Filtering http responses for subdomain takeover

Information Security Asked by kirill .z on December 21, 2020

I try to automate a solution to check hosts for Subdomain takeover vuln. First I get all subdomain’s responses, then use the loop to checking keywords:

if grep -l 'Repository not found|The specified bucket does not exist|Github Pages site here|No such app|Sorry, this shop is currently unavailable|404 Blog is not found|is not a registered InCloud YouTrack' "$X"; then
    echo "$line" >> ./$1/$foldername/vulnerable.txt

Do I need more specific keywords to catch subdomain takeover vuln inside http response bodies? Or something different at all?

Add your own answers!

Related Questions

Ways to configure a router

3  Asked on December 8, 2021 by user136026


Can firewalls decrypt SSL packets?

3  Asked on November 30, 2021 by iancool


Associate API key with user

3  Asked on November 30, 2021 by brad-stevanus


Polymorphic Analysis

1  Asked on November 23, 2021 by user109889


Getting the hostname of devices in the local lan

0  Asked on November 23, 2021 by gilad-naaman


Ask a Question

Get help from others!

© 2023 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP