Subdomain CNAME Takeover
Phase 1info gatheringWSTG-CONF
Description
Resolves CNAME records for the target domain via Google DNS-over-HTTPS, then probes each CNAME destination against 27 known unclaimed-resource fingerprints. A fingerprint match confirms an active takeover vector.
Security Impact
A dangling CNAME lets any attacker claim the referenced cloud resource and serve malicious content under your trusted domain. This module checks common subdomains and the root domain for exploitable CNAME configurations.
Automated Detection & AI Remediation
DygDog automatically detects Subdomain CNAME Takeover using its continuous, passive scanning engine. When discovered, DygDog provides infrastructure-specific, copy-paste ready code snippets generated by frontier AI models to help you remediate the issue instantly without generic advice.
Start Free Scan