id: aws-redirect

info:
  name: Subdomain takeover AWS S3
  author: manikanta a.k.a @secureitmania
  severity: info
  reference:
    - https://link.medium.com/fgXKJHR9P7
  metadata:
    max-request: 1
  tags: aws,takeover,misconfig

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    redirects: false

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 307

      - type: word
        words:
          - 'Location: https://aws.amazon.com/s3/'
        part: header

# digest: 490a00463044022038d49c43c034741635f5906995d2086bea2c3ccb11f7ac3989e134be6dad6c4c0220240bbd1c05f5f3e7da66d82eb890b742893949997923f19c220f83a45fe5640c:922c64590222798bb761d5b6d8e72950