🔥 Release Highlights 🔥
A slight improvement from before,
Subdosec now supports:
-unaito analys undetected fingerprint with (gemini ai).-subfngto submit/contribution fingerprintthreadingfixprintoutfixinstalation mechaniism- etc.
$ subdosec -unai localundetec/undetect.json
_____ __ __
/ ___/__ __/ /_ ____/ /___ ________ _____
\__ \/ / / / __ \/ __ / __ \/ ___/ _ \/ ___/
___/ / /_/ / /_/ / /_/ / /_/ (__ ) __/ /__
/____/\__,_/_.___/\__,_/\____/____/\___/\___/
[INFO] PURE UNDETECTED 0 | Subdomains are not detected as vulnerable even though they have passed the subdosec scan..
[INFO] Analyzing 4 items with Gemini.
NEW POTENTIAL :
Domain : i.target.com
CNAME : None
A Record : 34.111.246.37
Takeover : POSSIBLE
Reason : The A record points to a Google Cloud IP address. Google Cloud does not typically require TXT record verification for custom domains pointing to Compute Engine instances via A records. If the associated Google Cloud resource (e.g., VM) is deprovisioned, the IP address might become available for re-assignment, allowing a potential attacker to claim it and take over the subdomain if the DNS record is not updated.
Reference: https://cloud.google.com/dns/docs/records-overview
================================================================================
Domain : try.target.com
CNAME : cname.Redacted.com
A Record : 76.76.21.98,76.76.21.241
Takeover : POSSIBLE
Reason : Redacted's custom domain setup instructs users to create a CNAME record pointing to 'cname.Redacted.com'. The documentation does not mention any requirement for TXT record verification. Without such verification, the subdomain is vulnerable if the Redacted account is deleted or disconnected, as an attacker could claim the CNAME target.
Reference: https://Redacted.com/blog/how-to-connect-a-custom-domain-to-your-Redacted-page
================================================================================
Domain : www.target.com
CNAME : shops.myshopify.com
A Record : 23.227.38.74
Takeover : NOT
Reason : Shopify's custom domain documentation explicitly states the requirement for TXT record verification to prove domain ownership. This verification step prevents subdomain takeover, even if the CNAME record points to a static Shopify host.
Reference: https://help.shopify.com/en/manual/domains/add-existing-domain
================================================================================
Domain : get.target.com
CNAME : cname.Redacted.shop
A Record : 216.150.1.129,216.150.16.129
Takeover : POSSIBLE
Reason : Redacted's custom domain setup instructs users to create a CNAME record pointing to 'cname.Redacted.shop'. The documentation does not mention any requirement for TXT record verification. Without such verification, the subdomain is vulnerable if the Redacted account is deleted or disconnected, as an attacker could claim the CNAME target.
Reference: https://support.Redacted.shop/en/articles/6591040-connecting-your-custom-domain
================================================================================
Contribution eassyly
pd@pxndx:/mnt/d/tools/subdosec$ subdosec -subfng test.json
_____ __ __
/ ___/__ __/ /_ ____/ /___ ________ _____
\__ \/ / / / __ \/ __ / __ \/ ___/ _ \/ ___/
___/ / /_/ / /_/ / /_/ / /_/ (__ ) __/ /__
/____/\__,_/_.___/\__,_/\____/____/\___/\___/
[Info] Submitting fingerprint ...
{"message":"Imported fingerprint data successfully"}
pd@pxndx:/mnt/d/tools/subdosec$ cat test.json
[
{
"name": "Subdomain takeover via tesstt",
"rules": {
"cname": "crm.upvoty.com",
"status_code": "301",
"redirect": "https://www.upvoty.com"
},
"status_fingerprint": 0,
"reference": "link-to-subdomain-tko-or-custom-domain",
"service": "upvoty.com",
"logo_service": "https://images.squarespace-cdn.com/content/v1/65af8fbd2deabc7e06961ae1/21aa581e-7dcf-4c9a-967f-7e7ae6513b2c/logo.png?format=1500w"
}
]
What's Changed
- Feature/undetect ai analyst (improve) by @xcapri in #19
- upd setup req & banner by @xcapri in #20
- Feature/undetect ai analyst by @xcapri in #21
- Bump version to 1.0 by @xcapri in #22
Full Changelog: v0.10...v1.0
Contributors
xcapri