Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Aha - Subdomain Takeover Detection

By kannthu

Vidoc logoVidoc Module

What is the "Aha - Subdomain Takeover Detection?" module?

The "Aha - Subdomain Takeover Detection" module is designed to detect subdomain takeover vulnerabilities in the Aha software. Subdomain takeover occurs when a subdomain that is no longer in use can be claimed by an attacker, allowing them to potentially gain control over the subdomain and its associated resources. This module focuses on identifying such vulnerabilities, which can have a high severity impact on the security of the affected system.

This module was authored by pdteam.


A subdomain takeover vulnerability in the Aha software can lead to various security risks. If an attacker successfully takes over a subdomain, they may be able to redirect traffic intended for the legitimate subdomain to their own malicious site. This can result in phishing attacks, data theft, or other unauthorized activities. It is important to address subdomain takeover vulnerabilities promptly to mitigate these risks.

How does the module work?

The "Aha - Subdomain Takeover Detection" module works by analyzing the responses received from the target system and applying specific matching conditions to identify potential subdomain takeover vulnerabilities. The module uses HTTP request templates to interact with the target system and checks for specific response patterns that indicate the presence of a vulnerable subdomain.

One of the matching conditions used by this module is the absence of a specific response message: "There is no portal here ... sending you back to Aha!" If this message is found in the response, it suggests that the subdomain is not vulnerable to takeover.

It is important to note that this module does not perform any actual subdomain takeover. Instead, it focuses on detecting potential vulnerabilities and reporting them for further investigation and remediation.

Here is an example of an HTTP request that may be sent by the module:

GET / HTTP/1.1
Host: [target subdomain]

The module then analyzes the response received and applies the matching conditions to determine if a subdomain takeover vulnerability exists.

It is recommended to regularly scan and test for subdomain takeover vulnerabilities to ensure the security of your Aha software installation.

Module preview

Concurrent Requests (0)
Passive global matcher
dsl: Host != ipand
word: There is no portal here ... sending you ...
On match action
Report vulnerability