haccer / subjack

Subdomain Takeover tool written in Go
Apache License 2.0
1.91k stars 337 forks source link

bitly giving false positives #20

Closed AnotherWayIn closed 5 years ago

AnotherWayIn commented 6 years ago

Hey, Subjack looks for "Hey There, This Is A Branded Short Domain." but bitly shows this regardless of whether the Branded short domain is available.

e.g. go.jet.com is flagged as vulnerable but you can't register it. https://bitly.com/pages/landing/branded-short-domains-powered-by-bitly?bsd=go.jet.com

Thanks

ehsandeep commented 6 years ago

Hi,

This is the case where manual verification is necessary and this can not be automated by the tool, so I think for this specific or similar cases only the wordings need to be updated, let's say Possible takeover, manual verification is required.