Takeover: Subdomain Takeover Vulnerability Scanner


Takeover: Subdomain Takeover Vulnerability Scanner

Takeover allows the user to target subdomains which point towards a service such as Github or Heroku which has been removed or deleted. This vulnerability scanner tool scans through the various subdomains of a website to find this vulnerability.

Takeover: Subdomain Takeover Finder

After installing and running Takeover, the user must give the subdomain name which the tool will scan through. The user also has the option to scan through multiple targets through a text file. In addition to this, the number of threads can be defined allowing for quicker execution. With this tool, the user can also connect to the target through a proxy.

Supported Services:

AWS/S3
BitBucket
CloudFront
Github
Shopify
Desk
Fastly
FeedPress
Ghost
Heroku
Pantheon
Pingdom
Tumbler
Wordpress
ZenDesk
TeamWork
Helpjuice
GetResponse
Helpscout
S3Bucket
Cargo
StatuPage
Intercom
And much more

Features:

  • Scan for vulnerable subdomains.
  • Scan for multiple subdomains at the same time.
  • Can use multiple threads at the same time.
  • Supports more than 30 services.

Supported Platforms:

  • Linux
  • Windows

Requirements:

  • Python 3

Install Takeover

Clone the GitHub repo:

$ git clone https://github.com/m4ll0k/takeover.git

Navigate to the working directory and install the setup:

$ cd takeover
$ python3 setup.py install

Alternatively, ‘GNU wget’ can be used to install this tool with the following command:

$ wget -q https://raw.githubusercontent.com/m4ll0k/takeover/master/takeover.py && python3 takeover.py

Usage

Enter the following command:

$ python3 takeover.py 
   /~\
  C oo   ---------------
 _( ^)  |T|A|K|E|O|V|E|R|
/   ~\  ----------------
#> by M'hamed (@m4ll0k) Outaadi
#> http://github.com/m4ll0k
----------------------------------------
Usage: takeover.py [OPTION]
 
-d Set domain URL (e.g: www.test.com)
-t Set threads, default 1
-l Scan multiple targets in a text file
-p Use a proxy to connect the target URL
-o Use this settings for save a file, args=json or text
-T Set a request timeout,default value is 20 seconds
-k Process 200 http code, cause more false positive
-v Verbose, print more info

Usage Example

$ python3 takeover.py -d www.domain.com -v 
$ python3 takeover.py -d www.domain.com -v -t 30
$ python3 takeover.py -d www.domain.com -p http://127.0.0.1:8080 -v 
$ python3 takeover.py -d www.domain.com -o  or  -v 
$ python3 takeover.py -l uber-sub-domains.txt -o output.txt -p http://xxx.xxx.xxx.xxx:8080 -v 
$ python3 takeover.py -d uber-sub-domains.txt -o output.txt -T 3 -v 
Download Box