Subdomain takeover is a critical vulnerability that occurs when a DNS record points to a resource (like an S3 bucket or Heroku app) that has been deleted, but the DNS record still exists. Attackers can claim the resource and host malicious content on your subdomain.
In this guide, youโll learn how to check for subdomain takeover in Symfony, with real-world coding examples, free tools, and prevention tips.
For more cybersecurity insights, visit the Pentest Testing Blog.
๐ Why Does Subdomain Takeover Happen?
It happens when:
- You configure a CNAME to a cloud service (e.g.,
sub.domain.com โ app.herokuapp.com
). - You delete the app, but keep the DNS record.
- An attacker claims
app.herokuapp.com
and hosts their own content.
This can lead to phishing, content injection, and brand damage.
๐ท Screenshot: Free Website Vulnerability Scanner
Hereโs a screenshot of our Website Vulnerability Scanner, you can use to scan your site for vulnerabilities, including misconfigured DNS:
Screenshot of the free tools webpage where you can access security assessment tools.
You can try it yourself at ๐ https://free.pentesttesting.com/
๐งโ๐ป How to Detect Vulnerable Subdomains in Symfony
Below are actionable steps with Symfony-specific examples.
1๏ธโฃ Scan Your Subdomains Programmatically
Symfony allows you to build console commands easily to automate tasks.
Hereโs an example Symfony Command to list and check subdomains using host
command:
// src/Command/CheckSubdomainsCommand.php
namespace App\Command;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Process\Process;
class CheckSubdomainsCommand extends Command
{
protected static $defaultName = 'app:check-subdomains';
protected function execute(InputInterface $input, OutputInterface $output): int
{
$subdomains = [
'test.domain.com',
'blog.domain.com',
'shop.domain.com',
];
foreach ($subdomains as $sub) {
$process = Process::fromShellCommandline("host {$sub}");
$process->run();
if (!$process->isSuccessful()) {
$output->writeln("<error>Failed to resolve {$sub}</error>");
} else {
$output->writeln("<info>{$sub}: {$process->getOutput()}</info>");
}
}
return Command::SUCCESS;
}
}
Run it via Symfony CLI:
php bin/console app:check-subdomains
Look for any NXDOMAIN
or pointing to unused services.
2๏ธโฃ Use Our Free Tool for Automated Scanning
You can use https://free.pentesttesting.com/ to instantly check your website.
It detects:
- Unclaimed DNS records
- Vulnerable subdomains
- Misconfigured security headers
๐ท Screenshot: Example Vulnerability Report
Here's a Screenshot of a sample Vulnerability report, which you can use to check Website Vulnerability:
An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.
3๏ธโฃ Symfony-Specific DNS Checks
If you want to integrate DNS resolution checks in your Symfony controllers for a dashboard, you can use PHPโs dns_get_record
:
$records = dns_get_record('test.domain.com', DNS_CNAME | DNS_A);
if (empty($records)) {
throw new \Exception('No DNS records found โ possible takeover risk!');
}
๐งฏ How to Prevent Subdomain Takeover
โ
Regularly audit DNS records.
โ
Delete unused DNS entries.
โ
Claim resources (buckets, apps) before releasing domains.
โ
Use tools like our Free Website Security Scanner monthly.
We also offer professional help ๐ Web Application Penetration Testing
๐ Offer Cybersecurity Services to Your Clients
If youโre a web agency, MSP, or freelancer, you can white-label our security services for your clients.
Learn more here: Offer Cybersecurity Services
๐ฌ Stay Updated
Donโt miss our latest security guides and insights:
๐ Subscribe on LinkedIn
๐ Related Reading
By regularly auditing your DNS and integrating Symfony checks, you can keep your domains secure from takeover attempts. For a full assessment, donโt forget to use our free tool for a Website Security test!
Top comments (0)