Fast and efficient subdomain takeover vulnerability scanner written in Rust. Designed for bug bounty hunters and security researchers.
Using the install script:
curl -sSL https://raw.githubusercontent.com/Nonantiy/subover/main/install.sh | bashgit clone https://github.com/Nonantiy/subover.git
cd subover
cargo build --release
./target/release/subover --helpdocker build -t subover .
docker run --rm subover -d example.comsudo cp ./target/release/subover /usr/local/bin/
sudo chmod +x /usr/local/bin/suboversubover -d example.comsubover -d target.com \
--use-apis \ # Use external APIs for enumeration
--verify \ # Perform HTTP verification
-w wordlist.txt \ # Custom wordlist
-t 100 \ # 100 concurrent threads
--timeout 15 \ # 15 second timeout
-o results.txt \ # Save results to file
-v # Verbose outputOPTIONS:
-d, --domain <DOMAIN> Target domain to scan
-w, --wordlist <FILE> Wordlist file for subdomain enumeration
-t, --threads <NUM> Number of concurrent threads (default: 100)
-o, --output <FILE> Output file path
-j, --json Output in JSON format
-v, --verbose Verbose output
--timeout <SECS> HTTP request timeout in seconds (default: 10)
--service <SERVICE> Check for specific service takeover
--use-apis Use external APIs for subdomain enumeration
--verify Verify takeover with HTTP requests
-h, --help Print help
-V, --version Print version
subover -d hackerone.comsubover -d target.com --use-apis --verify -t 150 -o takeover.txtsubover -d example.com -j -o results.jsonsubover -d example.com -w custom-wordlist.txtsubover -d example.com --verify -v
Real-time scanning with progress indicators showing subdomain enumeration, DNS resolution, and vulnerability detection phases
Detailed vulnerability report showing detected subdomain takeover vulnerabilities with severity levels
MIT License - See LICENSE file for details.
- Inspired by SubZy and similar tools
- Fingerprint database based on can-i-take-over-xyz
Created for bug bounty hunters and security researchers.