ZenovayTools

Subdomain Takeover Checker

Check if any of your subdomains have dangling CNAME records pointing to unclaimed third-party services (GitHub Pages, Heroku, Shopify, Azure, AWS S3, Fastly, etc.). Detects potential subdomain takeover vulnerabilities before attackers exploit them.

How to Use Subdomain Takeover Checker

  1. 1Enter a subdomain to check (e.g., blog.example.com).
  2. 2CNAME records are resolved to find the final target service.
  3. 3The target is checked against known takeover-vulnerable service signatures.
  4. 4Vulnerability status and recommended remediation are shown.
Zenovay

Privacy-first analytics for your website

Understand your visitors without invasive tracking. GDPR compliant, lightweight, and powerful.

Explore Zenovay

Related Tools

Password GeneratorGenerate strong, random passwords with customizable length, characters, and complexity.
Password Strength CheckerCheck how strong your password is. Get an estimated crack time and improvement suggestions.
HMAC GeneratorGenerate HMAC signatures using SHA-256, SHA-384, or SHA-512 with the Web Crypto API.
AES Encryption/DecryptionEncrypt and decrypt text using AES-GCM with PBKDF2 key derivation. Runs entirely in your browser.

Frequently Asked Questions

What is a subdomain takeover?
A subdomain takeover occurs when a subdomain's CNAME record points to a third-party service that is no longer claimed or configured. An attacker can register the abandoned service (e.g., a GitHub Pages repo, a Heroku app, or an AWS S3 bucket) and serve content from your subdomain. This can be used for phishing attacks, cookie theft, or bypassing Content Security Policy by making malicious content appear to originate from your domain.
Which services are most commonly targeted?
Common subdomain takeover targets include: GitHub Pages (most common), Heroku apps, AWS S3 buckets, Azure App Service, Shopify stores, Zendesk help centers, Tumblr blogs, Fastly CDN origins, UserVoice feedback portals, Surge.sh sites, Netlify sites, Bitbucket Pages, and ReadTheDocs documentation. When these services are removed without updating DNS, the CNAME record becomes "dangling" and exploitable.
How do I fix a dangling CNAME?
Option 1 (recommended): Delete the DNS CNAME record for the subdomain if the service is no longer needed. Option 2: Reclaim the abandoned resource on the third-party platform (e.g., create a new GitHub Pages repo, re-register the Heroku app). Deleting the DNS record is safer and faster. Also audit all your other subdomains for similar dangling CNAMEs — use tools like Subjack, nuclei, or continuous DNS monitoring.
How can I prevent subdomain takeovers?
Maintain an inventory of all your DNS records and the services they point to. When decommissioning a service, always remove the DNS CNAME record before or immediately after. Use a DNS monitoring service that alerts you to changes. Consider using dangling DNS detection tools in your CI/CD pipeline. For critical subdomains, use DNS CAA records and HSTS preloading to limit what certificates can be issued.
Can this tool check all my subdomains at once?
This tool checks one subdomain at a time. For bulk scanning of all subdomains, use security tools like subjack, nuclei (with the takeover templates), or dnstake. First, enumerate all your subdomains using certificate transparency logs (via the Subdomain Finder tool), then run each through a takeover checker. Automate this in your security pipeline to catch new dangling records as your infrastructure evolves.