I try to automate a solution to check hosts for Subdomain takeover vuln. First I get all subdomain’s responses, then use the loop to checking keywords:
if grep -l 'Repository not found\|The specified bucket does not exist\|Github Pages site here\|No such app\|Sorry, this shop is currently unavailable\|404 Blog is not found\|is not a registered InCloud YouTrack' "$ X"; then echo "$ line" >> ./$ 1/$ foldername/vulnerable.txt fi
Do I need more specific keywords to catch subdomain takeover vuln inside http response bodies? Or something different at all?