id: herokuapp-detect

info:
  name: Detect websites using Herokuapp endpoints
  author: alifathi-h1
  severity: info
  description: Detected endpoints might be vulnerable to subdomain takeover or disclose sensitive info
  tags: heroku,tech

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: body
        regex:
          - "[a-z0-9.-]+\\.herokuapp\\.com"