Sub404 – Tool To Check Subdomain Takeover Vulnerability in Linux

The rights and permission to manage the subdomains are in the website owner’s hands, but what if we collect the subdomains without rights Yes, we can do that, known as Subdomain Takeover. Subdomain Takeover is the vulnerability of gain control over a specific subdomain by an unidentified or unauthorized person. The attacker successfully takes the subdomain in his power and does whatever he wants, like creating a new database, creating a phishing website, cloning the domain, etc. Sub404 is an automated tool based on python language used to test the subdomains of the primary target for Subdomain Takeover vulnerability.  Sub404 is an opens source tool an free to use. Sub404 tool can fetch CNAME of 404 response code URL and remove all URL with target domain in CNAME. So chances of false positives are high.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Features of Sub404 Tool 

1. Sub404 tool is fast as it is an Asynchronous tool.
2. Sub404 tool uses two more tools along with it for subdomain detection (sublist3r and subfinder)
3. Sub404 tool supports saving the output of subdomains detected in a text file for further usage.
4. Sub404 tool is open source and free to use

Installation of Sub404 Tool on Kali Linux OS

Step 1: Check whether Python Environment is Established or not, use the following command.

python3

Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.

cd Desktop

Step 3: You are on Desktop now create a new directory called Sub404 using the following command. In this directory, we will complete the installation of the Sub404  tool.

mkdir Sub404 

Step 4: Now switch to the Sub404  directory using the following command.

cd Sub404 

Step 5: Now you have to install the tool. You have to clone the tool from Github.

git clone https://github.com/r3curs1v3-pr0xy/sub404.git

Step 6: The tool has been downloaded successfully in the Sub404 directory. Now list out the contents of the tool by using the below command.

ls

Step 7: You can observe that there is a new directory created of the Sub404 tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd sub404

Step 8: Once again to discover the contents of the tool, use the below command.

ls

Step 9: Download the required packages for running the tool, use the following command.

pip3 install -r requirements.txt

Step 10: Now we are done with our installation, Use the below command to view the help (gives a better understanding of the tool) index of the tool.

python3 sub404.py -h

Working with Sub404 Tool on Kali Linux OS

Example 1: Domain Name of the Target

1. In the below Example, We are providing the domain name to be tested for Subdomain Takeover. So we have provided our target as geeksforgeeks.org. Sub404 will automatically test subdomains of geeksforgeeks.org for Takeover.

2. In the below Screenshot, You can see that we have got the results of the Subdomain scan. There is the possibility of Subdomain Takeover on the subdomain apiapp.geeksforgeeks.org

Example 2: Scan from Subdomain File

1. In the above example, the tool was automatically testing subdomains without asking for any list or subdomains, but we can provide a subdomains list explicitly. In the below Screenshot, we have subdomains.txt file which contains subdomains of geeksforgeeks.org

2. In the below Screenshot, You can see that we have got the results of our test. As geeksforgeeks.org is a secured website Sub404 has not detected any vulnerability on geeksforgeeks.org

Example 3: Set Protocol for Requests

1. In this Example, We are explicitly providing the protocol for making requests. By default, HTTP protocol is used, so we are specifying HTTPS using -p tag