SubOver
Tool and Usage
Project details
- License
- BSD 2-clause
- Programming language
- Golang
- Author
- Nizamul Rana
- Latest release
- 1.2
- Latest release date
Project health
Links
GitHub project |
Why this tool?
SubOver is considered a hostile tool to take over a subdomain. It can be used during pentesting and security assessments to discover unconfigured subdomains.
How it works
The tool checks subdomains and determines if a CNAME record is used. If that is the case, it compares the CNAME value with a list of well-known providers. If there is a match, an HTTP GET request is made. The output of this page is compared with text strings for that provider that may indicate a default setup page. This is when the match is displayed to the user of the tool.
Background information
The project was originally created in Python, but later rewritten in Golang for performance and educational reasons by the author.
Usage and audience
SubOver is commonly used for security assessment. Target users for this tool are pentesters and security professionals.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + The source code is easy to read and understand
- + The source code of this software is available
Weaknesses
- - No releases on GitHub available
Installation
Supported operating systems
SubOver is known to work on Linux.
SubOver alternatives
Similar tools to SubOver:
altdns
Altdns is a security tool to discover subdomains during pentesting. Read this review to learn how it works and how to use it.
SubFinder
SubFinder is a subdomain discovery tool. This can be useful to learn more about a particular target and available subdomains.
Sublist3r
Sublist3r is a security tool to scan a domain and attempt the discovery of underlying subdomains. This can be used during pentesting and security assessments.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
Categories
This tool is categorized as a subdomain scanner and subdomain takeover tool.