Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Aftership - Subdomain Takeover Detection

By kannthu

Vidoc logoVidoc Module

What is Aftership - Subdomain Takeover Detection?

Aftership - Subdomain Takeover Detection is a module designed to detect a subdomain takeover vulnerability in the Aftership software. A subdomain takeover occurs when a subdomain that is no longer in use is taken over by an attacker, allowing them to potentially gain unauthorized access or control over the subdomain.

This module focuses specifically on detecting subdomain takeover vulnerabilities in the Aftership software. Aftership is a shipping tracking platform that helps businesses track and manage their shipments. It is widely used by e-commerce companies and logistics providers.

The severity of this module is classified as high, indicating that a successful subdomain takeover could have significant consequences for the affected organization.


A successful subdomain takeover can lead to various security risks and potential exploits. By gaining control over a subdomain, an attacker can:

- Impersonate the legitimate organization by hosting malicious content on the subdomain. - Intercept sensitive information, such as user credentials or customer data, transmitted through the subdomain. - Perform phishing attacks by creating convincing subdomains that appear to be legitimate. - Exploit trust relationships between the subdomain and other systems or services.

These risks can result in financial losses, reputational damage, and compromised user privacy.

How the module works?

The Aftership - Subdomain Takeover Detection module works by sending HTTP requests to the target domain and analyzing the responses for specific patterns that indicate a subdomain takeover vulnerability.

It uses a set of matching conditions to identify potential subdomain takeover scenarios. These conditions include:

- Host != ip: This condition checks if the host of the response is not an IP address, as subdomains are typically represented by domain names rather than IP addresses. - Oops.

The page you're looking for doesn't exist.: This condition checks if the response contains the specific HTML content indicating that the subdomain is no longer in use.

If both conditions are met, the module reports a potential subdomain takeover vulnerability.

Here is an example of an HTTP request that the module might send:

GET / HTTP/1.1
User-Agent: Vidoc-Scanner/1.0
Accept: */*

The module then analyzes the response and applies the matching conditions to determine if a subdomain takeover vulnerability exists.

By using the Aftership - Subdomain Takeover Detection module, organizations can proactively identify and mitigate subdomain takeover risks in their Aftership installations, enhancing their overall security posture.

Module preview

Concurrent Requests (0)
Passive global matcher
dsl: Host != ipand
word: Oops.</h2><p class="text-muted text-tigh...
On match action
Report vulnerability