Tko-Subs allows:
-takeover
. Currently, take over is only supported for Github Pages and Heroku Apps and by default the take over functionality is off.We need GO installed. Once you have GO, just type go get github.com/anshumanbh/tko-subs
to download the tool.
Once the tool is downloaded, type tko-subs -h
.
The next thing we need to do is to get the following information:
NOTE – You only need these values if you want to take over subdomains. By default, that’s not required.
Required Go Packages to build.
go get github.com/bgentry/heroku-go
go get github.com/gocarina/gocsv
go get github.com/google/go-github/github
go get github.com/olekukonko/tablewriter
go get golang.org/x/net/publicsuffix
go get golang.org/x/oauth2
go get github.com/miekg/dns
How To Run?
Once you have everything installed, cd
into the directory and type: tko-subs -domains=domains.txt -data=providers-data.csv -output=output.csv
If you want to take over as well, the command would be: tko-subs -domains=domains.txt -data=providers-data.csv -output=output.csv -takeover -githubtoken=<github-token> -herokuusername=<heroku-username> -herokuapikey=<heroku-api-key> -herokuappname=<heroku-app-name>
If you just want to check for a single domain, type: tko-subs -domain <domain-name>
If you just want to check for multiple domains, type: tko-subs -domain <domain-name-1>,<domain-name-2>
By default:
domains
flag is set to domains.txt
data
flag is set to providers-data.csv
output
flag is set to output.csv
takeover
flag is not set so no take over by defaultdomain
flag is NOT set so it will always check for all the domains mentioned in the domains.txt
file. If the domain
flag is mentioned, it will only check that domain and ignore the domains.txt
file, even if presentthreads
flag is set to 5
So, simply running tko-subs
would run with the default values mentioned above.
How is providers-data.csv formatted?
name,cname,string,http
Domain,CNAME,Provider,IsVulnerable,IsTakenOver,Response
If a dead DNS record is found, Provider
is left empty. If a misbehaving nameserver is found, Provider
and CNAME
are left empty
What is going on under the hood?
This will iterate over all the domains (concurrently using GoRoutines) in the subdomains.txt
file and:
takeover
flag is mentioned or not, it will try to take over that vulnerable subdomain.gh-pages
in that repoCNAME
and index.html
to the gh-pages
branch in that repo. Here, CNAME
contains the domain that needs to be taken over. index.html
contains the text This domain is temporarily suspended
that is to be displayed once the domain is taken over.Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…