diff --git a/subdomain-takeover/detect-all-takeovers.yaml b/subdomain-takeover/detect-all-takeovers.yaml new file mode 100644 index 0000000000..9a463a21d7 --- /dev/null +++ b/subdomain-takeover/detect-all-takeovers.yaml @@ -0,0 +1,38 @@ +id: detect-all-takeovers + +info: + name: Subdomain takeover finder + author: pxmme1337 + severity: high + + # update this list with new takeovers matchers + # do not delete other template files for takeover + +requests: + - method: GET + path: + - "{{BaseURL}}/" + matchers-condition: or + matchers: + - type: word + name: pantheon.io + words: + - "The gods are wise, but do not know of the site which you seek." + - type: word + name: aws-s3-bucket + words: + - "The specified bucket does not exist" + - type: word + name: anima + words: + - "If this is your website and you've just created it, try refreshing in a minute" + - type: word + name: ghost + words: + - "The thing you were looking for is no longer here, or never was" + - type: regex + name: worksites + regex: + - "(?:Company Not Found|you’re looking for doesn’t exist)" + part: body +