Subdomain Takeover : A Challenge as Web App Vulnerability or Server-Side Vulnerability

Abstract

A subdomain is a domain that is a part of another domain. Subdomains are used to organize and navigate to various parts of your website. For example, your primary domain could be “xyz.com,” while your blog could be on a subdomain at “blog.xyz.com.” A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Sub-domain takeover vulnerability occurs When a subdomain (subdomain.example.com) that refers to a service (eg GitHub, AWS / S3, ..) is deleted or deleted In this way, the attacker can create pages on the service in use and forward the pages to this subdomain.. If any person wants to take over, a subdomain then the person seeks to manually check one by one subdomain that takes too much time. Moreover, are there some tools available to check the subdomain takeover is possible or not? However, these tools take input as a text file, which has a particular subdomain. This means finding a subdomain with the other tools and then using one of these tools to identify subdomain takeover vulnerability. In my tools, we find the subdomain of a particular domain, then check the CNAME is available for a list of subdomains and if CNAME finds for a specific subdomain, then check the status code of the CNAME if it returns 404-status code. We might say that a particular subdomain is possible to takeover.