Gemfury Subdomain takeover

Hi Guys,

In this article, we will know about the steps to takeover subdomains which pointing to expired or not registered Gemfury service as I see that no one has written about this before.

What is Gemfury?

Gemfury is a hosted repository for public and private packages.

The beginning …

While testing subdomains of a private target @ Hackerone (let’s make it, I found one of there subdomain “” redirect me to

When I see it, I dig it and I found it pointed to “”.

The first thing I do when I find any subdomain may be vulnerable to subdomain takeover, I’m going to the great repository Can I takeover XYZ to see if there is any issue about my case, But my bad I didn’t find anything and after searching abut any writeup, I didn’t find any writeup talking about this issue.

I told my self, let’s register and see the document of this service and gotcha, It’s a free service and so easy to takeover its expired subdomain.

Steps to reproduce

  1. Go to and create new account
  2. Go to Settings > Domains ($YOUR_USERNAME/domains)
  3. You will see the add custom domain field, Just type the subdomain and click Add
  4. Go to the subdomain now and Gotcha 😀 it has been successfully taken.

See you later 😉


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s