[SignatureBot] Add or update signature nucleitemplates_jazzhr-takeover.yml

blacklanternsecurity / baddns

Check subdomains for subdomain takeovers and other DNS tomfoolery

GNU General Public License v3.0

96 stars 5 forks source link

[SignatureBot] Add or update signature nucleitemplates_jazzhr-takeover.yml #331

Closed liquidsec closed 7 months ago

liquidsec commented 1 year ago

Add or update signature: nucleitemplates_jazzhr-takeover.yml

This PR adds or updates the follow signature:

identifiers:
  cnames: []
  ips: []
  nameservers: []
  not_cnames: []
matcher_rule:
  matchers:
  - dsl:
    - Host != ip
    type: dsl
  - condition: and
    part: body
    type: word
    words:
    - This account no longer active
  matchers-condition: and
mode: http
service_name: jazzhr takeover detection
source: nucleitemplates

liquidsec commented 1 year ago

Test results:

Signature Pass: true :heavy_check_mark:

liquidsec commented 1 year ago

string too generic without cname, needs research

liquidsec commented 7 months ago

Test results:

Signature Pass: false :x:

Match Table:

Domain	Match
jazzhr.com	false

Error: **No CNAMES passed random subdomain matcher validation**

liquidsec commented 7 months ago

Appears to no longer be vulnerable. Tests were definitely passing before, but aren't now. Manual tests also indicate no longer vulnerable.