Subdomain Takeover

00 — Overview

Subdomain Takeover

Claim domains that companies forgot to clean up. Dangling CNAME records pointing to deprovisioned cloud services are everywhere — and they hand you a company subdomain on a plate.

Intermediate·40 min·5 tasks

// By the end of this module

→Explain what a dangling CNAME is and why it enables subdomain takeover

→Enumerate subdomains passively and actively using subfinder, dnsx, and httpx

→Fingerprint unclaimed external services by their error responses

→Demonstrate a responsible PoC takeover and document it for a bug report

→Implement DNS hygiene practices to prevent takeovers in production

// Prerequisites

Complete these before starting this module for the best experience.

Recon & OSINT · Beginner

Recon — Asset Discovery

35 min

→

Foundation · Beginner

How the Web Works

45 min

→