-
Recon/OSINT tools usually involve a lot more than just Hosts/IP/Subdomains
I'd consider including:
- Email Address
- Examples:
- Sites found with address
- PGP keys
- URL
…
-
The vercel subdomain takeover has been patched, and can no longer be exploited.
### Nuclei Version:
9.5.7
### Template file:
/http/takeovers/vercel-takeover.yaml
### Command to reproduc…
-
### Nuclei Version: v9.8.1
### Template file: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/takeovers/shopify-takeover.yaml
### Command to reproduce: Any
…
-
### Template Information:
Subdomain takeover template: https://github.com/projectdiscovery/nuclei-templates/blob/8b2bc8ab8ef801d4342bb4ec4fedb5460296da29/subdomain-takeover/detect-all-takeovers.yam…
-
## netlify
## https://medium.com/@alirazzaq/subdomain-takeover-worth-200-ed73f0a58ffe
## Documentation
-
The attacker here used an un-ethical way to exploit Unbounce which is resolved now as far as I believe.
https://github.com/EdOverflow/can-i-take-over-xyz#unbounce
-
## Service name
Vercel
## Proof
Successful subdomain takeover on a harvard.edu subdomain (screenshot).
![proof-vercel](https://user-images.githubusercontent.com/40786065/101316778-f7d68d00-387e-11…
-
**Tldr;** The trigger for this bug is the nmap udp scan. If nmap scans already exists and the udp scans complete, the first data is discarded. During the standup it was mentioned that this was due to …
-
Fastly will work only in some specific situations. In some cases they validate the customer domain before assign the fastly.net subdomain.
https://docs.fastly.com/guides/securing-communications/man…
-
This warning is misleading:
While it's not absolutely required to add the TXT record, it's highly recommended for security. The TXT record is a domain verification ID that helps avoid subdomain tak…