Download Latest Version
v3.0.0 source code.tar.gz (2.9 MB)
Get an email when there's a new version of subjack
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| subjack-linux-arm64 | 2026-03-16 | 15.9 MB | |
| subjack-darwin-arm64 | 2026-03-16 | 16.4 MB | |
| subjack-windows-amd64.exe | 2026-03-16 | 16.3 MB | |
| subjack-darwin-amd64 | 2026-03-16 | 16.6 MB | |
| subjack-linux-amd64 | 2026-03-16 | 16.3 MB | |
| README.md | 2026-03-16 | 1.4 kB | |
| v3.0.0 source code.tar.gz | 2026-03-16 | 2.9 MB | |
| v3.0.0 source code.zip | 2026-03-16 | 3.0 MB | |
| Totals: 8 Items | 87.4 MB | 1 | |
What's New
subjack is now a comprehensive DNS Takeover Scanner covering multiple attack vectors beyond CNAME hijacking.
New Detection Capabilities
- Stale A record detection — finds dead IPs on AWS, GCP, Azure, DigitalOcean, Linode, Vultr, and Oracle Cloud (
-ar) - Dangling NS delegation checks — detects deleted cloud DNS zones on Route53, Google Cloud DNS, Azure DNS, and more (
-ns) - Zone transfer (AXFR) detection — with NS hostname bruteforcing (
-axfr) - SPF include takeover — expired domains in SPF records (
-mail) - MX record takeover — expired mail server domains (
-mail) - CNAME chain takeover — multi-level CNAME chains up to 10 deep
- SRV record takeover — SRV targets pointing to registrable domains
- Azure Traffic Manager verification — reduces false positives via API check
Improvements
- Concurrency limits and consistent timeouts
- NXDOMAIN detection via DNS rcode instead of error string parsing
- S3 CNAME pattern tightened to avoid false matches on ELB
- Stdin support for piping domain lists
- All results written to output file (not just vulnerable ones)
- Updated and cleaned fingerprints (removed Heroku, Fastly)
- DNS lookup timeout to prevent hanging
Housekeeping
- Unit tests for provider detection, DNS patterns, and fingerprint validation
- Removed dead code
Full Changelog: https://github.com/haccer/subjack/compare/v2.2.0...v3.0.0
