softr-takeover: Softr.io Takeover Detection

id: softr-takeover

info:
  name: Softr.io Takeover Detection
  author: philippedelteil
  severity: high
  reference:
    - https://github.com/EdOverflow/can-i-take-over-xyz/issues/352
    - https://docs.softr.io/custom-domain-and-publishing/9qTmU2Lj8Gnpr1Ue6dEAkX/add-a-custom-domain-to-your-app/93K5bLJN3n91MRo9uRGdAf
  metadata:
    max-request: 1
  tags: takeover,softr,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - Host != ip

      - type: word
        words:
          - 'The application you were looking for was built on Softr'
          - 'Get started with Softr'
        condition: and

      - type: status
        status:
          - 404

    extractors:
      - type: dsl
        dsl:
          - cname
# digest: 4a0a00473045022062fde4736c9db70e99b575524d6d70d4b80d100b426215782b1b99c2a6e8d29f02210081e9bbad3e328edc20484fcdfb041ba53a100a11a8bd1937cc3d2a6f7aed071a:922c64590222798bb761d5b6d8e72950