id: wordpress-takeover

info:
  name: WordPress takeover detection
  author: pdcommunity & geeknik
  severity: high
  tags: takeover,wordpress
  reference: https://github.com/EdOverflow/can-i-take-over-xyz

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    redirects: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Do you want to register'

      - type: regex
        regex:
          - "[a-zA-Z0-9][a-zA-Z0-9-_]*\\.)*[a-zA-Z0-9]*[a-zA-Z0-9-_]*[[a-zA-Z0-9].wordpress.com"