Will update when exploit PoC available.

Hey all,

I help maintain dnsReaper which is a subdomain takeover tool. It's free, available on GitHub and docker and looks for domains vulnerable to domain takeovers.

Today we've added 2 new integrations!

Project discovery have a massive database of subdomains called CHAOS and you can now query and test domains in dnsReaper.

We've also added SecurityTrails, which also has a huge public subdomain list.

This means that you can just point dnsReaper at a bug bounty domain and let it run. There will be false positives for sure, but we have 61 signatures so hopefully there will be some nice easy findings too.

Our blog post on the new features is here:

https://punksecurity.co.uk/blog/dnsreaper_pd/

Our GitHub is over here:

https://github.com/punk-security/dnsReaper

It's a free tool that we built just to highlight this issue and educate. Please give it a star and share it, we'd appreciate it.