Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New services and some fixes #141

Merged
merged 1 commit into from
Apr 12, 2020
Merged

New services and some fixes #141

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,16 +36,18 @@ A list of services that can be checked (although check for duplicates against th
Engine | Status | Fingerprint | Discussion | Documentation
--------------------------------------------- | -------------- | ----------------------------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------
Airee.ru | Vulnerable | | [Issue #104](https://github.com/EdOverflow/can-i-take-over-xyz/issues/104) |
Anima | Vulnerable | `If this is your website and you've just created it, try refreshing in a minute` | [Issue #126](https://github.com/EdOverflow/can-i-take-over-xyz/issues/126) | [Anima Documentation](https://docs.animaapp.com/v1/launchpad/08-custom-domain.html)
Akamai | Not vulnerable | | [Issue #13](https://github.com/EdOverflow/can-i-take-over-xyz/issues/13) |
AWS/S3 | Vulnerable | `The specified bucket does not exist` | [Issue #36](https://github.com/EdOverflow/can-i-take-over-xyz/issues/36)
Bitbucket | Vulnerable | `Repository not found` |
Campaign Monitor | Vulnerable | 'Trying to access your account?' | | [Support Page](https://help.campaignmonitor.com/custom-domain-names)
Campaign Monitor | Vulnerable | `Trying to access your account?` | | [Support Page](https://help.campaignmonitor.com/custom-domain-names)
Cargo Collective | Vulnerable | `404 Not Found` | | [Cargo Support Page](https://support.2.cargocollective.com/Using-a-Third-Party-Domain)
Cloudfront | Not vulnerable | ViewerCertificateException | [Issue #29](https://github.com/EdOverflow/can-i-take-over-xyz/issues/29) | [Domain Security on Amazon CloudFront](https://aws.amazon.com/blogs/networking-and-content-delivery/continually-enhancing-domain-security-on-amazon-cloudfront/)
Desk | Not vulnerable | `Please try again or try Desk.com free for 14 days.` | [Issue #9](https://github.com/EdOverflow/can-i-take-over-xyz/issues/9)
Digital Ocean | Vulnerable | Domain uses DO name serves with no records in DO. | | |
Fastly | Edge case | `Fastly error: unknown domain:` | [Issue #22](https://github.com/EdOverflow/can-i-take-over-xyz/issues/22)
Feedpress | Vulnerable | `The feed has not been found.` | [HackerOne #195350](https://hackerone.com/reports/195350)
Firebase | Not vulnerable | | [Issue #128](https://github.com/EdOverflow/can-i-take-over-xyz/issues/128) |
Fly.io | Vulnerable | `404 Not Found` | [Issue #101](https://github.com/EdOverflow/can-i-take-over-xyz/issues/101)
Freshdesk | Not vulnerable | || [Freshdesk Support Page](https://support.freshdesk.com/support/solutions/articles/37590-using-a-vanity-support-url-and-pointing-the-cname)
Ghost | Vulnerable | `The thing you were looking for is no longer here, or never was` |
Expand All @@ -56,28 +58,31 @@ HatenaBlog | vulnerable | `404 Blog is not found`
Help Juice | Vulnerable | `We could not find what you're looking for.` | | [Help Juice Support Page](https://help.helpjuice.com/34339-getting-started/custom-domain)
Help Scout | Vulnerable | `No settings were found for this company:` | | [HelpScout Docs](https://docs.helpscout.net/article/42-setup-custom-domain)
Heroku | Edge case | `No such app` | [Issue #38](https://github.com/EdOverflow/can-i-take-over-xyz/issues/38)
Instapage | Not vulnerable | | [Issue #73](https://github.com/EdOverflow/can-i-take-over-xyz/issues/73) | |
Intercom | Vulnerable | `Uh oh. That page doesn't exist.` | [Issue #69](https://github.com/EdOverflow/can-i-take-over-xyz/issues/69) | [Help center](https://www.intercom.com/help/)
JetBrains | Vulnerable | `is not a registered InCloud YouTrack` | | [YouTrack InCloud Help Page](https://www.jetbrains.com/help/youtrack/incloud/Domain-Settings.html)
Key CDN | Not Vulnerable | | [Issue #112](https://github.com/EdOverflow/can-i-take-over-xyz/issues/112) |
Key CDN | Not vulnerable | | [Issue #112](https://github.com/EdOverflow/can-i-take-over-xyz/issues/112) |
Kinsta | Vulnerable | `No Site For Domain` |[Issue #48](https://github.com/EdOverflow/can-i-take-over-xyz/issues/48) | [kinsta-add-domain](https://kinsta.com/knowledgebase/add-domain/)
LaunchRock | Vulnerable | `It looks like you may have taken a wrong turn somewhere. Don't worry...it happens to all of us.` |[Issue #74](https://github.com/EdOverflow/can-i-take-over-xyz/issues/74) |
Mashery | Edge Case | `Unrecognized domain` | [HackerOne #275714](https://hackerone.com/reports/275714), [Issue #14](https://github.com/EdOverflow/can-i-take-over-xyz/issues/14)
Microsoft Azure | Vulnerable | | [Issue #35](https://github.com/EdOverflow/can-i-take-over-xyz/issues/35) |
Netlify | Edge Case | | [Issue #40](https://github.com/EdOverflow/can-i-take-over-xyz/issues/40) |
Ngrok | Vulnerable | `Tunnel *.ngrok.io not found` | [Issue #92](https://github.com/EdOverflow/can-i-take-over-xyz/issues/92) | [Ngrok Documentation](https://ngrok.com/docs#http-custom-domains)
Pantheon | Vulnerable | `404 error unknown site!` |[Issue #24](https://github.com/EdOverflow/can-i-take-over-xyz/issues/24) | [Pantheon-Sub-takeover](https://medium.com/@hussain_0x3c/hostile-subdomain-takeover-using-pantheon-ebf4ab813111)
Readme.io | Vulnerable | `Project doesnt exist... yet!` | [Issue #41](https://github.com/EdOverflow/can-i-take-over-xyz/issues/41)
Sendgrid | Not vulnerable | |
Shopify | Edge Case | `Sorry, this shop is currently unavailable.` |[Issue #32](https://github.com/EdOverflow/can-i-take-over-xyz/issues/32), [Issue #46](https://github.com/EdOverflow/can-i-take-over-xyz/issues/46)| [Medium Article](https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75)
SmartJobBoard | Vulnerable | `This job board website is either expired or its domain name is invalid.` | [Issue #139](https://github.com/EdOverflow/can-i-take-over-xyz/issues/139) | [Support Page](https://help.smartjobboard.com/en/articles/1269655-connecting-a-custom-domain-name)
Squarespace | Not vulnerable | |
Statuspage | Vulnerable | Visiting the subdomain will redirect users to https://www.statuspage.io. | [PR #105](https://github.com/EdOverflow/can-i-take-over-xyz/pull/105) | [Statuspage documentation](https://help.statuspage.io/knowledge_base/topics/domain-ownership) |
Strikingly | Vulnerable | `page not found` |[Issue #58](https://github.com/EdOverflow/can-i-take-over-xyz/issues/58) | [Strikingly-Sub-takeover](https://medium.com/@sherif0x00/takeover-subdomains-pointing-to-strikingly-5e67df80cdfd)
Surge.sh | Vulnerable | `project not found` || [Surge Documentation](https://surge.sh/help/adding-a-custom-domain)
Tumblr | Edge Case | `Whatever you were looking for doesn't currently exist at this address` |
Tilda | Edge Case | `Please renew your subscription` | [PR #20](https://github.com/EdOverflow/can-i-take-over-xyz/pull/20)
Unbounce | Not vulnerable | `The requested URL was not found on this server.` | [Issue #11](https://github.com/EdOverflow/can-i-take-over-xyz/issues/11)
Unbounce | Edge Case | `The requested URL was not found on this server.` | [Issue #11](https://github.com/EdOverflow/can-i-take-over-xyz/issues/11)
Uptimerobot | Vulnerable | `page not found` |[Issue #45](https://github.com/EdOverflow/can-i-take-over-xyz/issues/45) | [Uptimerobot-Sub-takeover](https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/)
UserVoice | Vulnerable | `This UserVoice subdomain is currently available!` |
Webflow | Edge Case | |[Issue #44](https://github.com/EdOverflow/can-i-take-over-xyz/issues/44) |[forum webflow](https://forum.webflow.com/t/hosting-a-subdomain-on-webflow/59201)
Webflow | Edge Case | `The page you are looking for doesn't exist or has been moved.` |[Issue #44](https://github.com/EdOverflow/can-i-take-over-xyz/issues/44) |[forum webflow](https://forum.webflow.com/t/hosting-a-subdomain-on-webflow/59201)
Wordpress | Vulnerable | `Do you want to register *.wordpress.com?` |
WP Engine | Not vulnerable | |
Zendesk | Not Vulnerable | `Help Center Closed` | [Issue #23](https://github.com/EdOverflow/can-i-take-over-xyz/issues/23) | [Zendesk Support](https://support.zendesk.com/hc/en-us/articles/203664356-Changing-the-address-of-your-Help-Center-subdomain-host-mapping-)
Zendesk | Not vulnerable | `Help Center Closed` | [Issue #23](https://github.com/EdOverflow/can-i-take-over-xyz/issues/23) | [Zendesk Support](https://support.zendesk.com/hc/en-us/articles/203664356-Changing-the-address-of-your-Help-Center-subdomain-host-mapping-)