Go to https://virustotal.com.
Click on search section enter domain and click on search.
Now wait for a sec and click on relations there you will find all Subdomains.
Copy it directly!
Now visit httpstatus.io.
Visualise as a Desktop site.
Paste all Subdomains there and click on “Check Status”
Now you will see “All status code” option click there and select 404 one.
Now all response with 404 will be listed there check each and every subdomain by visiting one by one.
Now check the response of website like “What’s the error” and “How it’s giving response after visiting”
Does it’s showing page of any third party service?
If yes then open termux or any terminal and use dig command =>
Dig -t <domain>
( We are using dig command to gather DNS Information )
Now Check the CNAME where it is pointing.
You can also use Google admin dig toolbox https://toolbox.googleapps.com/apps/dig/
Now visit this gitHub repo https://github.com/EdOverflow/can-i-take-over-xyzand check if that particular service is vulnerable or not.
That’s all!! If it’s vulnerable then you can takeover. If in repo it’s showing that it’s not Vulnerable then think out of the box.