edoverflow/can-i-take-over-xyz

This repository is a community-maintained reference list for a specific type of security vulnerability called a subdomain takeover. The problem occurs when a website's DNS record points to a third-party service, such as a hosting platform or cloud provider, but that service account has been deleted or cancelled. An attacker can then register a new account on that same service, claim the abandoned address, and effectively control a subdomain of the original website without the owner realising. The project answers the question of whether a given service is vulnerable to this kind of claim. It maintains a large table listing hundreds of services, noting whether each one is currently vulnerable, what text pattern appears on the page when a takeover is possible, and links to discussion threads where researchers have worked through the details. An automated system checks the fingerprints regularly and marks each entry as passing or failing. The README also explains how to safely demonstrate a subdomain takeover if you find one during a security test or bug bounty program. The recommended approach is to claim the subdomain quietly and serve a harmless file at a non-obvious path, rather than posting anything visible on the main page. This lets you prove the vulnerability to the program without causing harm or drawing unwanted attention. Contributing is done through GitHub Issues using a provided template, so researchers who find new vulnerable services can add them to the list for others to benefit from. The fingerprint data is also exported as a JSON file that other tools can consume programmatically. The project is explicitly a research guide, not a guarantee. The maintainers note that accuracy depends on community contributions, and individual bug bounty programs set their own rules about what counts as an acceptable proof of concept. The full README is longer than what was shown.