1
00:00:01,910 --> 00:00:04,640
Hello, everyone, and welcome to this video.

2
00:00:05,270 --> 00:00:12,170
So in this video, we are going to see what of the tool, which is useful to identify subdomain because

3
00:00:12,890 --> 00:00:20,660
so after you have identified subdomains for any target program, you just need to supply all your subdomains

4
00:00:20,810 --> 00:00:26,160
to this tool and it will automatically identify the subdomain, takeover vulnerability for you.

5
00:00:26,960 --> 00:00:27,850
So how to do it?

6
00:00:28,340 --> 00:00:33,070
First of all, you need to download and install this tool, which is a subzy.

7
00:00:33,680 --> 00:00:39,800
You can also clone this or you can download a zip from here and do the further installation.

8
00:00:40,790 --> 00:00:47,060
If you do not want to do the installation manually, you can also install it with the help of Go

9
00:00:47,360 --> 00:00:49,010
as a tool is created and go.

10
00:00:49,400 --> 00:00:55,280
So for the installation, you just need to copy these two lines, which is go get and go install.

11
00:00:55,810 --> 00:01:02,620
Remember, for this, you need to have the go lang installation into your computer, which is a prerequisite.

12
00:01:03,380 --> 00:01:09,500
So after you just copy paste this into your terminal, you will be able to successfully install the

13
00:01:09,890 --> 00:01:10,220
subzy tool.

14
00:01:11,330 --> 00:01:19,430
Now, in case you come across any errors year, it has clearly shown how to set your go path for

15
00:01:19,460 --> 00:01:21,240
each Shell environment.

16
00:01:21,740 --> 00:01:29,450
For example, if you are running bash,zsh, fish windows, etc., you can just copy paste these

17
00:01:29,780 --> 00:01:36,590
commands into your terminal and it will do the job for, you know, as I'm running the zsh.

18
00:01:36,590 --> 00:01:43,670
So I'm going to copy paste the above commands, which are this into my terminal and it will successfully

19
00:01:43,670 --> 00:01:46,160
export the go path for me.

20
00:01:46,850 --> 00:01:52,490
I have already done it, but I'm going to show you how to do it for this.

21
00:01:52,670 --> 00:01:56,120
You just need to go to your terminal and copy paste the.

22
00:01:56,120 --> 00:01:56,510
Command.

23
00:01:57,050 --> 00:02:04,430
As you can see, I'm running a Z S.H. So I have pasted this command and now the go path has been successfully

24
00:02:04,430 --> 00:02:05,060
exported.

25
00:02:05,780 --> 00:02:06,240
Perfect.

26
00:02:06,620 --> 00:02:12,080
Now you can just copy paste those two commands, which was go get and go install.

27
00:02:12,380 --> 00:02:18,120
subzy should automatically get installed for your system without any issues

28
00:02:18,780 --> 00:02:22,940
Now you can just verify if the installation has been done or no.

29
00:02:23,270 --> 00:02:28,930
by typing the command, which is a subzy and you should get a help menu like this.

30
00:02:29,750 --> 00:02:30,270
Perfect.

31
00:02:30,290 --> 00:02:32,610
So we have successfully installed the tool.

32
00:02:33,350 --> 00:02:38,340
Now it's time to test the tool to identify if it works or not.

33
00:02:38,870 --> 00:02:42,650
So you can see your other options to use this tool.

34
00:02:42,650 --> 00:02:43,820
The first one is target.

35
00:02:44,990 --> 00:02:52,070
In case you want to scan only one target, then you can give the option, which is subzy space hyphen target

36
00:02:52,280 --> 00:02:52,900
target.

37
00:02:53,270 --> 00:02:56,210
You can also give multiple targets by Comma.

38
00:02:56,270 --> 00:03:03,920
As you can see over here, if you want to give a list of subdomains or target from any file, then you

39
00:03:03,920 --> 00:03:11,060
can just pass the path of the file and it will start scanning all the target domains or subdomains from

40
00:03:11,060 --> 00:03:11,840
that specific path.

41
00:03:11,840 --> 00:03:15,170
But you can also increase the concurrency.

42
00:03:15,560 --> 00:03:20,150
Concurrency means the number of default checks or you can see thread's.

43
00:03:20,450 --> 00:03:24,890
It will make a process much more faster, hide fails means.

44
00:03:25,130 --> 00:03:31,100
You do not want to see which ones are failing, which means not vulnerable you only want to see and is

45
00:03:31,100 --> 00:03:34,030
interested in, which is vulnerable.

46
00:03:34,610 --> 00:03:36,800
Alright, so let's quickly test this.

47
00:03:37,670 --> 00:03:43,160
So I have made a file which is sites.txt, which contains all the subdomains.

48
00:03:43,340 --> 00:03:49,940
So I have enumerated these subdomains from my website, which is srscure.xyz.

49
00:03:50,450 --> 00:03:54,410
So now I'm going to type the command, which is sabzy space //.

50
00:03:54,410 --> 00:04:02,690
Target sites dot txt as you can see over here now, I'm also going to use the concurrency flag to increase

51
00:04:02,690 --> 00:04:08,480
the concurrency, which is the threat to get faster responses by default.

52
00:04:08,480 --> 00:04:10,100
It uses ten threads.

53
00:04:10,100 --> 00:04:14,390
I'm going to use twenty and you can see it has started scanning.

54
00:04:15,050 --> 00:04:18,140
Now, this output is given by the tool, which is find domain.

55
00:04:18,440 --> 00:04:22,430
So you can see these are all the verbose messages that it gives.

56
00:04:22,430 --> 00:04:27,190
And it is this tool is trying and saying https error.

57
00:04:27,890 --> 00:04:35,040
OK, moving ahead, you can see Apple.srscure.xyz is not vulnerable

58
00:04:35,040 --> 00:04:41,210
stko.srscure.xyz is not vulnerable but redmik20.srscure.xyz

59
00:04:41,210 --> 00:04:44,720
is vulnerable and you can see it is pointed to Shopify.

60
00:04:45,170 --> 00:04:45,680
Perfect.

61
00:04:45,680 --> 00:04:53,420
So we have identifieda vulnerable domain which is being pointed to Shopify but have not been claimed.

62
00:04:54,470 --> 00:05:01,160
We have identified more domains, which is varshclothestores.srscure.xyz which

63
00:05:01,160 --> 00:05:01,310
is.

64
00:05:01,480 --> 00:05:03,580
Again, pointing to Shopify.

65
00:05:04,600 --> 00:05:13,000
Now, let's say we do not want to see all such noise onto our terminal and we are only interested in

66
00:05:13,000 --> 00:05:20,320
seeing those particular output which are vulnerable and again, simply type hide, underscore fails,

67
00:05:20,680 --> 00:05:26,320
and you will be able to see only those targeted subdomains like you can see, which are vulnerable.

68
00:05:27,640 --> 00:05:28,990
So let's confirm this.

69
00:05:28,990 --> 00:05:35,680
If it is vulnerable or no going to the Incognito browser, we can see the target is successfully vulnerable.

70
00:05:36,220 --> 00:05:39,220
So I hope you guys understood how you can install this tool.

71
00:05:39,430 --> 00:05:46,510
How can you supply your list with the subdomains and identify if the target is vulnerable or no.

72
00:05:46,720 --> 00:05:47,260
Thank you.