gitwtfhub

wtf is subzy?

nsecho/subzy — explained in plain English

Analysis updated 2026-07-18 · repo last pushed 2023-02-03

GoAudience · ops devopsComplexity · 2/5DormantSetup · easy

TL;DR

Subzy scans lists of subdomains to detect ones vulnerable to takeover, where an abandoned subdomain can be hijacked by an attacker who registers the unused underlying service.

Mindmap

mindmap
  root((subzy))
    What it does
      Scans subdomains
      Detects takeover risk
      Fingerprint matching
    Tech stack
      Go
      CLI
    Use cases
      Audit company subdomains
      Security research scans
      Update fingerprint database
    Audience
      Security teams
      Security researchers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Scan a company's list of old subdomains to check whether any can be hijacked by an attacker.

REASON 2

Run subzy as part of a broader security scan while testing a website's defenses.

REASON 3

Check many subdomains at once using parallel checks to quickly find takeover risks.

REASON 4

Update the local fingerprint database so the tool detects newly discovered takeover vulnerabilities.

What's in the stack?

Go

How it stacks up

nsecho/subzy42wim/fabio42wim/go-xmpp
LanguageGoGoGo
Last pushed2023-02-032018-02-042020-01-24
MaintenanceDormantDormantDormant
Setup difficultyeasymoderatemoderate
Complexity2/53/53/5
Audienceops devopsops devopsdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · easy Time to first run · 5min

Compiles into a single Go binary, no external dependencies needed to run.

License is not stated in the available content.

Wtf does this do

Subzy is a tool that checks if someone could "take over" abandoned subdomains. When a company sets up a subdomain (like api.company.com) but later stops using it, an attacker can sometimes register the underlying service and hijack traffic meant for that domain. This tool automatically scans subdomains to see if they're vulnerable to that kind of attack. The way it works is straightforward: you give it a list of subdomains to check, and it visits each one to see what response it gets back. It compares those responses against a database of known fingerprints, basically patterns that indicate a subdomain can be taken over. For example, if a subdomain points to an unused Heroku app, Heroku sends back a specific error page. Subzy recognizes that pattern and alerts you that the domain is vulnerable. The tool runs these checks in parallel (checking multiple domains at once) to save time. You'd use this if you're responsible for security at a company and want to make sure your old subdomains can't be weaponized by attackers. A security researcher might also use it as part of a broader scan when testing a website's defenses. The tool is designed to be fast and straightforward, you just point it at a file of subdomains or type in a few domains yourself, set how many checks you want to run at once, and it tells you which ones are at risk. The tool is written in Go, which means it compiles into a single, fast executable file. The fingerprints it uses to detect vulnerabilities come from a well-known community project that documents takeover risks for different services. You can update those fingerprints locally whenever new vulnerabilities are discovered, so the tool stays current without needing a new release.

Yoink these prompts

Prompt 1
Show me how to run subzy against a file of subdomains to check for takeover vulnerabilities.
Prompt 2
Explain how subzy uses fingerprints to detect that an abandoned subdomain points to an unused Heroku app.
Prompt 3
Help me set the concurrency level in subzy so it checks multiple subdomains at once without overloading the network.
Prompt 4
Walk me through updating subzy's local fingerprint database with the latest known takeover patterns.

Frequently asked questions

wtf is subzy?

Subzy scans lists of subdomains to detect ones vulnerable to takeover, where an abandoned subdomain can be hijacked by an attacker who registers the unused underlying service.

What language is subzy written in?

Mainly Go. The stack also includes Go.

Is subzy actively maintained?

Dormant — no commits in 2+ years (last push 2023-02-03).

What license does subzy use?

License is not stated in the available content.

How hard is subzy to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is subzy for?

Mainly ops devops.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.