ice3man543 / subover Goto Github PK
View Code? Open in Web Editor NEWA Powerful Subdomain Takeover Tool
License: BSD 2-Clause "Simplified" License
A Powerful Subdomain Takeover Tool
License: BSD 2-Clause "Simplified" License
hello,
congrats for the tool, is awesome..!
can you please consider in the next release embedding providers.json in the tool so i wont have to change directory everytime i wanna scan some text file that is in an other dir ..
thanks
i get this 2 errors while running the tool and it stops scanning the other subdomains:
2019/11/29 18:09:21 [ERROR] Get: asda.asde.com => [Get http://asda.asde.com/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)] 2019/11/29 18:09:21 [ERROR] Get: asda.asde222.com => [Get http://asda.asde222.com/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)]
Am i doing something wrong? i'm running the tool with go run subover.go -l subs.txt
Hi,
Your tool gave me this output: Takeover Possible At :
This is the dig output:
DiG 9.11.3-1ubuntu1-Ubuntu <<>> CNAME unbouncepages.com
it determined that out of this output the domain is vulnerable to subdomain takeover,
when registering to unbouncepages.com to try to claim the original domain it says that the domain is already in use.
I am facing this error but i did not change the providers.json directory or nothing. I installed the tool and tried to run it and got that error.
I did what is written in the documentation:
go get github.com/Ice3man543/SubOver
Now, I find a new file ~/go/bin/SubOver
in my personal home directory. When I now call ~/go/bin/SubOver
, I get this message
$ ~/go/bin/SubOver -l output.temp
SubOver v.1.2 Nizamul Rana (@Ice3man)
==================================================
open /src/github.com/Ice3man543/SubOver/providers.json: no such file or directory
Edit
I've done this on an Ubuntu 18.04 machine.
-o is useless coz results output only on screen and never to file. Please fix this
create your wordlist with studio.wrike.com
this domain is takeover possible but your tool is unable to detect it.
First off, love the tool. Great work.
Since Cloudfront domains can be either HTTP or HTTPS, can you add functionality to also check whichever protocol wasn't supplied? Maybe this could be a boolean argument like --check-protocols
or something.
I'd fork and add it, but I haven't learned Go yet.
Thanks!
Heya,
Curious what improvements/differences this has over https://github.com/anshumanbh/tko-subs and/or other existing tools to warrant the 'most powerful' label.
Always curious about new tools and how they can improve my efficiency :3
When running the tool against a list there isn't any output from the tool within the terminal or the output file. It seems like the tool isn't actually running against the targets and just exits.
OS: High Sierra
Traffic Manager lets you route traffic within Azure. Using cnames to xxx.trafficmanager.net it's sometimes possible to takeover such routing. Portal link: https://portal.azure.com/#create/Microsoft.WebSite
More info: https://azure.microsoft.com/en-us/services/traffic-manager/
Hello sir,
Can i install it on windows7?if yes then what is the procedure and commands?
i have seen other people having same problem has been resloved but i wsl2 and i dont see Iceman in my go github.com
hello how do i solve this error ?
sudo ./SubOver -l guardian.txt -v
invalid character '<' looking for beginning of value
Hi,
It would be great if SubOver can also append www.
in front of list provided and then check them to see if it gives different result.
Reference : https://www.freelists.org/post/bugbounty/Bug-bounty-tip-The-www-subdomain-takeover-trick
Regards,
@bugbaba
subover.go:10:5: cannot find package "github.com/parnurzeal/gorequest" in any of:
c:\go\src\github.com\parnurzeal\gorequest (from $GOROOT)
C:\Users\rizal\go\src\github.com\parnurzeal\gorequest (from $GOPATH)
I run it at windows? Is that possible?
If I run SubOver -l subdomains.txt like in the description an error appears:
SubOver v.1.2 Nizamul Rana (@Ice3man)
==================================================
open providers.json: no such file or directory
What is providers.json for a file?
I am getting below error when running the ./subover.go
./subover.go: line 1: //: Is a directory
./subover.go: line 2: package: command not found
./subover.go: line 4: syntax error near unexpected token newline' ./subover.go: line 4:
import ('
When I try go build subover.go
to install script, I get the following error:
/root/go/src/github.com/parnurzeal/gorequest/gorequest.go:32:2: cannot find package "golang.org/x/net/publicsuffix" in any of:
/usr/lib/go-1.11/src/golang.org/x/net/publicsuffix (from $GOROOT)
/root/go/src/golang.org/x/net/publicsuffix (from $GOPATH)
Please provide a complete installation guide.
Line 166 in 7d7ca40
Either use:
fmt.Printf("\n[\033[31;1;4mCLOUDFRONT\033[0m] Takeover Possible At : %s With HTTP & HTTPS\n", s.Url)
or
fmt.Println("\n[\033[31;1;4mCLOUDFRONT\033[0m] Takeover Possible At : " + s.Url + " With HTTP & HTTPS")
Hello i just got this ...
[~] Enjoy your hunt !
There is a bug in the program. It keeps running indefinitely even on ending the queue. This leads to output not working. It's a good first issue for anyone to tackle.
I will fix it in future. But if someone does it, I'll be glad.
You might need to update the providers.json to detect the Github Page TakeOver at
Line 4 in 0d5eed6
For my case the DNS for the takeover looked like
github.github.io. 1412 IN CNAME sni.github.map.fastly.net.
What do you think about updating it to match the following ?
"cname":["github.io", "fastly.net", "github.com", "github.map"],
Cheers
Line 116 in ae4a856
Hello,
When I execute this tool this is the output that I get:
Sub0ver -v -l domains.txt
It looks like the tool isn't working.
The content of the file domains.txt is a list of domains, for example:
www.example.com
new.domain.com
other.domain.com
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.