Closed KarahanGuner closed 1 year ago
SimonGurney
commented
1 year ago Sorry for the slow reply.
This one confuses me as we've never had this experience. We actually used GitHub pages takeovers in a CTF and had 10+ players successfully perform a takeover.
The DNS check happens, but if the takeover has been done correctly then the DNS check should pass
KarahanGuner
commented
1 year ago No worries for the late reply. You guys are creating great tools and I am sure you are busy. dnsReaper definitely gives some false positives but that's alright. I think it is better to have false positives than to miss out on vulnerabilities. Even though Github subdomain takeovers are an edge case at this point takeovers are still possible. I advise against my initial opinion. It should stay as CONFIRMED.
I was running a scan today and the scanner found a result with confidence level "CONFIRMED" on a subdomain that was using Github pages. Github pages are no longer vulnerable except for edge cases. I tried to take over the subdomain but Github asked me to confirm that the domain was mine by adding a DNS TXT record.