CyberSecurityBoard
Sponsor Register Login

Subdominator: Open-source tool for detecting subdomain takeovers

Subdominator is a dependable and fast open-source command-line interface tool to identify subdomain takeovers.
It boasts superior accuracy and reliability, offering improvements compared to other tools.
Service fingerprint accuracy: All of them have been vetted and consolidated, so they are all accurate.
Fingerprint count: The tool has 97 service fingerprints.
Stratus Security reviewed every other tool the internet offered, and the next best was 80.
Nested DNS support: Subdominator will check the entire CNAME chain until it finds an A record, making sure nothing is missed.
Alternate DNS records: The fingerprints support A and AAAA record matching, finding takeovers that have never been detectable before.
Speed: The tool runs ~8x faster than existing tools, a test on ~100,000 records took 19 minutes for us and 2.5 hours for every other tool.
Watson told us they are currently adding support for additional fingerprints, more output formats, and validators.
The validators, in particular, will be great for cutting down on false positives from services like Azure, which historically needed to be manually checked.
They are also hoping for the community to suggest some features.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 20 Dec 2023 04:13:04 +0000


Cyber News related to Subdominator: Open-source tool for detecting subdomain takeovers

SubdoMailing and the Rise of Subdomain Phishing - Guardio Labs came across a serious case of subdomain hijacking, affecting thousands of subdomains. SubdoMailing can be considered to be an evolved form of social engineering attack, that cashes in on the reliability of well-recognized subdomains. The ...
1 year ago Securityboulevard.com
Subdominator: Open-source tool for detecting subdomain takeovers - Subdominator is a dependable and fast open-source command-line interface tool to identify subdomain takeovers. It boasts superior accuracy and reliability, offering improvements compared to other tools. Service fingerprint accuracy: All of them have ...
2 years ago Helpnetsecurity.com
CVE Prioritizer: Open-source tool to prioritize vulnerability patching - CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA's KEV catalog to offer insights into the probability of exploitation and the potential effects of ...
1 year ago Helpnetsecurity.com
SiCat: Open-source exploit finder - SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential ...
1 year ago Helpnetsecurity.com
New infosec products of the week: December 22, 2023 - Here's a look at the most interesting products from the past week, featuring releases from Argus Cyber Security, Cleafy, Kasada, and Stratus. Kasada launches advanced bot defense platform with evolving protection and attack insights. Kasada launched ...
2 years ago Helpnetsecurity.com
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
1 year ago Techrepublic.com
Are the Fears about the EU Cyber Resilience Act Justified? - "The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about ...
2 years ago Securityboulevard.com
Are the Fears About the EU Cyber Resilience Act Justified? - On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act. The act enters murky waters when it comes to open-source software. It typically accounts for 70% to 90% of ...
2 years ago Feeds.dzone.com
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
1 year ago Unit42.paloaltonetworks.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
9 months ago Cybersecuritynews.com
Launching Your First Open Source Project - I've been deeply immersed in the world of developer products for the past decade, and let me tell you, I've been quite an open-source enthusiast. Over the years, I've had the pleasure of shepherding open-source projects of all shapes and sizes. ...
2 years ago Feeds.dzone.com Cactus
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
2 years ago Bleepingcomputer.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
2 years ago Bleepingcomputer.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
9 months ago Cybersecuritynews.com
15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
8 months ago Cybersecuritynews.com
20 Best Inventory Management Tools in 2025 - inFlow Inventory is a comprehensive inventory management tool designed for small to medium-sized businesses, offering features like real-time stock tracking, order management, and barcode scanning to streamline operations. The tool provides advanced ...
5 months ago Cybersecuritynews.com
How Servicenow Detects Open Source Security Vulnerabilities - Servicenow, a digital workflow company, recently announced their integration with Synk, an open source security platform, to detect security vulnerabilities in open source software. This integration will enable Servicenow customers to detect and ...
2 years ago Csoonline.com
Open Source B3 Benchmark Security Tool Gains Traction in Cybersecurity Community - The cybersecurity community is witnessing a significant advancement with the introduction of the open-source B3 Benchmark Security tool. This innovative solution is designed to enhance security benchmarking processes, providing organizations with a ...
2 months ago Infosecurity-magazine.com
CVE-2023-36474 - Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create ...
2 years ago
Best Paid and Free OSINT Tools for 2024 - Open Source Intelligence tools are software applications or platforms used to collect, analyze, and interpret publicly available information from various online sources, aiding in investigations, research, and intelligence gathering. These OSINT ...
1 year ago Hackread.com
15 Best Bandwidth Monitoring Tools in 2025 - By providing real-time data on network usage, bandwidth monitoring tools enable proactive management and quick resolution of issues that could impact network performance. It provides real-time monitoring of network performance, traffic analysis, and ...
5 months ago Cybersecuritynews.com
Dangling DNS Attack Let Hackers Gain Control Over Organization’s Subdomain - These “Dangling DNS” attacks occur when DNS records, particularly canonical name (CNAME) records, point to resources that no longer exist or have been deprovisioned, creating an opportunity for attackers to register and control these ...
9 months ago Cybersecuritynews.com
Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
2 years ago Securityboulevard.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
Dotnet Source Generators in 2024 Part 1: Getting Started - Security Boulevard - While nice, this incurs an execution of any classes marked as a source generator every time something changes in the project (i.e., delete a line of code, add a line of code, make a new file, etc.). As you can imagine, having something running every ...
1 year ago Securityboulevard.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)