id: gohire-takeover

info:
  name: GoHire Takeover Detection
  author: philippedelteil
  severity: high
  reference:
    - https://github.com/EdOverflow/can-i-take-over-xyz/issues/403
  metadata:
    max-request: 1
  tags: takeover,gohire

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - Host != ip

      - type: word
        part: body
        words:
          - 'You may have followed an invalid link or the job you are looking for has been archived'

      - type: status
        status:
          - 404
# digest: 490a0046304402204f44da86889c616cf2b3196d930ed7be82e7776bf8c94b5c026d538b2ac1632a0220492bbc32c0310565248ae8cb06b828c52710ef50977055553862690c15381f93:922c64590222798bb761d5b6d8e72950