subjack
Subjack is a Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go’s speed and efficiency, this tool really stands out when it comes to mass-testing. Always double-check the results manually to rule out false positives
Details
Category: Misconfiguration
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/subjack:49c51e5-patch-1
Source URL: https://github.com/haccer/subjack
Parameters
domain
string
Command:
-d - Domainthreads
string
Command:
-t - Number of concurrent threads (Default: 10).verbose
boolean
Command:
-v - Display more information per each request.wordlist
file
requiredCommand:
-w - Wordlist file.force-ssl
string
Command:
-ssl - Force HTTPS connections (May increase accuracy (Default: http://).config-file
file
Command:
-c - Path to configuration file.timeout-sec
string
Command:
-timeout - Seconds to wait before connection timeout (Default: 10).find-hidden-gems
boolean
Command:
-a - Find those hidden gems by sending requests to every URL. (Default: Requests are only sent to URLs with identified CNAMEs)presence-of-dead-record
boolean
Command:
-m - Flag the presence of a dead record, but valid CNAME entry.