reddit hackernews mail facebook facebook linkedin


A fast tool to check subdomain takeover vulnerability.

Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerability and it is fast as it is asynchronous.

During recon process you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or urllib method as it is very slow. Using Sub 404 you can automate this task in much faster way. Sub 404 uses aiohttp/asyncio which makes this tool asynchronous and faster.

Sub 404 uses subdomains list from text file and checks for url of 404 Not Found status code and in addition it fetches CNAME(Canonical name) and removes those URL which have target domain name in CNAME. It also combines result from subfinder and sublist3r(subdomain enumeration tool) if you don't have target subdomains as two is better than one. But for this sublist3r and subfinder tools must be installed in your system. Sub 404 is able to check 7K subdomains in less than 5 minutes.