Subdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz.
How to install: HERE
Use
An only required flag is either –target or –targets
–target (string) – Set single or multiple (comma separated) target subdomain/s
–targets (string) – File name/path to the list of subdomains
–concurrency (integer) – Number of concurrent checks (default 10)
–hide_fails (boolean) – Hide failed checks and invulnerable subdomains (default false)
–https (boolean) – Use HTTPS by default if protocol not defined on a targeted subdomain (default false)
–timeout (integer) – HTTP request timeout in seconds (default 10)
–verify_ssl (boolean) – If set to true, it won’t check the site with invalid SSL
Target subdomain can have a protocol defined, if not http:// will be used by default if –https not specifically set to true.
- List of subdomains
- ./subzy –targets=list.txt
- Single or few subdomains
- ./subzy –target=test.google.com
- ./subzy –target=test.google.com,https://test.yahoo.com
Copyright (C) 2019 LukaSikic
Source: https://github.com/LukaSikic/