✅ 5 Smart Ways to Check for Subdomain Takeover in Laravel
🔐 Introduction
If you’re building a Laravel application and deploying on multiple subdomains, there’s a risk that attackers might hijack one of your unused or misconfigured subdomains. This is called a Subdomain Takeover — a serious security flaw that can compromise your entire application. In this guide, you’ll learn how to check for subdomain takeover in Laravel with hands-on code examples, open-source tools, and automated scanning tips.
🚨 What is Subdomain Takeover?
Subdomain Takeover happens when a subdomain (like blog.example.com) points to a service (e.g., GitHub Pages, AWS S3, or Heroku) that is no longer in use or has been de-provisioned. If DNS records remain active while the service is not claimed, attackers can register that service and serve malicious content under your domain name.
🔍 Why Laravel Apps Are at Risk
Laravel applications often use subdomains for multitenancy (e.g., client1.example.com, admin.example.com). If these subdomains are removed or misconfigured during development or deployment without cleaning up DNS records, they become prime targets for attackers.
That’s why knowing how to check for subdomain takeover in Laravel is essential for any Laravel developer or DevOps engineer.
🛠️ How to Check for Subdomain Takeover in Laravel (Step-by-Step)
Let’s break down the top 5 smart methods to find and fix subdomain takeover vulnerabilities in Laravel projects.
✅ 1. Use Laravel Middleware to Detect Unused Subdomains
You can create a custom middleware to log and alert on unknown or unused subdomains dynamically.
// app/Http/Middleware/DetectUnusedSubdomains.php
namespace App\Http\Middleware;
use Closure;
class DetectUnusedSubdomains
{
public function handle($request, Closure $next)
{
$host = $request->getHost();
// Whitelisted subdomains
$validSubdomains = ['admin', 'api', 'blog'];
$subdomain = explode('.', $host)[0];
if (!in_array($subdomain, $validSubdomains)) {
\Log::warning("Possible takeover risk: Subdomain {$subdomain}.{$request->getHost()} is not recognized.");
}
return $next($request);
}
}Register this middleware in your Kernel.php and monitor the logs for unrecognized subdomain activity.
✅ 2. Scan with Our Free Online Security Tool
You can instantly check if your Laravel subdomains are vulnerable using our free tool:
📸 Screenshot of our Website Vulnerability Scanner Tool:
Just enter your main domain and scan for vulnerable subdomains. Our tool checks for CNAME pointing to unclaimed services.
✅ 3. Use DNS Enumeration Tools in Laravel
Integrate popular DNS enumeration tools with Laravel Artisan:
composer require symfony/processuse Symfony\Component\Process\Process;
$domain = 'example.com';
$process = new Process(['sublist3r', '-d', $domain]);
$process->run();
if ($process->isSuccessful()) {
echo $process->getOutput();
}This code runs Sublist3r from Laravel to list all subdomains. You can automate this during CI/CD.
✅ 4. Check for Broken CNAMEs Programmatically
Scan DNS records using PHP:
$subdomain = 'test.example.com';
$dnsRecords = dns_get_record($subdomain, DNS_CNAME);
if (!empty($dnsRecords)) {
$target = $dnsRecords[0]['target'];
// Ping the target
$headers = @get_headers("http://$target");
if (!$headers || strpos($headers[0], '404') !== false) {
echo "Potential subdomain takeover risk on $subdomain!";
}
}This script checks if the CNAME points to a dead or unclaimed service.
✅ 5. Monitor Subdomain DNS Changes via Laravel Scheduler
Use Laravel’s task scheduler to track DNS record changes over time:
// app/Console/Commands/MonitorSubdomains.php
namespace App\Console\Commands;
use Illuminate\Console\Command;
class MonitorSubdomains extends Command
{
protected $signature = 'monitor:subdomains';
public function handle()
{
$subdomains = ['blog.example.com', 'api.example.com'];
foreach ($subdomains as $subdomain) {
$records = dns_get_record($subdomain, DNS_CNAME);
if (empty($records)) {
\Log::warning("No DNS CNAME found for $subdomain. May be vulnerable.");
}
}
}
}Schedule this in App\Console\Kernel.php:
$schedule->command('monitor:subdomains')->daily();📄 Real Report Example Using Our Tool
📸 Sample Assessment Report generated by our tool to check Website Vulnerability:
🔗 Internal Links You Shouldn’t Miss
Explore more Laravel and frontend security articles:
- HTTP Parameter Pollution in Laravel
- Host Header Injection in Laravel
- How to Handle Disapproved Ads Due to Compromised Sites
- HTTP Response Splitting in React.js
🚀 Don’t Miss Our New Security Services
✅ Web Application Penetration Testing Services
We offer expert-led security testing to identify business-critical vulnerabilities like subdomain takeover, parameter tampering, and more.
🤝 Partner With Us: Offer Cybersecurity Services to Your Clients
Are you a web agency or hosting company? Collaborate with us to offer professional security services to your customers under your brand.
📌 Final Thoughts
If you’re building SaaS or enterprise-grade apps in Laravel, make sure you regularly check for subdomain takeover in Laravel. Use middleware, automated scans, and monitor DNS records. Subdomain takeovers are silent killers — they don’t throw errors but expose serious security loopholes.
✅ Summary Checklist
- Scan subdomains using our free tool
- Automate DNS checks with Laravel
- Detect unknown subdomains via middleware
- Investigate broken CNAME records
- Run security reports regularly
