Skip to content

rotemreiss/robusto

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

RobuSTO

💥Robust-Subdomain-Takeover💥

Get a list of domains and search for subdomain takeovers.

How is it different from other tools?

This tools was build around the idea of automating the process, and allow blue-teams to use it to scan their own assets.

For example, scan all my organization's subdomains on a recurring basis and trigger an internal alert when an issue pops.

The tool was also built as "CI-Ready" (see more about it below).

Installation

  • Prerequisites
  • Clone the repository with git clone https://github.com/rotemreiss/robusto.git

Usage

RobuSTO supports both single/multiple domain(s).

  • Single domain
echo "domain.com" | ./robusto.sh
  • Multiple domains
cat domains-tmp.txt | ./robusto.sh

Using the Results

  • Results are saved to results.txt
  • The scanner is "CI-Ready" and it returns a matching exit code according to scan results.
0 - No results
2 - Found subdomain(s) to takeover

For example, if there were results, the file will contain something like:

[detect-all-takeovers:aws-s3-bucket] [http] http://take.me.over/

Hooks/Integrations

The scanner is flexible and allows the user to trigger integrations once results have been found. Just add a file named _found_hook in the hooks directory and do all the integrations you want there. This file will automatically be executed once vulnerable subdomains have been found.

See the hooks directory for examples, such as:

  • Jira integration
  • Slack integration

More integration suggestions (not shipped with the scanner, but contributions are welcome):

  • MS Teams
  • Email
  • SMS

Contributing

Feel free to fork the repository and submit pull-requests.


Support

Want to say thanks? :) Message me on Linkedin


Credits

RobuSTO relies on the following great tools:

Thanks to @projectdiscovery! ❤️


License

License