Home / Web Security / Subdomain Takeover
High Severity

🟠 Subdomain Takeover

CWECWE-346: Origin Validation Error
OWASPA01:2021 Broken Access Control

🧠 Description

A subdomain points to a service (e.g., AWS S3, Heroku, GitHub Pages) that has been deleted but the DNS record remains. Attackers can claim the abandoned service and serve malicious content.

Impact: Phishing, Cookie Stealing, XSS, Brand Damage

🔍 Detection

  • Check for CNAME to deleted services
  • Look for NXDOMAIN responses
  • Tools: subjack, subover, nuclei-templates
  • Common services: AWS, Heroku, GitHub, Azure

🛡️ Mitigation

✅ Remove stale DNS records

✅ Audit all subdomains regularly

✅ Use cloudflare takeover protection

✅ Monitor for subdomain enumeration
Back to Web Security