Open In App

Subjack – Subdomain Takeover Tool Written in Go

Improve
Improve
Like Article
Like
Save
Share
Report

Subjack tool is a Go language-based tool that is used as a scanner for Hostile Subdomain takeover. Subjack tool is so powerful that it scans a massive number of subdomains with excellent speed and efficiency and gives the relevant results about the scan. Subjack also checks or scans the subdomains which don’t have NXDOMAIN records. Subjack is an open-source tool and free to use. The massive list of subdomains is checked parallelly, which reduces the time-consuming process.

Note: As Subjack is a Golang language-based tool, so you need to have a Golang environment on your system.

Tags of Subjack Tool:

Tag Description
-d This flag is used to check or scan a single target domain (e.g. geeksforgeeks.org)
-w This flag is used to provide input of subdomains in the form of a list or text.
-t This flag is used to specify the number of threads used while scanning. By default, the value of the thread is 10.
-timeout This flag is used to wait before the timeout connection. By default value of timeout is 10 seconds.
-o This flag is used to save the scan results in the File format or JSON format.
-ssl This flag enforces HTTPS requests which can return a different collection of outputs and increase accuracy.
-a This flag skips the CNAME checks.
-m This flag checks the dead recorded with valid CNAME entries.
-v This flag is used to display the output in more readable form
-c This flag is used to change the configuration file.

Installation of Subjack Tool in Kali Linux OS

Step 1: If you have downloaded Golang in your system, verify the installation by checking the version of Golang, use the following command.

go version

Subjack - Subdomain Takeover Tool Written in Go

Step 2: Get the Subjack repository or clone the Subjack tool from Github, use the following command.

sudo go get github.com/haccer/subjack

Step 3: Install the Subjack Tool, use the following tool.

sudo go install -v github.com/haccer/subjack

Step 4: Now Tool is installed successfully, check the help page of the tool to get a better understanding of tool usage.

subjack -h

Working with Subjack Tool

Example 1: Testing Domain

In this example, we will be testing the subdomains of geeksforgeeks.org. In the below Screenshot there is a .txt file that contains the subdomains of our target.

subjack -w /home/kali/Desktop/geeksforgeeeks.org_subdomains.txt

Subjack - Subdomain Takeover Tool Written in Go

In the below screenshot, we are starting our testing process on geeksforgeeks.org subdomains which we have stored in .txt file.

Subjack - Subdomain Takeover Tool Written in Go

Example 2: Providing Threads

In this example, we are using the -t tag for providing the custom threads. So in the below screenshot, we have given the -t tag with the value 20.

subjack -w /home/kali/Desktop/geeksforgeeeks.org_subdomains.txt -t 20

Subjack - Subdomain Takeover Tool Written in Go

Example 3: Timeout

In this example, we are specifying the timeout value as 30.

subjack -w /home/kali/Desktop/geeksforgeeeks.org_subdomains.txt -t 20 -timeout 30

Subjack - Subdomain Takeover Tool Written in Go

Example 4: Saving Output in File Format

Subjack tool provides the feature to store the output in various formats. So in this example, we are storing the output in file format.

subjack -w /home/kali/Desktop/geeksforgeeeks.org_subdomains.txt -t 20 -timeout 30 -o /home/kali/Desktop/subjackresult.txt

In the below Screenshot, the output of the above scan is stored in the file format names subjackresult.txt.

Example 5: Saving Output in JSON Format

Subjack tool provides the feature to store the output in various formats. So in this example, we are storing the output in JSON format.

subjack -w /home/kali/Desktop/geeksforgeeeks.org_subdomains.txt -t 20 -o /home/kali/Desktop/subjackresultjson.json

In the below Screenshot, the output of the above scan is stored in the JSON format names subjackresultjson.json.

Example 6: Skipping CNAME Check

In this example, we are skipping the CNAME Scan check using the tag -a.

subjack -w /home/kali/Desktop/geeksforgeeeks.org_subdomains.txt -t 20 -a

Example 7: Check Presence of Valid CNAME Check

In this example, we are checking for the presence of a Valid CNAME Check.

subjack -w /home/kali/Desktop/geeksforgeeeks.org_subdomains.txt -t 20 -m

Example 8: Display Verbose Information

In this example, we will be getting verbose of detailed output. In the below screenshot, you can see that we are getting the status of every subdomain whether it is Vulnerable or Not.

subjack -w /home/kali/Desktop/geeksforgeeeks.org_subdomains.txt -t 20 -v

Example 9: Force HTTPS connections

In this example, we will be forcing HTTPS connections to be scanned using the -ssl tag.

subjack -w /home/kali/Desktop/geeksforgeeeks.org_subdomains.txt -t 20 -ssl



Last Updated : 23 Aug, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads