Merge pull request #1922 from alifathi-h1/master

Added Herokuapp Detection
patch-1
Sandeep Singh 2021-07-10 22:23:00 +05:30 committed by GitHub
commit 2d3ed8daff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 0 deletions

View File

@ -0,0 +1,19 @@
id: herokuapp-detect
info:
name: Detect websites using Herokuapp endpoints
author: alifathi-h1
severity: info
tags: heroku,tech
description: Detected endpoints might be vulnerable to subdomain takeover or disclose sensitive info
requests:
- method: GET
path:
- "{{BaseURL}}"
extractors:
- type: regex
part: body
regex:
- "[a-z0-9.-]+\\.herokuapp\\.com"