subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go’s speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives.
subjack
Currently checks for:
+ Amazon S3 Bucket
+ Amazon Cloudfront
+ Cargo
+ Fastly
+ FeedPress
+ Ghost
+ Github
+ Helpjuice
+ Help Scout
+ Heroku
+ Pantheon.io
+ Shopify
+ Surge
+ Tumblr
+ UserVoice
+ WordPress
+ WPEngine
Dependencies:
+ Golang Language https://golang.org/doc/install
Practical Use:
I’ve included scanio.sh which is kind of a PoC script to mass-locate vulnerable subdomains using results from Rapid7’s Project Sonar. This script parses and greps through the dump for desired CNAME records and makes a large list of subdomains to check with subjack if they’re vulnerable to Hostile Subdomain Takeover. Of course this isn’t the only method to get a large amount of data to test. Please use this responsibly 
Usage:
git clone https://github.com/haccer/subjack && cd subjack go build ./subjack -w (your_file.txt) -t 100 -https
Source: https://github.com/haccer