One Liner

Finding Domains for Subdomain Takeover (STO)

Requirements:

1. Subdomain discovery using subfinder.

2. HTTP probing of discovered hosts using httpx.

3. Filtering for 404 responses using grep.

4. Extracting subdomain parts using cut.

5. DNS lookup for CNAME records using host.

6. Formatting the final output using awk and column.

subfinder -dL scope > HOSTS | httpx -follow-redirects -sc -l HOSTS | tee httpx_output ; grep 404 httpx_output > ready_to_test_for_SDT ; for a in $(cat ready_to_test_for_SDT | cut -d/ -f3); do host -t CNAME $a; done | grep for | awk '{print $1 " | " $6}' | column -t -s '|'

After that search the names in the "Can I take Over"