23 lines
688 B
YAML
23 lines
688 B
YAML
id: herokuapp-detect
|
|
|
|
info:
|
|
name: Detect websites using Herokuapp endpoints
|
|
author: alifathi-h1,righettod
|
|
severity: info
|
|
description: Detected endpoints might be vulnerable to subdomain takeover or disclose sensitive info
|
|
metadata:
|
|
max-request: 1
|
|
tags: heroku,tech
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "[a-z0-9.-]+\\.herokuapp\\.com"
|
|
- "[a-z0-9.-]+\\.herokucdn\\.com"
|
|
# digest: 4a0a00473045022019060c7c12cd369d01ace5809c3741a16cfa048e73fa86885482bd5d28ff1875022100e7c9f7960f61af1180c927cac9e3f43e2ec2d661bc9b5860960f7a4ea8c805b9:922c64590222798bb761d5b6d8e72950 |