id: aws-bucket-takeover

info:
  name: AWS Bucket Takeover Detection
  author: pdcommunity
  severity: high
  tags: takeover,aws
  reference: https://github.com/EdOverflow/can-i-take-over-xyz

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "The specified bucket does not exist"

      - type: dsl
        dsl:
          - contains(tolower(all_headers), 'x-guploader-uploadid')
        negative: true