CyberSecurityBoard
Sponsor Register Login

Subdominator: Open-source tool for detecting subdomain takeovers

Subdominator is a dependable and fast open-source command-line interface tool to identify subdomain takeovers.
It boasts superior accuracy and reliability, offering improvements compared to other tools.
Service fingerprint accuracy: All of them have been vetted and consolidated, so they are all accurate.
Fingerprint count: The tool has 97 service fingerprints.
Stratus Security reviewed every other tool the internet offered, and the next best was 80.
Nested DNS support: Subdominator will check the entire CNAME chain until it finds an A record, making sure nothing is missed.
Alternate DNS records: The fingerprints support A and AAAA record matching, finding takeovers that have never been detectable before.
Speed: The tool runs ~8x faster than existing tools, a test on ~100,000 records took 19 minutes for us and 2.5 hours for every other tool.
Watson told us they are currently adding support for additional fingerprints, more output formats, and validators.
The validators, in particular, will be great for cutting down on false positives from services like Azure, which historically needed to be manually checked.
They are also hoping for the community to suggest some features.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 20 Dec 2023 04:13:04 +0000


Cyber News related to Subdominator: Open-source tool for detecting subdomain takeovers

SubdoMailing and the Rise of Subdomain Phishing - Guardio Labs came across a serious case of subdomain hijacking, affecting thousands of subdomains. SubdoMailing can be considered to be an evolved form of social engineering attack, that cashes in on the reliability of well-recognized subdomains. The ...
11 months ago Securityboulevard.com
Subdominator: Open-source tool for detecting subdomain takeovers - Subdominator is a dependable and fast open-source command-line interface tool to identify subdomain takeovers. It boasts superior accuracy and reliability, offering improvements compared to other tools. Service fingerprint accuracy: All of them have ...
1 year ago Helpnetsecurity.com
CVE Prioritizer: Open-source tool to prioritize vulnerability patching - CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA's KEV catalog to offer insights into the probability of exploitation and the potential effects of ...
1 year ago Helpnetsecurity.com
SiCat: Open-source exploit finder - SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential ...
1 year ago Helpnetsecurity.com
New infosec products of the week: December 22, 2023 - Here's a look at the most interesting products from the past week, featuring releases from Argus Cyber Security, Cleafy, Kasada, and Stratus. Kasada launches advanced bot defense platform with evolving protection and attack insights. Kasada launched ...
1 year ago Helpnetsecurity.com
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
11 months ago Techrepublic.com
Are the Fears about the EU Cyber Resilience Act Justified? - "The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about ...
1 year ago Securityboulevard.com
Are the Fears About the EU Cyber Resilience Act Justified? - On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act. The act enters murky waters when it comes to open-source software. It typically accounts for 70% to 90% of ...
1 year ago Feeds.dzone.com
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
4 months ago Unit42.paloaltonetworks.com
Launching Your First Open Source Project - I've been deeply immersed in the world of developer products for the past decade, and let me tell you, I've been quite an open-source enthusiast. Over the years, I've had the pleasure of shepherding open-source projects of all shapes and sizes. ...
1 year ago Feeds.dzone.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
1 year ago Bleepingcomputer.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
1 year ago Bleepingcomputer.com
How Servicenow Detects Open Source Security Vulnerabilities - Servicenow, a digital workflow company, recently announced their integration with Synk, an open source security platform, to detect security vulnerabilities in open source software. This integration will enable Servicenow customers to detect and ...
2 years ago Csoonline.com
Best Paid and Free OSINT Tools for 2024 - Open Source Intelligence tools are software applications or platforms used to collect, analyze, and interpret publicly available information from various online sources, aiding in investigations, research, and intelligence gathering. These OSINT ...
10 months ago Hackread.com
CVE-2023-36474 - Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create ...
1 year ago
Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
1 year ago Securityboulevard.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
11 months ago Cisa.gov
Dotnet Source Generators in 2024 Part 1: Getting Started - Security Boulevard - While nice, this incurs an execution of any classes marked as a source generator every time something changes in the project (i.e., delete a line of code, add a line of code, make a new file, etc.). As you can imagine, having something running every ...
4 months ago Securityboulevard.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
11 months ago Cisa.gov
Week in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids - Progress quietly fixes MOVEit auth bypass flawsProgress Software has patched one critical and one high-risk vulnerability in MOVEit, its widely used managed file transfer software product. Open-source Rafel RAT steals info, locks Android devices, ...
7 months ago Helpnetsecurity.com
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov
Is an open-source AI vulnerability next? - Applications developed within open-source communities often face more significant security challenges because they are free and widely available, supported by volunteers, and because of other considerations. Even if a major open-source AI project ...
9 months ago Helpnetsecurity.com
What are OSINT Tools - Open Source Intelligence (OSINT) tools are incredibly useful for companies, organizations, cybersecurity researchers, and students. This article will discuss the 15 best OSINT tools that can be used for investigations and educational purposes. OSINT ...
2 years ago Hackread.com
The Impact of Open-Source Software on Public Finance Management - The open-source movement holds significant potential for public agencies, too, especially in the realm of finances. Public finance has emerged as a leader in government-backed OSS, thanks largely to the move toward open banking. Benefits of OSS in ...
1 year ago Feeds.dzone.com
Week in review: 10 must-read cybersecurity books, AnyDesk hack, Patch Tuesday forecast - How CISOs navigate policies and access across enterprisesIn this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of balancing data protection with diverse policies, devices, and access controls in a ...
1 year ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)