View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004551||Kali Linux||[All Projects] Queued Tool Addition||public||2018-02-21 21:26||2020-02-13 14:23|
|Target Version||Fixed in Version|
|Summary||0004551: subjack - Hostile Subdomain Takeover tool|
Author: Cody Zacharias
License: Apache License 2.0 ~ https://github.com/haccer/subjack/blob/master/LICENSE
Description: subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked via unclaimed cloud services.
Similar tools: tko-subs, HostileSubBruteforcer -- neither are featured in Kali
Activity: Project started in October 2017 and actively being maintained.
How to install: go build subjack.go
How to use: ./subjack -w domains.txt -t 100 -o results.txt -- The -w flag is for the wordlist of subdomains, -t flag is for threads, and the -o flag is where output gets written to.
I believe there are no tools in Kali Linux similar to this or check for subdomains vulnerable to a Hostile Subdomain Takeover attack. This tool would be useful for pentesters and bug bounty hunters.
@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging