id: herokuapp-detect

info:
  name: Detect websites using Herokuapp endpoints
  author: alifathi-h1,righettod
  severity: info
  description: Detected endpoints might be vulnerable to subdomain takeover or disclose sensitive info
  metadata:
    max-request: 1
  tags: heroku,tech

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: body
        regex:
          - "[a-z0-9.-]+\\.herokuapp\\.com"
          - "[a-z0-9.-]+\\.herokucdn\\.com"
# digest: 4a0a00473045022019060c7c12cd369d01ace5809c3741a16cfa048e73fa86885482bd5d28ff1875022100e7c9f7960f61af1180c927cac9e3f43e2ec2d661bc9b5860960f7a4ea8c805b9:922c64590222798bb761d5b6d8e72950