Skip to content
Subdomain takeover vulnerability checker
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Ignore Intellij IDE project settings directory Mar 1, 2019
subzy.go Reformat code and compile new version Mar 2, 2019


Subdomain takeover tool which works based on matching response fingerprings from can-i-take-over-xyz

follow on Twitter

Subzy subdomain takeover


Clone GitHub repo
git clone

Run program

If you get an error exec format error: ./subzy, you need to install Golang for your OS and compile the program by running go build subzy.go which will generate new subzy binary file


Only required flag is either --target or --targets

--target (string) - Set single or multiple (comma separated) target subdomain/s
--targets (string) - File name/path to list of subdomains
--concurrency (integer) - Number of concurrent checks (default 10)
--hide_fails (boolean) - Hide failed checks and invulnerable subdomains (default false)
--https (boolean) - Use HTTPS by default if protocol not defined on targeted subdomain (default false)
--timeout (integer) - HTTP request timeout in seconds (default 10)
--verify_ssl (boolean) - If set to true, it won't check site with invalid SSL


Target subdomain can have protocol defined, if not http:// will be used by default if --https not specifically set to true.

  • List of subdomains

    • ./subzy -targets list.txt
  • Single or few subdomains

    • ./subzy -target
    • ./subzy -target,
You can’t perform that action at this time.