Subdomain CNAME Takeover

Phase 1info gatheringWSTG-CONF

Description

Resolves CNAME records for the target domain via Google DNS-over-HTTPS, then probes each CNAME destination against 27 known unclaimed-resource fingerprints. A fingerprint match confirms an active takeover vector.

Security Impact

A dangling CNAME lets any attacker claim the referenced cloud resource and serve malicious content under your trusted domain. This module checks common subdomains and the root domain for exploitable CNAME configurations.

Automated Detection & AI Remediation

DygDog automatically detects Subdomain CNAME Takeover using its continuous, passive scanning engine. When discovered, DygDog provides infrastructure-specific, copy-paste ready code snippets generated by frontier AI models to help you remediate the issue instantly without generic advice.

Start Free Scan