Asset Monitoring

We'd love to show you what Detectify can do for your business!

What is subdomain takeover?

One common security threat is exposing old subdomain names. Subdomains pointing to third party services no longer being used make it possible for malicious hackers to register the subdomain on that third party and (effectively) hijack the subdomain. Some issues have already been published on our blog.

Detectify provides a tool that allows you to monitor subdomains for such vulnerabilities based on your domain names. Asset Monitoring continuously monitors changes within public DNS resolvers and warns you as soon as it detects any anomalies.

A computer scanning for domains
Detectify logo

How to get up and running

To be able to use this service we need the following:

1 list bullet

The verified domain that we should monitor (for subdomain takeovers). For example, if the customer wants to look for subdomain takeovers on example.com we will find them on *.example.com but not on example2.com even if the customer owns that and it is served by the same DNS.

2 list bullet

An email to send alerts to (future releases will have more options).

How does it work then?

There are two scenarios to use our service:

Scenario 1

You provide us with subdomains

Subdomains from a DNS master file

The customer needs to provide us with the master file for their DNS. This file contains the subdomains they want us to monitor. Initially they need to send us this file via email.

There are some requirements on the file:

It should be formatted as a standard DNS master file (RFC 1034-1035). It needs to either contain an "$ORIGIN" row or we need to know the root origin for the master file (this is most likely the domain they want to monitor, so example.com if they want to look for subdomain takeover under that)

Get subdomains from a DNS zone transfer (AXFR)


The customer needs to whitelist our external IPs in their DNS for zone transfers. How to do this is dependent on what DNS they are running but this should be among the DNS settings.

Second step is that we need an address or IP for the name server we should use and the zone that we should transfer (most likely the domain they want to monitor, so example.com if they want to look for subdomain takeover under that).

Scenario 2

Detectify finds the subdomains

In this scenario the customer doesn’t have to provide us with any additional information. We will try and use a combination of techniques to try to enumerate the subdomains.

Yep. That’s it.

A toolbox full of tools

GO HACK YOURSELF!

Would you like to know more?

If you are interested in knowing more about Asset Monitoring just reach out to us via our Request a live demo page.

Request a demo