subjack

We have hosted the application subjack in order to run this application in our online workstations with Wine or directly.

Quick description about subjack:

Subjack is a Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass testing. Always double-check the results manually to rule out false positives. Subjack will also check for subdomains attached to domains that don't exist (NXDOMAIN) and are available to be registered. No need for dig ever again! This is still cross-compatible too. You can use scanio.sh which is kind of a PoC script to mass-locate vulnerable subdomains using results from Rapid7's Project Sonar. This script parses and greps through the dump for desired CNAME records and makes a large list of subdomains to check with subjack if they're vulnerable to Hostile Subdomain Takeover. Of course, this isn't the only method to get a large amount of data to test.

Features:

• Custom fingerprint support
• New Services (Re-added Zendesk && Added Readme, Bitly, and more)
• Slight performance enhancements
• Requires Go
• Add subjack to your workflow
• Subjack will also check for subdomains attached to domains that don't exist

Programming Language: Go.
Categories: