SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools.
“SubSnipe does some additional verification after the fingerprinting to find candidates more likely to be takeoverable. Say I found that static.example.com is a CNAME for an S3 bucket called “static-example”. The fingerprinting tells me it’s an S3 bucket, and S3 buckets are theoretically takeoverable. But of course, it is only if the bucket name is available. So, my tool runs DNS and HTTP requests and tries to determine if resources are available for takeover,” SubSnipe creator Florian Walter told Help Net Security.
The tool can be used in two different ways:
- Provide a domain as input, and the tool then searches
crt.sh
to search for known subdomains. - Provide the path to a file that already contains subdomains.
“The most challenging part of finding subdomain takeovers is knowing which domains can be taken over and how to verify if the takeover is possible. During the development and while using the tool, I realized that some domains exist, e.g., in Azure, that should be takeoverable, but I never could take them over. I’m not 100% sure why this is, but I assume these cloud services constantly change. Until researchers reflect new changes in the fingerprints, there may always be false positives,” Walter said.
Future plans and download
“The main thing that could be improved is adding more fingerprints (but first, one needs to find good fingerprints, verify them, etc.). I spent much time looking for fingerprints, which should be done periodically. Also, while CNAMEs are the most common method of subdomain takeover, there are other methods, and I want to make my tool reflect this and check for that,” Walter concluded.
SubSnipe is available for free download on GitHub.
Must read:
- 20 free cybersecurity tools you might have missed
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time
Kaspersky offers free security software for six months in U.S. goodbye
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
InformationalInformation Disclosure - Suspicious Comments
HighPII Disclosure
Free online web security scanner