id: surge-takeover

info:
  name: surge takeover detection
  author: pdteam
  severity: high
  description: surge takeover was detected.
  reference:
    - https://github.com/EdOverflow/can-i-take-over-xyz/issues/198
  metadata:
    max-request: 1
  tags: takeover

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - Host != ip

      - type: word
        words:
          - project not found

      - type: status
        status:
          - 404
    extractors:
      - type: dsl
        dsl:
          - "resolve(Host, 'cname')"

# digest: 4a0a004730450221008687ea9c91087816fda6cde6f2654de22d64f00f4452d3c150919a3d02c09d80022010aceb815c267cd65a6a2d4a9e2632b00ab2724596e2edaa4f816b872406f809:922c64590222798bb761d5b6d8e72950