Closed thepoorhacker closed 3 months ago
Thanks for opening an issue, I'll revisit and get the check updated!
Feel free to put in a PR if you want the contributor badge :)
Hello Simon,
I'm sorry for the late reply, It appears that we have to send a HTTP request to this endpoint:
https://hostname_goes_here/launchpad/v1/info.json
if it returns this:
{"errors":["Unable to determine installationID from domain"]}
then the domain is not connected to any teamwork account.
I hope this helps.
Should have a fix for this now :)
Hello, it looks like the teamwork signature (https://github.com/punk-security/dnsReaper/blob/main/signatures/teamwork.py) used to detect teamwork subdomain takeover is not accurate and is giving false positives, dnsReaper reported a confirmed subdomain takeover vulnerability, but upon visiting the site I just got redirected to login panel.