Tool and Usage
Why this tool?
SubOver is considered a hostile tool to take over a subdomain. It can be used during pentesting and security assessments to discover unconfigured subdomains.
How it works
The tool checks subdomains and determines if a CNAME record is used. If that is the case, it compares the CNAME value with a list of well-known providers. If there is a match, an HTTP GET request is made. The output of this page is compared with text strings for that provider that may indicate a default setup page. This is when the match is displayed to the user of the tool.
The project was originally created in Python, but later rewritten in Golang for performance and educational reasons by the author.
Usage and audience
SubOver is commonly used for security assessment. Target users for this tool are pentesters and security professionals.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code is easy to read and understand
- + The source code of this software is available
- - No releases on GitHub available
Supported operating systems
SubOver is known to work on Linux.
Similar tools to SubOver:
Altdns is a security tool to discover subdomains during pentesting. Read this review to learn how it works and how to use it.
Domain is a Python script written by Jason Haddix to combine the tools Recon-ng and altdns. Read how it works in this review.
SubFinder is a subdomain discovery tool. This can be useful to learn more about a particular target and available subdomains.
This tool page was updated at . Found an improvement? Help the community by submitting an update.