Subdomain takeover is a critical vulnerability that occurs when a DNS record points to a resource (like an S3 bucket or Heroku app) that has been deleted, but the DNS record still exists. Attackers can claim the resource and host malicious content on your subdomain.
In this guide, you’ll learn how to check for subdomain takeover in Symfony, with real-world coding examples, free tools, and prevention tips.
For more cybersecurity insights, visit the Pentest Testing Blog.
🔍 Why Does Subdomain Takeover Happen?
It happens when:
- You configure a CNAME to a cloud service (e.g.,
sub.domain.com → app.herokuapp.com). - You delete the app, but keep the DNS record.
- An attacker claims
app.herokuapp.comand hosts their own content.
This can lead to phishing, content injection, and brand damage.
📷 Screenshot: Free Website Vulnerability Scanner
Here’s a screenshot of our Website Vulnerability Scanner, you can use to scan your site for vulnerabilities, including misconfigured DNS:
Screenshot of the free tools webpage where you can access security assessment tools.
You can try it yourself at 👉 https://free.pentesttesting.com/
🧑💻 How to Detect Vulnerable Subdomains in Symfony
Below are actionable steps with Symfony-specific examples.
1️⃣ Scan Your Subdomains Programmatically
Symfony allows you to build console commands easily to automate tasks.
Here’s an example Symfony Command to list and check subdomains using host command:
// src/Command/CheckSubdomainsCommand.php
namespace App\Command;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Process\Process;
class CheckSubdomainsCommand extends Command
{
protected static $defaultName = 'app:check-subdomains';
protected function execute(InputInterface $input, OutputInterface $output): int
{
$subdomains = [
'test.domain.com',
'blog.domain.com',
'shop.domain.com',
];
foreach ($subdomains as $sub) {
$process = Process::fromShellCommandline("host {$sub}");
$process->run();
if (!$process->isSuccessful()) {
$output->writeln("<error>Failed to resolve {$sub}</error>");
} else {
$output->writeln("<info>{$sub}: {$process->getOutput()}</info>");
}
}
return Command::SUCCESS;
}
}
Run it via Symfony CLI:
php bin/console app:check-subdomains
Look for any NXDOMAIN or pointing to unused services.
2️⃣ Use Our Free Tool for Automated Scanning
You can use https://free.pentesttesting.com/ to instantly check your website.
It detects:
- Unclaimed DNS records
- Vulnerable subdomains
- Misconfigured security headers
📷 Screenshot: Example Vulnerability Report
Here's a Screenshot of a sample Vulnerability report, which you can use to check Website Vulnerability:
An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.
3️⃣ Symfony-Specific DNS Checks
If you want to integrate DNS resolution checks in your Symfony controllers for a dashboard, you can use PHP’s dns_get_record:
$records = dns_get_record('test.domain.com', DNS_CNAME | DNS_A);
if (empty($records)) {
throw new \Exception('No DNS records found – possible takeover risk!');
}
🧯 How to Prevent Subdomain Takeover
✅ Regularly audit DNS records.
✅ Delete unused DNS entries.
✅ Claim resources (buckets, apps) before releasing domains.
✅ Use tools like our Free Website Security Scanner monthly.
We also offer professional help 👉 Web Application Penetration Testing
🚀 Offer Cybersecurity Services to Your Clients
If you’re a web agency, MSP, or freelancer, you can white-label our security services for your clients.
Learn more here: Offer Cybersecurity Services
📬 Stay Updated
Don’t miss our latest security guides and insights:
👉 Subscribe on LinkedIn
📖 Related Reading
By regularly auditing your DNS and integrating Symfony checks, you can keep your domains secure from takeover attempts. For a full assessment, don’t forget to use our free tool for a Website Security test!
Top comments (0)