Hello Guys..!!
Happy New Year 2023 to all my followers 🥳
Hope you are doing well
Today we are going to see how to find Sub-domain Takeover vulnerabilities on GitHub Pages using the Google Dork.
Note: This Trick was originally founded by Avinash Jain as shown in the below tweet and I am just following it in Practical to spread it to more people.
Let’s Start without wasting any more time.
Google Dork:
intext: “There isn’t a GitHub Pages site here”
Search the above dork in google to find any sub-domains vulnerable to takeover
You won’t find many matching results but if any newly created subdomain is indexed with a google search engine, then it will be found in the search results.
Similarly, try the below dork as well
Google Dork:
intitle: “site not found - Github Pages”
Search the above dork in google to find any sub-domains vulnerable to takeover
As I said earlier you will only find the vulnerable sub-domains if any newly created subdomain is indexed with a google search engine and does not contain any page over it as shown below.
So, That’s it for today
Thank you guys for Reading this Post — Happy Hunting 🐞
If you like this post, don’t forget to give me a clap 👏
Credits: Avinash Jain
Support me: If you like to support me, buy me a cup of coffee ☕
Follow me: @0xKayala | Satya Prakash