Check for Subdomain Takeover in Symfony: Step-by-Step Guide

Subdomain takeover is a critical security flaw where an attacker claims a dangling subdomain and serves malicious content. This…

Pentest_Testing_Corp

DevSecOps & AI

· ~3 min read · July 13, 2025 (Updated: July 13, 2025) · Free: Yes

Subdomain takeover is a critical security flaw where an attacker claims a dangling subdomain and serves malicious content. This vulnerability can damage your brand's reputation, phish users, or expose sensitive data.

If you're running a Symfony-powered application with multiple subdomains, you must regularly test for subdomain takeover to stay secure.

In this guide, we'll cover: ✅ What is subdomain takeover? ✅ Why Symfony apps are at risk ✅ How to check for subdomain takeover manually & programmatically ✅ How our Website Vulnerability Scanner online helps ✅ Symfony code snippets for better prevention ✅ Additional resources & newsletter

📌 What is Subdomain Takeover?

Subdomain takeover happens when a DNS record (like a CNAME) points to a service (e.g., AWS S3, Azure, Heroku) that's no longer in use, but the DNS still resolves. Attackers can register or claim the orphaned resource and host their own malicious content.

Read more cybersecurity insights on our Pentest Testing blog.

🔍 Why Symfony Apps Are at Risk

Symfony is often used in multi-tenant SaaS platforms where each customer gets their own subdomain. If you delete a tenant but forget to remove its DNS record, it creates an opportunity for takeover.

Example scenario:

DNS: customer1.example.com → customer1.s3.amazonaws.com
You delete customer1 bucket but forget the DNS.
Attacker registers customer1 bucket and owns customer1.example.com.

🧪 How to Detect Subdomain Takeover in Symfony

1️⃣ Use Our Free Website Security Checker Tool

Our Website Vulnerability Scanner automatically scans for dangling DNS records, misconfigured subdomains, and other vulnerabilities.

➡️ Screenshot of our tool homepage:

Screenshot of the free tools webpage where you can access security assessment tools.

➡️ Sample vulnerability report to check Website Vulnerability:

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

Run your domain now: 🌐 https://free.pentesttesting.com/

2️⃣ Manual Check with Symfony and DNS

You can loop through your subdomain records and check for dangling services with Symfony:

use Symfony\Component\HttpClient\HttpClient;

$subdomains = [
    'customer1.example.com',
    'customer2.example.com',
];
$client = HttpClient::create();
foreach ($subdomains as $subdomain) {
    try {
        $response = $client->request('GET', 'http://' . $subdomain);
        $statusCode = $response->getStatusCode();
        if ($statusCode === 404) {
            echo "Possible takeover: $subdomain\n";
        } else {
            echo "OK: $subdomain ($statusCode)\n";
        }
    } catch (\Exception $e) {
        echo "Error checking $subdomain: {$e->getMessage()}\n";
    }
}

3️⃣ Symfony Console Command for Regular Scans

Add a Symfony Command to automate checks:

// src/Command/CheckSubdomainsCommand.php

namespace App\Command;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\HttpClient\HttpClient;
class CheckSubdomainsCommand extends Command
{
    protected static $defaultName = 'app:check-subdomains';
    protected function execute(InputInterface $input, OutputInterface $output): int
    {
        $client = HttpClient::create();
        $subdomains = [
            'customer1.example.com',
            'customer2.example.com',
        ];
        foreach ($subdomains as $subdomain) {
            try {
                $response = $client->request('GET', 'http://' . $subdomain);
                $statusCode = $response->getStatusCode();
                if ($statusCode === 404) {
                    $output->writeln("<error>Possible takeover: $subdomain</error>");
                } else {
                    $output->writeln("<info>OK: $subdomain ($statusCode)</info>");
                }
            } catch (\Exception $e) {
                $output->writeln("<comment>Error checking $subdomain: {$e->getMessage()}</comment>");
            }
        }
        return Command::SUCCESS;
    }
}

Run with:

php bin/console app:check-subdomains

🛡️ Preventive Tips

✅ Remove unused DNS records when deleting tenants. ✅ Regularly scan DNS zones for orphaned CNAME/A records. ✅ Use NXDOMAIN and 410 HTTP responses for deleted subdomains.

📈 Explore Our Related Services

🔗 Web Application Penetration Testing

For a deep-dive professional assessment of your web apps, including subdomain takeover tests, check our Web App Penetration Testing Services.

🤝 Offer Cybersecurity Services to Your Clients

If you're an agency or MSP, you can white-label or resell our cybersecurity expertise to your clients. Details here: ➡️ Offer Cybersecurity Services

📬 Stay Updated

We regularly publish guides and insights like this on Medium and LinkedIn. 👉 Subscribe to our newsletter: Subscribe on LinkedIn

Final Words

By proactively checking for subdomain takeover in your Symfony applications, you protect your customers and your brand from avoidable risks. Automate these checks with Symfony commands and complement your efforts with tools like our free scanner.

Have questions? Drop them in the comments, or connect with us on LinkedIn.

Happy secure coding!

#cybersecurity #vulnerability #penetration-testing #symfony #subdomain-takeover