Internet-wide scans
There is a project that can show us CNAME resolution on the internet to follow the takeover as it happens. The link to the project is as follows: https://scans.io/.
Detecting possibly affected domains
In order to find vulnerable domains, there is a process we can follow published by the researcher Patrick Hudak.
Patrick Hudak describes the first step as generating a list to define a scope. Usually, this scope is defined in the Bounty program – after that, we enumerate all of the possible domains.
Sub-domain enumeration can be performed using Amass. Amass is a tool created by the OWASP project to obtain sub-domain names from different sources. Amass uses the collected IP addresses to discover netblocks and ASNs.
To use Amass, you need to launch the searchers from the command line in the system, as shown in the following snippet:
$ amass -d bigshot.beet$ amass -src -ip -brute -min-for-recursive 3 -d example.com[Google] www.bigshot.bet[VirusTotal] ns.bigshot.beet...13139 names...