-
### Required Terms
- [X] I agree to follow this project's [Code of Conduct](https://github.com/heroku/roadmap/blob/main/CODE_OF_CONDUCT.md)
- [X] I have read and accept the [Salesforce Program Agreem…
-
I forked the repo & was about to make changes to the docs because various settings aren't listed;
https://django-csp.readthedocs.io/en/latest/configuration.html
Examples of missing settings;
##…
-
See https://discord.com/channels/841390338324824096/1145053170800799824
Identified by user jesgo2OOK
I've documented the vulnerability I found in a secret github gist as a full report, and I ask…
-
I have a list of subdomains that I wanted to check in a single column csv text file on Windows. I downloaded Subdominator.exe on my Windows 11 machine.
dev> .\Subdominator.exe -l subs.csv
0/0 doma…
-
There appears to be a bug in the takeover process for Elastic Beanstalk. When creating an Elastic Beanstalk environment, you have the option to either specify your own domain or let Elastic Beanstalk …
-
AWS finally started mitigating subdomain takeovers on CloudFront. When you try to register Alias (CNAME) for your CloudFront distribution, it refuses to do so if the DNS zone file has CNAME to differe…
-
What kind of signatures does `takeover` expect? I lack information about what to provide it with exactly.
-
"windows.net" domains, including subdomains not on the can i takeover xyz list, are frequently erroneously reporting as vulnerable.
Examples:
origin.mediaservices.windows.net
pas.windows.net
g…
-
Add a module for dealing with dangling cname records. This can allow for service based takeovers. For example:
-domain.com is a thing
-blog.domain.com has ns record that defer to a service, like w…
-
# Bug Report
## Problem
Apple just announced that iOS 14 will enable "Intelligent Tracking Prevention" (ITP) by default in WKWebView. This issue is open for discussion around that and possible w…