Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

netlify takeover detection

By kannthu

Vidoc logoVidoc Module

What is the "netlify takeover detection?"

The "netlify takeover detection" module is designed to detect potential takeover vulnerabilities in websites hosted on the Netlify platform. Takeover vulnerabilities occur when an attacker gains control over a subdomain or domain that is no longer in use or misconfigured. This module focuses on identifying instances where the website returns a "Not Found - Request ID:" message in the response body and includes the "Netlify" header in the response. The severity of this vulnerability is classified as high.

This module was authored by 0xPrial and pdteam.


A successful takeover of a Netlify-hosted website can allow an attacker to gain unauthorized access and potentially manipulate the content or redirect traffic to malicious sites. This can lead to reputational damage, loss of sensitive data, and potential harm to users who interact with the compromised website.

How does the module work?

The "netlify takeover detection" module works by sending HTTP requests to the target website and analyzing the responses based on specific matching conditions. The module checks for the presence of the "Netlify" header in the response, indicating that the website is hosted on the Netlify platform. It also looks for the "Not Found - Request ID:" message in the response body, which suggests a potential misconfiguration or inactive subdomain.

Here is an example of an HTTP request that the module may send:

GET / HTTP/1.1

The module uses a combination of matching conditions, including the presence of the "Netlify" header and the specific response message, to determine if a potential takeover vulnerability exists. If a match is found, the module will report the vulnerability for further investigation and remediation.

Module preview

Concurrent Requests (0)
Passive global matcher
dsl: Host != ipand
word: Not Found - Request ID:and
word: Netlify
On match action
Report vulnerability