SimonGurney
commented
1 year ago Yeah so this is prone to false positives and hugely slow. I tested the project discovery domains and found nothing genuine, closing this down.
Closed SimonGurney closed 1 year ago
SimonGurney
commented
1 year ago Yeah so this is prone to false positives and hugely slow. I tested the project discovery domains and found nothing genuine, closing this down.
There is a takeover vector which doesnt get as much love, which is when the website resolves and provides a web response but includes a js file from an old unregistered domain. If we register the domain, we can provide our own JS file and execute arbitrary javascript on the page. This leads to full website takeover via redirect etc.
I think we can parse out the js files using beautiful soup