Change Github pages confidence level

punk-security / dnsReaper

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

GNU Affero General Public License v3.0

2.03k stars 167 forks source link

Change Github pages confidence level #153

Closed KarahanGuner closed 1 year ago

KarahanGuner commented 1 year ago

I was running a scan today and the scanner found a result with confidence level "CONFIRMED" on a subdomain that was using Github pages. Github pages are no longer vulnerable except for edge cases. I tried to take over the subdomain but Github asked me to confirm that the domain was mine by adding a DNS TXT record.

SimonGurney commented 1 year ago

Sorry for the slow reply.

This one confuses me as we've never had this experience. We actually used GitHub pages takeovers in a CTF and had 10+ players successfully perform a takeover.

The DNS check happens, but if the takeover has been done correctly then the DNS check should pass

KarahanGuner commented 1 year ago

No worries for the late reply. You guys are creating great tools and I am sure you are busy. dnsReaper definitely gives some false positives but that's alright. I think it is better to have false positives than to miss out on vulnerabilities. Even though Github subdomain takeovers are an edge case at this point takeovers are still possible. I advise against my initial opinion. It should stay as CONFIRMED.