v.0.9

🔥 Release Highlights 🔥

We have just added the option of local or private fingerprint scanning.

You can scan using a fingerprint that only you know (private). and the scans are not uploaded to the website.

root@alice$ echo sub.redacted.com | httpx -silent | subdosec -pf localfinger.json -o /path/to/savevulndir
 ____        _         _
/ ___| _   _| |__   __| | ___  ___  ___  ___
\___ \| | | | '_ \ / _` |/ _ \/ __|/ _ \/ __|
 ___) | |_| | |_) | (_| | (_) \__ \  __/ (__
|____/ \__,_|_.__/ \__,_|\___/|___/\___|\___|



[WARNING] You are not using private mode; results will be public.
https://sub.redacted.com [100.00%] [surge.sh] [VULN] [SAVED]

Here for sample local fingerprint format:

root@alice$ cat localfinger.json
{
  "fingerprints": [

    {
      "fid": 0,
      "name": "Subdomain takeover - surge.sh",
      "rules": {
        "cname": "na-west1.surge.sh",
        "title": "project not found",
        "in_body": "project not found",
        "status_code": "404"
      },
      "status_fingerprint": 0,
      "reference": "https://sfl.gl/6hB8",
      "service": "surge.sh",
      "logo_service": "https://miro.medium.com/v2/resize:fit:1108/1*WNY7IHSxrkhp-x2VledO8A.png"
    },
    {
      "fid": 1,
      "name": "Subdomain takeover - Github",
      "rules": {
        "cname": "github.io",
        "status_code": "404",
        "in_body": "There isn't a GitHub Pages site here",
        "title": "Site not found"
      },
      "status_fingerprint": 0,
      "reference": "https://www.youtube.com/watch?v=Gn2Kq0w957Q",
      "service": "github.io",
      "logo_service": "https://pages.github.com/images/logo.svg"
    },
    .. add more 
  ]
}

v0.8

🔥 Release Highlights 🔥

We have just added the option of saving the output to local.

alice@localhost$ cat test.txt | subdosec -o /mnt/d/subdosec/vulndir
 ____        _         _
/ ___| _   _| |__   __| | ___  ___  ___  ___
\___ \| | | | '_ \ / _` |/ _ \/ __|/ _ \/ __|
 ___) | |_| | |_) | (_| | (_) \__ \  __/ (__
|____/ \__,_|_.__/ \__,_|\___/|___/\___|\___|

[WARNING] You are not using private mode; results will be public.
https://subdosec.vulnshot.com [100.00%] [UNDETECT]
https://careers.rotacloud.com [100.00%] [VULN] [SAVED]
http://creators.thinkorion.com [100.00%] [VULN] [SAVED]
...

alice@localhost:/mnt/d/subdosec/vulndir$ tree
.
├── convertkit.com_tko.txt
├── gohire.io_tko.txt
├── helpscout.com_tko.txt
├── sleekplan.com_tko.txt
└── testimonial.to_tko.txt

0 directories, 5 files
alice@localhost:/mnt/d/subdosec/vulndir$ cat gohire.io_tko.txt
careers.rotacloud.com

What's Changed

• Fix conflict package with other tools by @websec3 in #2
• Add timeout for skiping no respose by @websec3 in #3
• Add: new arg for clean error by @websec3 in #4
• update full readme by @websec3 in #5
• Create link telegram by @websec3 in #6

New Contributors

• @websec3 made their first contribution in #2

Full Changelog: https://github.com/xcapri/subdosec/commits/v0.7

Full Changelog: v0.7...v0.8