back
loading skill details...
>-
SKILL: Subdomain Takeover — Detection & Exploitation Playbook AI LOAD INSTRUCTION: Covers CNAME/NS/MX takeover, per-provider fingerprint matching, claim procedures, and defensive monitoring. Base models often confuse "CNAME exists" with "takeover possible" — the key is whether the resource behind the CNAME is unclaimed and claimable. 0. RELATED ROUTING ssrf-server-side-request-forgery when a subdomain takeover is used to bypass SSRF allowlists trusting *.target.com cors-cross-origin-misconfiguration when CORS trusts *.target.com — takeover → full cross-origin read xss-cross-site-scripting takeover gives you script execution under target origin (cookie theft, OAuth redirect abuse) http-host-header-attacks when Host routing leads to subdomain-scoped cache or auth issues web-cache-deception when a taken-over subdomain shares cache with the main domain 1. CORE CONCEPT Subdomain takeover occurs when:
don't have the plugin yet? install it then click "run inline in claude" again.