Skills

hunt-subdomain

Installation
SKILL.md

Crown Jewel Targets

Subdomain takeover is high-value because it allows an attacker to serve content from a trusted, company-owned domain — bypassing browser same-origin trust, phishing filters, and user skepticism simultaneously.

Highest payout contexts:

  • Subdomains of major SaaS brands (Shopify, Snapchat, Mozilla, Yelp) where the trusted domain has user session context
  • CDN-backed subdomains (Fastly, CloudFront) where CNAME points to unclaimed origins
  • Third-party service integrations: UserVoice, WordPress.com, GitHub Pages, GitLab Pages, Heroku, Zendesk
  • Preview/staging/dev subdomains (new., preview., course., delivery., addons-preview.) — abandoned after feature launches
  • Subdomains used for OAuth redirect URIs or SSO endpoints — these pay highest

Asset types that matter most:

  • CNAME records pointing to deprovisioned third-party services
  • NS delegations to abandoned zones
  • A records pointing to unallocated cloud IPs (less common)
  • GitLab/GitHub Pages with unclaimed project namespaces
Installs
34
Repository
elementalsouls/…ughunter
GitHub Stars
2.6K
First Seen
May 24, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
hunt-subdomain — elementalsouls/claude-bughunter