Review and update subdomain takeover content #1145
Assignees
Labels
enhancement
A new or improved feature for the WSTG or repo
revise
Needs quality review, updates, or revision
Comments
kingthorin
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like added?
The subdomain takeover guide is a bit dated and focuses on manually reviewing for takeovers. Testers validate manually but test automatically due to the wide variety of fingerprints and the error-prone nature of manual validation for takeovers.
I think the guide should be updated to focus on the typical workflow and the current state of tooling.
The typical workflow is along the lines of:
There are also quite a few tools, many unmaintained and most miss a lot of instances. Here's an engineering post analyzing existing tools while developing a new one.
This would require a relatively major rewrite of the page but I'm happy to help. Opinions welcome!
Would you like to be assigned to this issue?
The text was updated successfully, but these errors were encountered: