Teamwork signature for subdomain takeover is giving false positives

punk-security / dnsReaper

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

GNU Affero General Public License v3.0

1.93k stars 150 forks source link

Teamwork signature for subdomain takeover is giving false positives #170

Closed thepoorhacker closed 3 months ago

thepoorhacker commented 8 months ago

Hello, it looks like the teamwork signature (https://github.com/punk-security/dnsReaper/blob/main/signatures/teamwork.py) used to detect teamwork subdomain takeover is not accurate and is giving false positives, dnsReaper reported a confirmed subdomain takeover vulnerability, but upon visiting the site I just got redirected to login panel.

SimonGurney commented 8 months ago

Thanks for opening an issue, I'll revisit and get the check updated!

Feel free to put in a PR if you want the contributor badge :)

thepoorhacker commented 8 months ago

Hello Simon, I'm sorry for the late reply, It appears that we have to send a HTTP request to this endpoint: https://hostname_goes_here/launchpad/v1/info.json if it returns this: {"errors":["Unable to determine installationID from domain"]} then the domain is not connected to any teamwork account. I hope this helps.

SimonGurney commented 3 months ago

Should have a fix for this now :)