Sub-domain TakeOver vulnerability occur when a sub-domain ( is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed or deleted.

This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing, and claim

Also Read – OpenSK : Open-Source Implementation For Security Keys

Supported Services



git clone
cd takeover
python3 install


wget -q && python3


$ python3 -d -v
$ python3 -d -v -t 30
$ python3 -d -p -v
$ python3 -d -o or -v
$ python3 -l uber-sub-domains.txt -o output.txt -p -v
$ python3 -d uber-sub-domains.txt -o output.txt -T 3 -v