今日重点:子域名劫持与自动化扫描
hackerone漏洞列表:
https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSUBDOMAINTAKEOVER.md
漏洞原理
1.web 安全系列-15-subdomain takeover 子域劫持
https://houbb.github.io/2020/08/09/web-safe-15-subdomain-takeover
2.深入解析子域名接管(Subdomain Takeover)漏洞
https://www.secpulse.com/archives/94973.html
3.HackerOne | 子域名劫持漏洞的挖掘指南
https://www.freebuf.com/articles/web/183254.html
4.技术分析 | 我们来“劫持”个GitHub自定义域名玩吧!
https://www.freebuf.com/articles/web/171952.html
5.Domain takeover
https://book.hacktricks.xyz/pentesting-web/domain-subdomain-takeover
6.A GUIDE TO SUBDOMAIN TAKEOVERS
https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
7.Subdomain takeovers
https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers
8.How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
漏洞分析
1.挖洞经验 | 通过域名劫持实现Azure DevOps账户劫持
https://www.freebuf.com/articles/web/242727.html
2.挖洞经验 | 看我如何通过子域名接管绕过Uber单点登录认证机制
https://www.freebuf.com/news/141630.html
3.挖洞经验 | 看我如何在前期踩点过程中发现价值$4500的漏洞
https://www.freebuf.com/articles/network/171219.html
4.挖洞经验 | 看我如何在短时间内对Shopify五万多个子域名进行劫持
https://www.freebuf.com/articles/web/186411.html
5.Exploiting Subdomain Takeover on S3
https://gupta-bless.medium.com/exploiting-subdomain-takeover-on-s3-6115730d01d7
自动化工具
1.Osmedeus
https://github.com/j3ssie/Osmedeus
https://github.com/shmilylty/OneForAll
3.second-order
https://github.com/mhmdiaa/second-order
4.SubOver
https://github.com/Ice3man543/SubOver
5.more
https://github.com/search?q=Subdomain+Takeover&type=
视频教程
1.Live Stream Subdomain Takeovers for Bug Bounties
2.Subdomain Takeover Step by Step | Bug Bounty 2020
Pxiaoer's Blog 