Skip to content
Subdomain takeover vulnerability checker
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
.gitignore Ignore Intellij IDE project settings directory Mar 1, 2019
LICENSE
README.md
list.txt
subzy
subzy.go Reformat code and compile new version Mar 2, 2019

README.md

Subzy

Subdomain takeover tool which works based on matching response fingerprings from can-i-take-over-xyz

follow on Twitter

Subzy subdomain takeover

Installation


Clone GitHub repo
git clone https://github.com/LukaSikic/subzy

Run program
./subzy/subzy

If you get an error exec format error: ./subzy, you need to install Golang for your OS and compile the program by running go build subzy.go which will generate new subzy binary file

Options


Only required flag is either --target or --targets

--target (string) - Set single or multiple (comma separated) target subdomain/s
--targets (string) - File name/path to list of subdomains
--concurrency (integer) - Number of concurrent checks (default 10)
--hide_fails (boolean) - Hide failed checks and invulnerable subdomains (default false)
--https (boolean) - Use HTTPS by default if protocol not defined on targeted subdomain (default false)
--timeout (integer) - HTTP request timeout in seconds (default 10)
--verify_ssl (boolean) - If set to true, it won't check site with invalid SSL

Usage


Target subdomain can have protocol defined, if not http:// will be used by default if --https not specifically set to true.

  • List of subdomains

    • ./subzy -targets list.txt
  • Single or few subdomains

    • ./subzy -target test.google.com
    • ./subzy -target test.google.com,https://test.yahoo.com
You can’t perform that action at this time.