id: herokuapp-detect

info:
  name: Detect websites using Herokuapp endpoints
  author: alifathi-h1
  severity: info
  description: Detected endpoints might be vulnerable to subdomain takeover or disclose sensitive info
  metadata:
    max-request: 1
  tags: heroku,tech

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: body
        regex:
          - "[a-z0-9.-]+\\.herokuapp\\.com"

# digest: 490a0046304402201c37a0dbda40da36d8d29875c1027f9eda0fea8818986e65cbfbd242de2cf5d202206f35a8afa6d636cbb492ec9a2bbd64a463c23599725cf1db5bdf376dbac40975:922c64590222798bb761d5b6d8e72950