SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools. “SubSnipe does some additional verification after the fingerprinting to find candidates more likely to be takeoverable. Say I found that static.example.com is a CNAME for an S3 bucket called “static-example”. The fingerprinting tells me it’s an S3 bucket, and S3 buckets are theoretically takeoverable. But of course, it … More

The post SubSnipe: Open-source tool for finding subdomains vulnerable to takeover appeared first on Help Net Security.