Open In App

Sub404 – Tool To Check Subdomain Takeover Vulnerability in Linux

Last Updated : 22 Aug, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

The rights and permission to manage the subdomains are in the website owner’s hands, but what if we access the subdomains without rights. Yes, we can do that, known as Subdomain Takeover. Subdomain Takeover is the vulnerability to gain control over a specific subdomain by an unidentified or unauthorized person. The attacker successfully takes access of the subdomain and does whatever he wants, like creating a new database, creating a phishing website, cloning the domain, etc. Sub404 is an automated tool based on python language used to test the subdomains of the primary target for Subdomain Takeover vulnerability.  Sub404 is an open source tool and free to use. Sub404 tool can fetch CNAME of 404 response code URL and remove all URL with target domain in CNAME. So chances of false positives are high.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Features of Sub404 Tool 

  1. Sub404 tool is fast as it is an Asynchronous tool.
  2. Sub404 tool uses two more tools along with it for subdomain detection (sublist3r and subfinder)
  3. Sub404 tool supports saving the output of subdomains detected in a text file for further usage.
  4. Sub404 tool is open source and free to use

Installation of Sub404 Tool on Kali Linux OS

Step 1: Check whether Python Environment is Established or not, use the following command.

python3

Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.

cd Desktop

Step 3: You are on Desktop now create a new directory called Sub404 using the following command. In this directory, we will complete the installation of the Sub404  tool.

mkdir Sub404 

Step 4: Now switch to the Sub404  directory using the following command.

cd Sub404 

Step 5: Now you have to install the tool. You have to clone the tool from Github.

git clone https://github.com/r3curs1v3-pr0xy/sub404.git

Step 6: The tool has been downloaded successfully in the Sub404 directory. Now list out the contents of the tool by using the below command.

ls

Step 7: You can observe that there is a new directory created of the Sub404 tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd sub404

Step 8: Once again to discover the contents of the tool, use the below command.

ls

Step 9: Download the required packages for running the tool, use the following command.

pip3 install -r requirements.txt

Step 10: Now we are done with our installation, Use the below command to view the help (gives a better understanding of the tool) index of the tool.

python3 sub404.py -h

Working with Sub404 Tool on Kali Linux OS

Example 1: Domain Name of the Target

1. In the below Example, We are providing the domain name to be tested for Subdomain Takeover. So we have provided our target as geeksforgeeks.org. Sub404 will automatically test subdomains of geeksforgeeks.org for Takeover.

2. In the below Screenshot, You can see that we have got the results of the Subdomain scan. There is the possibility of Subdomain Takeover on the subdomain apiapp.geeksforgeeks.org

Example 2: Scan from Subdomain File

1. In the above example, the tool was automatically testing subdomains without asking for any list or subdomains, but we can provide a subdomains list explicitly. In the below Screenshot, we have subdomains.txt file which contains subdomains of geeksforgeeks.org

2. In the below Screenshot, You can see that we have got the results of our test. As geeksforgeeks.org is a secured website Sub404 has not detected any vulnerability on geeksforgeeks.org

Example 3: Set Protocol for Requests

1. In this Example, We are explicitly providing the protocol for making requests. By default, HTTP protocol is used, so we are specifying HTTPS using -p tag


Previous Article
Next Article

Similar Reads

Sub404 - Tool To Check Subdomain Takeover Vulnerability in Linux
The rights and permission to manage the subdomains are in the website owner's hands, but what if we collect the subdomains without rights Yes, we can do that, known as Subdomain Takeover. Subdomain Takeover is the vulnerability of gain control over a specific subdomain by an unidentified or unauthorized person. The attacker successfully takes the s
4 min read
Sub404 - Tool To Check Subdomain Takeover Vulnerability in Linux
The rights and permission to manage the subdomains are in the website owner's hands, but what if we collect the subdomains without rights Yes, we can do that, known as Subdomain Takeover. Subdomain Takeover is the vulnerability of gain control over a specific subdomain by an unidentified or unauthorized person. The attacker successfully takes the s
4 min read
Subzy - Subdomain takeover Vulnerability Checker Tool
Subzy is the tool that identifies or checks the subdomain takeover on the target domain or multiple subdomains. Subzy is the Golang language based-tool. Subdomain takeover tool, which works based on matching response fingerprints from can-i-take-over-xyz. This automated scanner can help you in bug bounty programs to find Subdomain Takeover bugs in
4 min read
Subjack - Subdomain Takeover Tool Written in Go
Subjack tool is a Go language-based tool that is used as a scanner for Hostile Subdomain takeover. Subjack tool is so powerful that it scans a massive number of subdomains with excellent speed and efficiency and gives the relevant results about the scan. Subjack also checks or scans the subdomains which don't have NXDOMAIN records. Subjack is an op
4 min read
Second-Order - Subdomain Takeover Scanner
The Second-Order tool is a cyber security-based tool that is used in the scanning of web applications for crawling the application and collecting the sensitive parameterized URLs and other data which match certain patterns and rules. This tool is developed in the Golang language and is available on the GitHub platform. This tool consists of various
2 min read
Subdomain takeover from scratch to advance
Sub-domain Takeover : Sub-domain takeover is a common and most popular vulnerability. If you are not aware of such kind of vulnerability, you can understand it as a class of security issues where the intention of an attacker is to take control of an organization's sub-domain via cloud services. Sub-domain takeover vulnerability sometimes may lead t
2 min read
Knock - Subdomain Scanner Tool in Kali Linux
Knock is a tool written in Python and is designed to enumerate subdomains in a target domain through a wordlist. Installation: First clone the tool from the GitHub repository by using the below command. git clone https://github.com/santiko/KnockPy.git Then Change to your preferred directory. cd KnockPy[caption width="800"]Fig 1: Cloning tool from G
2 min read
Anubis - Subdomain enumeration and information gathering tool in Kali Linux
Anubis is a tool for information gathering. This tool is very useful in the initial phases of penetration testing. The main technique used to find subdomain using many modules is to target bruteforce with an improved wordlist Anubis is a free and open-source tool available on GitHub. This tool is free means you can download and use this tool free o
2 min read
Subscraper - Subdomain enumeration tool in Kali Linux
Subscraper is a free and open-source tool available on GitHub. Subscraper is used for reconnaissance of subdomains. subscraper is used for finding the subdomain of the target website. This tool is used to find subdomains from a website/web application. Usually, what happens is that it become very difficult for a security researcher to find subdomai
2 min read
Domained - Multi Tool Subdomain Enumeration Suite on Kali Linux
Information Gathering is the crucial step in the process of penetration testing. The more you collect the information the more it will help you to get a better testing methodology. So for this purpose of Information Gathering, the Domained tool is created. Domained is a framework collection of various subdomain detection tools. Domained is a python
4 min read