Packages and Binaries:


This package contains a Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go’s speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives.

Subjack will also check for subdomains attached to domains that don’t exist (NXDOMAIN) and are available to be registered.

Installed size: 10.73 MB
How to install: sudo apt install subjack

  • libc6
root@kali:~# subjack -h
Usage of subjack:
  -a	Find those hidden gems by sending requests to every URL. (Default: Requests are only sent to URLs with identified CNAMEs).
  -c string
    	Path to configuration file. (default "/usr/share/subjack/fingerprints.json")
  -d string
  -m	Flag the presence of a dead record, but valid CNAME entry.
  -o string
    	Output results to file (Subjack will write JSON if file ends with '.json').
    	Force HTTPS connections (May increase accuracy (Default: http://).
  -t int
    	Number of concurrent threads (Default: 10). (default 10)
  -timeout int
    	Seconds to wait before connection timeout (Default: 10). (default 10)
  -v	Display more information per each request.
  -w string
    	Path to wordlist.

Updated on: 2022-Dec-08