Tko-Subs allows:
-takeover
. Currently, take over is only supported for Github Pages and Heroku Apps and by default the take over functionality is off.We need GO installed. Once you have GO, just type go get github.com/anshumanbh/tko-subs
to download the tool.
Once the tool is downloaded, type tko-subs -h
.
The next thing we need to do is to get the following information:
NOTE – You only need these values if you want to take over subdomains. By default, that’s not required.
Required Go Packages to build.
go get github.com/bgentry/heroku-go
go get github.com/gocarina/gocsv
go get github.com/google/go-github/github
go get github.com/olekukonko/tablewriter
go get golang.org/x/net/publicsuffix
go get golang.org/x/oauth2
go get github.com/miekg/dns
How To Run?
Once you have everything installed, cd
into the directory and type: tko-subs -domains=domains.txt -data=providers-data.csv -output=output.csv
If you want to take over as well, the command would be: tko-subs -domains=domains.txt -data=providers-data.csv -output=output.csv -takeover -githubtoken=<github-token> -herokuusername=<heroku-username> -herokuapikey=<heroku-api-key> -herokuappname=<heroku-app-name>
If you just want to check for a single domain, type: tko-subs -domain <domain-name>
If you just want to check for multiple domains, type: tko-subs -domain <domain-name-1>,<domain-name-2>
By default:
domains
flag is set to domains.txt
data
flag is set to providers-data.csv
output
flag is set to output.csv
takeover
flag is not set so no take over by defaultdomain
flag is NOT set so it will always check for all the domains mentioned in the domains.txt
file. If the domain
flag is mentioned, it will only check that domain and ignore the domains.txt
file, even if presentthreads
flag is set to 5
So, simply running tko-subs
would run with the default values mentioned above.
How is providers-data.csv formatted?
name,cname,string,http
Domain,CNAME,Provider,IsVulnerable,IsTakenOver,Response
If a dead DNS record is found, Provider
is left empty. If a misbehaving nameserver is found, Provider
and CNAME
are left empty
What is going on under the hood?
This will iterate over all the domains (concurrently using GoRoutines) in the subdomains.txt
file and:
takeover
flag is mentioned or not, it will try to take over that vulnerable subdomain.gh-pages
in that repoCNAME
and index.html
to the gh-pages
branch in that repo. Here, CNAME
contains the domain that needs to be taken over. index.html
contains the text This domain is temporarily suspended
that is to be displayed once the domain is taken over.Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…