ehsandeep
commented
3 years ago @soupnatzi,
About warning, nuclei remove duplicate entry before starting scans, you can confirm this locally with
wc -l your_list.txtsort -u your_list.txt | wc -labout missing valid takeover of heroku, here is defined template logic, you can confirm if it's a valid match or not.
If something is defined in the template and you see the same response with your target and still not getting a match, you can reach out to us on discord server with details so we can look more into it, if you see the problem and know the solution, feel free to update the template with PR.
Akokonunes
hi ,
nuclei is not fully finding vulnerable subdomain takeovers and not fully scanning all domains in a file list i on purpose place a domain vulnerable to heroku subdomain takeover in the file list.
running: first i get this warning which out of 600 domains it only gives output of only 6 or 7 domains it does not fully scan all domains.
nuclei -l /root/Desktop/subdomains-takeovers/domains.txt -t /root/nuclei-templates/subdomain-takeover/detect-all-takeovers.yaml
[WRN] Use with caution. You are responsible for your actions [WRN] Developers assume no liability and are not responsible for any misuse or damage. [WRN] Supplied input was automatically deduplicated (321 removed). [INF] Loading templates... [INF] [detect-all-takeovers] Subdomain Takeover Detection (@melbadry9 & pxmme1337) [high] [INF] Using 1 rules (1 templates, 0 workflows)
[detect-all-takeovers:thinkific] [http] https://domain.com/ [detect-all-takeovers:heroku] [http] https://domain.com/ [detect-all-takeovers:thinkific] [http] https://domain.com/ [detect-all-takeovers:thinkific] [http] https://domain.com/ [detect-all-takeovers:heroku] [http] https://domain.com/ [detect-all-takeovers:heroku] [http] https://domain.com/ [detect-all-takeovers:heroku] [http] https://domain.com/ [detect-all-takeovers:heroku] [http] https://domain.com/
is there something am doing wrong here?i doubted tho but would love to know the issue here.