nuclei-templates/takeovers/subdomain-takeover.yaml

id: detect-all-takeovers

info:
  name: Subdomain Takeover Detection
  author: "melbadry9 & pxmme1337 & geeknik"
  severity: high
  tags: takeover

  # Update this list with new takeovers matchers
  # Do not delete other template files for takeover
  # https://github.com/EdOverflow/can-i-take-over-xyz
  # You need to claim the subdomain / CNAME of the subdomain to confirm the takeover.
  # Do not report subdomain takeover issues only based on detection.
  # Total number of services #72

requests:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers-condition: or

    matchers:
      - type: word
        name: acquia
        words:
          - If you are an Acquia Cloud customer and expect to see your site at this address
          - The site you are looking for could not be found.

      - type: word
        name: agilecrm
        words:
          - Sorry, this page is no longer available.

      - type: word
        name: airee
        words:
          - Ошибка 402. Сервис Айри.рф не оплачен

      - type: word
        name: aftership
        words:
          - Oops.</h2><p class="text-muted text-tight">The page you're looking for doesn't
            exist.

      - type: word
        name: aha
        words:
          - There is no portal here ... sending you back to Aha!

      - type: word
        name: anima
        words:
          - "If this is your website and you've just created it, try refreshing in a minute"

      - type: word
        name: aws-bucket
        words:
          - "The specified bucket does not exist"

      - type: word
        name: bigcartel
        words:
          - "<h1>Oops! We couldn&#8217;t find that page.</h1>"

      - type: word
        name: bitbucket
        words:
          - The page you have requested does not exist
          - Repository not found

      - type: word
        name: brightcove
        words:
          - '<p class="bc-gallery-error-code">Error Code: 404</p>'

      - type: word
        name: campaignmonitor
        words:
          - "<strong>Trying to access your account?</strong>"
          - or <a href="mailto:help@createsend.com

      - type: word
        name: canny
        words:
          - Company Not Found
          - There is no such company. Did you enter the right URL?

      - type: word
        name: cargo
        words:
          - If you're moving your domain away from Cargo you must make this configuration
            through your registrar's DNS control panel.

      - type: word
        name: cargocollective
        words:
          - <div class="notfound">
          - 404 Not Found<br>

      - type: word
        name: fastly
        words:
          - "Fastly error: unknown domain:"

      - type: word
        name: feedpress
        words:
          - The feed has not been found.

      - type: word
        name: frontify
        words:
          - 404 - Page Not Found
          - Oops… looks like you got lost
        condition: and
        part: body

      - type: word
        name: gemfury
        words:
          - "404: This page could not be found."

      - type: word
        name: getresponse
        words:
          - With GetResponse Landing Pages, lead generation has never been easier

      - type: word
        name: ghost
        words:
          - The thing you were looking for is no longer here
          - The thing you were looking for is no longer here, or never was

      - type: word
        name: github
        words:
          - There isn't a GitHub Pages site here.
          - For root URLs (like http://example.com/) you must provide an index.html file

      - type: word
        name: hatenablog
        words:
          - 404 Blog is not found
          - Sorry, we can't find the page you're looking for.

      - type: word
        name: helpjuice
        words:
          - We could not find what you're looking for.

      - type: word
        name: helprace
        words:
          - Alias not configured!
          - Admin of this Helprace account needs to set up domain alias
          - "(see Step 2 here: Using your own domain with Helprace)."

      - type: word
        name: helpscout
        words:
          - "No settings were found for this company:"

      - type: word
        name: heroku
        words:
          - There's nothing here, yet.
          - herokucdn.com/error-pages/no-such-app.html
          - "<title>No such app</title>"

      - type: word
        name: hubspot
        words:
          - Domain not found
          - does not exist in our system

      - type: word
        name: intercom
        words:
          - This page is reserved for artistic dogs.
          - <h1 class="headline">Uh oh. That page doesn’t exist.</h1>

      - type: word
        name: jazzhr
        words:
          - This account no longer active

      - type: word
        name: jetbrains
        words:
          - is not a registered InCloud YouTrack.

      - type: word
        name: kinsta
        words:
          - No Site For Domain

      - type: word
        name: landingi
        words:
          - It looks like you're lost
          - The page you are looking for is not found

      - type: word
        name: launchrock
        words:
          - It looks like you may have taken a wrong turn somewhere. Don't worry...it happens
            to all of us.

      - type: word
        name: mashery
        words:
          - Unrecognized domain <strong>

      - type: word
        name: ngrok
        words:
          - ngrok.io not found
          - Tunnel *.ngrok.io not found

      - type: word
        name: pantheon.io
        words:
          - "The gods are wise, but do not know of the site which you seek."

      - type: word
        name: pingdom
        words:
          - Public Report Not Activated
          - This public report page has not been activated by the user

      - type: word
        name: proposify
        words:
          - If you need immediate assistance, please contact <a href="mailto:support@proposify.biz

      - type: word
        name: readme
        words:
          - Project doesnt exist... yet!

      - type: word
        name: shopify
        words:
          - "Sorry, this shop is currently unavailable."
          - 'To finish setting up your new web address, go to your domain settings, click "Connect existing domain"'

      - type: word
        name: simplebooklet
        words:
          - We can't find this <a href="https://simplebooklet.com

      - type: word
        name: smartjob
        words:
          - Job Board Is Unavailable
          - This job board website is either expired
          - This job board website is either expired or its domain name is invalid.

      - type: word
        name: smartling
        words:
          - Domain is not configured

      - type: word
        name: smugmug
        words:
          - '{"text":"Page Not Found"'

      - type: word
        name: strikingly
        words:
          - But if you're looking to build your own website
          - you've come to the right place.

      - type: word
        name: surge
        words:
          - project not found

      - type: word
        name: surveygizmo
        words:
          - data-html-name

      - type: word
        name: tave
        words:
          - "<h1>Error 404: Page Not Found</h1>"

      - type: word
        name: teamwork
        words:
          - Oops - We didn't find your site.

      - type: word
        name: tictail
        words:
          - Building a brand of your own?
          - 'to target URL: <a href="https://tictail.com'
          - Start selling on Tictail.

      - type: word
        name: tilda
        words:
          - Domain has been assigned

      - type: word
        name: tumblr
        words:
          - Whatever you were looking for doesn't currently exist at this address.
          - There's nothing here.

      - type: word
        name: uberflip
        words:
          - "Non-hub domain, The URL you've accessed does not provide a hub."

      - type: regex
        name: unbounce
        regex:
          - "^The requested URL was not found on this server.$"

      - type: regex
        name: uptimerobot
        regex:
          - "^page not found$"

      - type: word
        name: uservoice
        words:
          - This UserVoice subdomain is currently available!

      - type: word
        name: vend
        words:
          - Looks like you've traveled too far into cyberspace.

      - type: word
        name: webflow
        words:
          - <p class="description">The page you are looking for doesn't exist or has been
            moved.</p>

      - type: word
        name: wishpond
        words:
          - https://www.wishpond.com/404?campaign=true

      - type: word
        name: wordpress
        words:
          - Do you want to register

      - type: regex
        name: worksites
        regex:
          - "(?:Company Not Found|you&rsquo;re looking for doesn&rsquo;t exist)"

      - type: word
        name: wufoo
        words:
          - Profile not found
          - Hmmm....something is not right.

      - type: word
        name: zendesk
        words:
          - this help center no longer exists

      - type: word
        name: readthedocs
        words:
          - unknown to Read the Docs

      - type: word
        name: tilda
        words:
          - <title>Please renew your subscription</title>
          - Please go to the site settings and put the domain name in the Domain tab.

      - type: word
        name: smart-jobboard
        words:
          - This job board website is either expired or its domain name is invalid.

      - type: word
        name: netlify
        words:
          - "Not Found"
          - "server: Netlify"
        condition: and
        part: all

      - type: word
        name: vercel
        words:
          - The deployment could not be found on Vercel.
          - DEPLOYMENT_NOT_FOUND
        condition: and