Working with Sub404 Tool on Kali Linux OS
Example 1: Domain Name of the Target
1. In the below Example, We are providing the domain name to be tested for Subdomain Takeover. So we have provided our target as w3wiki.org. Sub404 will automatically test subdomains of w3wiki.org for Takeover.
2. In the below Screenshot, You can see that we have got the results of the Subdomain scan. There is the possibility of Subdomain Takeover on the subdomain apiapp.w3wiki.org
Example 2: Scan from Subdomain File
1. In the above example, the tool was automatically testing subdomains without asking for any list or subdomains, but we can provide a subdomains list explicitly. In the below Screenshot, we have subdomains.txt file which contains subdomains of w3wiki.org
2. In the below Screenshot, You can see that we have got the results of our test. As w3wiki.org is a secured website Sub404 has not detected any vulnerability on w3wiki.org
Example 3: Set Protocol for Requests
1. In this Example, We are explicitly providing the protocol for making requests. By default, HTTP protocol is used, so we are specifying HTTPS using -p tag
Sub404 – Tool To Check Subdomain Takeover Vulnerability in Linux
The rights and permission to manage the subdomains are in the website owner’s hands, but what if we collect the subdomains without rights Yes, we can do that, known as Subdomain Takeover. Subdomain Takeover is the vulnerability of gain control over a specific subdomain by an unidentified or unauthorized person. The attacker successfully takes the subdomain in his power and does whatever he wants, like creating a new database, creating a phishing website, cloning the domain, etc. Sub404 is an automated tool based on python language used to test the subdomains of the primary target for Subdomain Takeover vulnerability. Sub404 is an opens source tool an free to use. Sub404 tool can fetch CNAME of 404 response code URL and remove all URL with target domain in CNAME. So chances of false positives are high.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux