397 lines
9.7 KiB
YAML
397 lines
9.7 KiB
YAML
|
id: detect-all-takeovers
|
|||
|
|
|
|||
|
|
info:
|
|||
|
name: Subdomain Takeover Detection
|
|||
|
author: "melbadry9 & pxmme1337 & geeknik"
|
|||
|
|
severity: high
|
|||
|
|
|
|||
|
|
# Update this list with new takeovers matchers
|
|||
|
|
# Do not delete other template files for takeover
|
|||
|
|
# https://github.com/EdOverflow/can-i-take-over-xyz
|
|||
|
|
# You need to claim the subdomain / CNAME of the subdomain to confirm the takeover.
|
|||
|
|
# Do not report subdomain takeover issues only based on detection.
|
|||
|
|
# Total number of services #72
|
|||
|
|
|
|||
|
|
requests:
|
|||
|
|
- method: GET
|
|||
|
|
path:
|
|||
|
|
- "{{BaseURL}}/"
|
|||
|
|
matchers-condition: or
|
|||
|
|
|||
|
|
matchers:
|
|||
|
|
- type: word
|
|||
|
name: acquia
|
|||
|
|
words:
|
|||
|
|
- If you are an Acquia Cloud customer and expect to see your site at this address
|
|||
|
|
- The site you are looking for could not be found.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: agilecrm
|
|||
|
|
words:
|
|||
|
|
- Sorry, this page is no longer available.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: airee
|
|||
|
|
words:
|
|||
|
|
- Ошибка 402. Сервис Айри.рф не оплачен
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: aftership
|
|||
|
|
words:
|
|||
|
|
- Oops.</h2><p class="text-muted text-tight">The page you're looking for doesn't
|
|||
|
|
exist.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: aha
|
|||
|
|
words:
|
|||
|
|
- There is no portal here ... sending you back to Aha!
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: anima
|
|||
|
|
words:
|
|||
|
|
- "If this is your website and you've just created it, try refreshing in a minute"
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: aws-bucket
|
|||
|
|
words:
|
|||
|
|
- "The specified bucket does not exist"
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: bigcartel
|
|||
|
|
words:
|
|||
|
|
- "<h1>Oops! We couldn’t find that page.</h1>"
|
|||
|
|
|
|||
|
- type: word
|
|||
|
|
name: bitbucket
|
|||
|
|
words:
|
|||
|
|
- The page you have requested does not exist
|
|||
|
|
- Repository not found
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: brightcove
|
|||
|
|
words:
|
|||
|
|
- '<p class="bc-gallery-error-code">Error Code: 404</p>'
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: campaignmonitor
|
|||
|
|
words:
|
|||
|
|
- "<strong>Trying to access your account?</strong>"
|
|||
|
|
- or <a href="mailto:help@createsend.com
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: canny
|
|||
|
|
words:
|
|||
|
|
- Company Not Found
|
|||
|
|
- There is no such company. Did you enter the right URL?
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: cargo
|
|||
|
|
words:
|
|||
|
|
- If you're moving your domain away from Cargo you must make this configuration
|
|||
|
|
through your registrar's DNS control panel.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: cargocollective
|
|||
|
|
words:
|
|||
|
- <div class="notfound">
|
|||
|
|
- 404 Not Found<br>
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: fastly
|
|||
|
|
words:
|
|||
|
|
- "Fastly error: unknown domain:"
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: feedpress
|
|||
|
|
words:
|
|||
|
|
- The feed has not been found.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: frontify
|
|||
|
|
words:
|
|||
|
|
- 404 - Page Not Found
|
|||
|
|
- Oops… looks like you got lost
|
|||
|
|
condition: and
|
|||
|
|
part: body
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: gemfury
|
|||
|
|
words:
|
|||
|
|
- "404: This page could not be found."
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: getresponse
|
|||
|
|
words:
|
|||
|
|
- With GetResponse Landing Pages, lead generation has never been easier
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: ghost
|
|||
|
|
words:
|
|||
|
|
- The thing you were looking for is no longer here
|
|||
|
|
- The thing you were looking for is no longer here, or never was
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: github
|
|||
|
|
words:
|
|||
|
|
- There isn't a GitHub Pages site here.
|
|||
|
|
- For root URLs (like http://example.com/) you must provide an index.html file
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: hatenablog
|
|||
|
|
words:
|
|||
|
|
- 404 Blog is not found
|
|||
|
|
- Sorry, we can't find the page you're looking for.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: helpjuice
|
|||
|
|
words:
|
|||
|
|
- We could not find what you're looking for.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: helprace
|
|||
|
|
words:
|
|||
|
|
- Alias not configured!
|
|||
|
|
- Admin of this Helprace account needs to set up domain alias
|
|||
|
|
- "(see Step 2 here: Using your own domain with Helprace)."
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: helpscout
|
|||
|
|
words:
|
|||
|
|
- "No settings were found for this company:"
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: heroku
|
|||
|
|
words:
|
|||
|
|
- There's nothing here, yet.
|
|||
|
|
- herokucdn.com/error-pages/no-such-app.html
|
|||
|
|
- "<title>No such app</title>"
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: hubspot
|
|||
|
|
words:
|
|||
|
|
- Domain not found
|
|||
|
|
- does not exist in our system
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: intercom
|
|||
|
|
words:
|
|||
|
|
- This page is reserved for artistic dogs.
|
|||
|
|
- <h1 class="headline">Uh oh. That page doesn’t exist.</h1>
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: jazzhr
|
|||
|
|
words:
|
|||
|
|
- This account no longer active
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: jetbrains
|
|||
|
|
words:
|
|||
|
|
- is not a registered InCloud YouTrack.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: kinsta
|
|||
|
|
words:
|
|||
|
|
- No Site For Domain
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: landingi
|
|||
|
|
words:
|
|||
|
|
- It looks like you're lost
|
|||
|
|
- The page you are looking for is not found
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: launchrock
|
|||
|
|
words:
|
|||
|
|
- It looks like you may have taken a wrong turn somewhere. Don't worry...it happens
|
|||
|
|
to all of us.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: mashery
|
|||
|
|
words:
|
|||
|
|
- Unrecognized domain <strong>
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: ngrok
|
|||
|
|
words:
|
|||
|
|
- ngrok.io not found
|
|||
|
|
- Tunnel *.ngrok.io not found
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: pantheon.io
|
|||
|
|
words:
|
|||
|
|
- "The gods are wise, but do not know of the site which you seek."
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: pingdom
|
|||
|
|
words:
|
|||
|
|
- Public Report Not Activated
|
|||
|
|
- This public report page has not been activated by the user
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: proposify
|
|||
|
|
words:
|
|||
|
|
- If you need immediate assistance, please contact <a href="mailto:support@proposify.biz
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: readme
|
|||
|
|
words:
|
|||
|
|
- Project doesnt exist... yet!
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: shopify
|
|||
|
|
words:
|
|||
|
|
- "Sorry, this shop is currently unavailable."
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: simplebooklet
|
|||
|
|
words:
|
|||
|
|
- We can't find this <a href="https://simplebooklet.com
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: smartjob
|
|||
|
|
words:
|
|||
|
|
- Job Board Is Unavailable
|
|||
|
|
- This job board website is either expired
|
|||
|
|
- This job board website is either expired or its domain name is invalid.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: smartling
|
|||
|
|
words:
|
|||
|
|
- Domain is not configured
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: smugmug
|
|||
|
|
words:
|
|||
|
|
- '{"text":"Page Not Found"'
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: strikingly
|
|||
|
|
words:
|
|||
|
|
- But if you're looking to build your own website
|
|||
|
|
- you've come to the right place.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: surge
|
|||
|
|
words:
|
|||
|
|
- project not found
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: surveygizmo
|
|||
|
|
words:
|
|||
|
|
- data-html-name
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: tave
|
|||
|
|
words:
|
|||
|
|
- "<h1>Error 404: Page Not Found</h1>"
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: teamwork
|
|||
|
|
words:
|
|||
|
|
- Oops - We didn't find your site.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: tictail
|
|||
|
|
words:
|
|||
|
|
- Building a brand of your own?
|
|||
|
|
- 'to target URL: <a href="https://tictail.com'
|
|||
|
|
- Start selling on Tictail.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: tilda
|
|||
|
|
words:
|
|||
|
|
- Domain has been assigned
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: tumblr
|
|||
|
|
words:
|
|||
|
|
- Whatever you were looking for doesn't currently exist at this address.
|
|||
|
|
- There's nothing here.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: uberflip
|
|||
|
|
words:
|
|||
|
|
- "Non-hub domain, The URL you've accessed does not provide a hub."
|
|||
|
|
|
|||
|
|
- type: regex
|
|||
|
|
name: unbounce
|
|||
|
|
regex:
|
|||
|
|
- "^The requested URL was not found on this server.$"
|
|||
|
|
|
|||
|
|
- type: regex
|
|||
|
|
name: uptimerobot
|
|||
|
|
regex:
|
|||
|
|
- "^page not found$"
|
|||
|
|
|
|||
|
- type: word
|
|||
|
|
name: uservoice
|
|||
|
|
words:
|
|||
|
|
- This UserVoice subdomain is currently available!
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: vend
|
|||
|
|
words:
|
|||
|
|
- Looks like you've traveled too far into cyberspace.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: webflow
|
|||
|
|
words:
|
|||
|
|
- <p class="description">The page you are looking for doesn't exist or has been
|
|||
|
|
moved.</p>
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: wishpond
|
|||
|
|
words:
|
|||
|
|
- https://www.wishpond.com/404?campaign=true
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: wordpress
|
|||
|
|
words:
|
|||
|
|
- Do you want to register
|
|||
|
|
|
|||
|
|
- type: regex
|
|||
|
|
name: worksites
|
|||
|
|
regex:
|
|||
|
|
- "(?:Company Not Found|you’re looking for doesn’t exist)"
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: wufoo
|
|||
|
|
words:
|
|||
|
|
- Profile not found
|
|||
|
|
- Hmmm....something is not right.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: zendesk
|
|||
|
|
words:
|
|||
|
|
- this help center no longer exists
|
|||
|
|
|||
|
|
- type: word
|
|||
|
|
name: readthedocs
|
|||
|
|
words:
|
|||
|
|
- unknown to Read the Docs
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: tilda
|
|||
|
|
words:
|
|||
|
|
- <title>Please renew your subscription</title>
|
|||
|
|
- Please go to the site settings and put the domain name in the Domain tab.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: smart-jobboard
|
|||
|
|
words:
|
|||
|
- This job board website is either expired or its domain name is invalid.
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: netlify
|
|||
|
|
words:
|
|||
|
|
- "Not Found"
|
|||
|
|
- "server: Netlify"
|
|||
|
|
condition: and
|
|||
|
|
part: all
|
|||
|
|
|
|||
|
|
- type: word
|
|||
|
|
name: vercel
|
|||
|
|
words:
|
|||
|
|
- The deployment could not be found on Vercel.
|
|||
|
|
- DEPLOYMENT_NOT_FOUND
|
|||
|
|
condition: and
|