Subsnap is an automated subdomain takeover vulnerability scanner designed to identify and exploit subdomain misconfigurations across various platforms. It combines multiple subdomain discovery tools and vulnerability checks to provide a comprehensive assessment of a target domain's security.

By automating the process of discovering subdomains, checking their DNS records, probing for live hosts, and identifying potential subdomain takeover vulnerabilities, Subsnap ensures efficient security assessments. The tool captures detailed information such as CNAME records and integrates tools like Subzy and Eyewitness to detect vulnerable subdomains and capture screenshots of live hosts.

Why Subsnap is Useful

Subdomain takeover is a significant security risk that allows attackers to hijack unused or misconfigured subdomains to host malicious content. Subsnap streamlines the identification of these vulnerabilities, making it easier for security professionals to protect their domains. By automating the enumeration and validation processes, Subsnap saves time and enhances accuracy in detecting vulnerable subdomains, making it an essential tool in any web security arsenal.

Features

Automated Subdomain Enumeration: Integrates multiple tools such as Subfinder, Assetfinder, and Sublist3r to discover subdomains associated with a target domain, ensuring comprehensive coverage.

Live Subdomain Detection: Uses httpx-toolkit to identify and list live subdomains, ensuring that only active and accessible domains are analyzed.

Subdomain Takeover Vulnerability Detection: Leverages Subzy to check for potential subdomain takeover vulnerabilities, identifying misconfigured subdomains that could be exploited by attackers.

CNAME Record Checking: Inspects CNAME records for discovered subdomains, helping to identify misconfigurations related to domain name resolution.

Specific CNAME Pattern Identification: Searches for CNAME patterns commonly associated with vulnerable services such as GitHub Pages, Amazon S3, Heroku, and ReadMe.io.

Screenshot Capturing: Automatically captures screenshots of live subdomains using Eyewitness, providing visual confirmation of the current content hosted on the subdomains.

Concurrency and Timeout Control: Allows customization of concurrency levels and timeouts for HTTP probes and screenshot capturing, giving users control over the speed and depth of the scan.

Output Management: Saves results to a specified directory, organizing subdomains, live subdomains, vulnerable subdomains, CNAME records, and screenshots into easily accessible files for further analysis.

Installation

Clone the repository:

git clone https://github.com/ansari-khursaid7tr/subsnap.git
cd subsnap

Run the installation script:

chmod +x install.sh
./install.sh

Make the main script executable:

chmod +x subsnap.sh

Usage

Run Subsnap with the following command:

./subsnap.sh -d example.com

For more options, use the help command:

./subsnap.sh -h

GitHub Repository