Alternatives and similar repositories for sub-domain-takeover:

Users that are interested in sub-domain-takeover are comparing it to the libraries listed below

• Dheerajmadhukar / subzzZ
  SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.
  ☆38Updated 4 years ago
• eternyle / ShodanIsh
  Shodan Favicon Hash Generator By Aziz Hakim @eternyle
  ☆25Updated 10 months ago
• gwen001 / google-search
  Returns results from Google search.
  ☆49Updated 2 years ago
• akshaysharma016 / aem-detector
  ☆21Updated 2 years ago
• bot8080 / awesomeBugbounty
  ☆48Updated 4 years ago
• Dheerajmadhukar / karma_v1
  KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Po…
  ☆58Updated 3 years ago
• gwen001 / favicon-hashtrick
  Python script implementing the favicon hash trick to find subdomains.
  ☆31Updated 2 years ago
• AdmiralGaust / bountyReconV2
  Framework to automate Bug Bounty Reconnaissance
  ☆43Updated 4 years ago
• yehgdotnet / data-payloads
  Some useful test data or payloads
  ☆20Updated 3 years ago
• six2dez / resolvers_reconftw
  Resolvers updated daily for reconftw
  ☆47Updated 2 years ago
• xElkomy / Workflow-Bug-Bounty
  My Tools For Bug Bounty
  ☆66Updated 7 months ago
• darklotuskdb / SSTI-XSS-Finder
  XSS Finder Via SSTI
  ☆55Updated last year
• cybercdh / h2i
  Converts a hostname (or URI) to IP address using your local resolver
  ☆25Updated last year
• allyomalley / s3Takeover
  Automate the process of an S3 bucket subdomain takeover via dangling CNAME record
  ☆24Updated 11 months ago
• Sicks3c / Reconizer
  ☆38Updated 4 years ago
• InitRoot / BurpSQLTruncSanner
  Messy BurpSuite plugin for SQL Truncation vulnerabilities.
  ☆64Updated 5 years ago
• hacker50120 / CasperEye
  Advanced Recon Tool
  ☆26Updated 4 years ago
• hakluke / dnstrace
  DNS resolution tracing tool
  ☆34Updated 3 years ago
• geeknik / nuclei-template-generator
  A simple tool which makes creating nuclei templates even easier.
  ☆36Updated 10 months ago
• duckstroms / xss-reflector
  XSS reflector vulnerabilities exploitation extended.
  ☆27Updated 3 years ago
• ap062 / bba
  bug bounty automation
  ☆13Updated 3 years ago
• byt3hx / gup
  gup aka Get All Urls parameters to create wordlists for brute forcing parameters.
  ☆18Updated 3 years ago
• fyoorer / ffufsee
  Ffuf output browser
  ☆39Updated 2 years ago
• hahwul / gitls
  🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
  ☆59Updated 5 months ago
• kongsec / Wordpress-BruteForce-List
  WordPress Bruteforce List, Default paths and endpoints
  ☆66Updated 2 years ago
• vikrantbatra05 / HuntTheBug
  Basic Recon For Bug Bounty Hunter - "HuntTheBug" is Basic Scripts For Sub Domain Enumeration> Live Domain Enumeration > Sub Domain Hijack…
  ☆53Updated 3 years ago
• tamimhasan404 / Gau-Expose
  It grep subdomains, email/username, build custom wordlist etc from gau results
  ☆48Updated 2 years ago
• 0xsapra / fuzzparam
  ☆60Updated 4 years ago
• atulxerma / subtron
  "🔍 Subtron: Bash-driven subdomain seeker. Utilizes Subfinder, Amass, Assetfinder, and HTTPX to swiftly uncover live domains. Results sto…
  ☆23Updated last year
• rivalsec / pathbuster
  PathBuster - multiple hosts Web path scanner
  ☆22Updated 10 months ago