subtake icon indicating copy to clipboard operation
subtake copied to clipboard

Published 20 hours ago verified publisher icon jakejarvis

Is there a way to check A records?

Open oldesec opened this issue 6 years ago • 4 comments

Hi.

Is there a way to check A records?

or Only CNAME check?

Thanks.

oldesec avatar Mar 12 '19 14:03 oldesec

Hi there!

For subdomain takeovers specifically, it really only makes sense to check for stale CNAME records. I think I understand what you're saying about subdomains pointing to IP addresses they no longer control/own, but taking those over is usually improbable due to providers assigning IPs somewhat randomly.

Is that what you're asking?

jakejarvis avatar Mar 14 '19 14:03 jakejarvis

@jakejarvis Thank you for your kind reply.

Sometimes, can take over subdomains if use A records. I want to detect it.

Here's a case. Ref : https://blog.initd.sh/others-attacks/mis-configuration/subdomain-takeover-explained/ (Only Tilda page)

oldesec avatar Mar 16 '19 15:03 oldesec

Ah, thanks for the link. I see what you're saying about services providing the same IPs for users that can't use CNAMEs. I think Tumblr, GitHub Pages, and Bitly do the same. This should be doable, I'll definitely take a look!

jakejarvis avatar Mar 18 '19 15:03 jakejarvis

@jakejarvis Good. exactly. hmm.. Many tools do not support this feature. I do not know why.

oldesec avatar Mar 23 '19 14:03 oldesec