nsecho/subzy — explained in plain English
Analysis updated 2026-07-18 · repo last pushed 2023-02-03
Scan a company's list of old subdomains to check whether any can be hijacked by an attacker.
Run subzy as part of a broader security scan while testing a website's defenses.
Check many subdomains at once using parallel checks to quickly find takeover risks.
Update the local fingerprint database so the tool detects newly discovered takeover vulnerabilities.
| nsecho/subzy | 42wim/fabio | 42wim/go-xmpp | |
|---|---|---|---|
| Language | Go | Go | Go |
| Last pushed | 2023-02-03 | 2018-02-04 | 2020-01-24 |
| Maintenance | Dormant | Dormant | Dormant |
| Setup difficulty | easy | moderate | moderate |
| Complexity | 2/5 | 3/5 | 3/5 |
| Audience | ops devops | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
Compiles into a single Go binary, no external dependencies needed to run.
Subzy is a tool that checks if someone could "take over" abandoned subdomains. When a company sets up a subdomain (like api.company.com) but later stops using it, an attacker can sometimes register the underlying service and hijack traffic meant for that domain. This tool automatically scans subdomains to see if they're vulnerable to that kind of attack. The way it works is straightforward: you give it a list of subdomains to check, and it visits each one to see what response it gets back. It compares those responses against a database of known fingerprints, basically patterns that indicate a subdomain can be taken over. For example, if a subdomain points to an unused Heroku app, Heroku sends back a specific error page. Subzy recognizes that pattern and alerts you that the domain is vulnerable. The tool runs these checks in parallel (checking multiple domains at once) to save time. You'd use this if you're responsible for security at a company and want to make sure your old subdomains can't be weaponized by attackers. A security researcher might also use it as part of a broader scan when testing a website's defenses. The tool is designed to be fast and straightforward, you just point it at a file of subdomains or type in a few domains yourself, set how many checks you want to run at once, and it tells you which ones are at risk. The tool is written in Go, which means it compiles into a single, fast executable file. The fingerprints it uses to detect vulnerabilities come from a well-known community project that documents takeover risks for different services. You can update those fingerprints locally whenever new vulnerabilities are discovered, so the tool stays current without needing a new release.
Subzy scans lists of subdomains to detect ones vulnerable to takeover, where an abandoned subdomain can be hijacked by an attacker who registers the unused underlying service.
Mainly Go. The stack also includes Go.
Dormant — no commits in 2+ years (last push 2023-02-03).
License is not stated in the available content.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.