill .z on December 21, 2020

I try to automate a solution to check hosts for Subdomain takeover vuln. First I get all subdomain’s responses, then use the loop to checking keywords:

if grep -l 'Repository not found|The specified bucket does not exist|Github Pages site here|No such app|Sorry, this shop is currently unavailable|404 Blog is not found|is not a registered InCloud YouTrack' "$X"; then
    echo "$line" >> ./$1/$foldername/vulnerable.txt
fi

Do I need more specific keywords to catch subdomain takeover vuln inside http response bodies? Or something different at all?

sub domain

Filtering http responses for subdomain takeover

Add your own answers!

Related Questions

Hardware components based on which to generate password

What are the prerequisites for cloning a Trusted Platform Module (TPM), and how does that affect security?

Ways to configure a router

Protecting firmware .bin from reverse engineering

Does HTTP/2 prevent security vulnerabilites like CRLF injection?

Do incident response plans include playbooks?

PMK is what prevent to generate the PTK and decrypt the traffic?

Is this event a security concern: Windows 10: Event 360, User Device Registration?

Smart card + GnuPG: what is stored in my keyring/how to adopt smart card?

If a hacker were to obtain a shipping tracking number what could be compromised?

Can firewalls decrypt SSL packets?

Associate API key with user

Trusting CA Certificates by Thumbprint

Device authentication, common method

Should I contact the manufacturer if their product allows access to other users’ location information?

What are the roles of the “PACKAGER” in a digital rights management system?

How does Google track users in Incognito mode?

Polymorphic Analysis

How exactly can an infected Samsung TV record private conversations in a room?

Getting the hostname of devices in the local lan

Ask a Question