Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

login domains #5

Open
tomhung opened this issue Apr 8, 2014 · 5 comments
Open

login domains #5

tomhung opened this issue Apr 8, 2014 · 5 comments

Comments

@tomhung
Copy link

tomhung commented Apr 8, 2014

Just because the main domain is safe does not mean the domain they use for their logins/secure area is safe.
@musalbas
Copy link
Owner

musalbas commented Apr 8, 2014

That is true.

@janbrennen
Copy link

Or, vice versa: currently yahoo.com is vulnerable, whereas mail.yahoo.com no longer is

@range
Copy link

range commented Apr 10, 2014

On the other hand only SLDs are tested and might not have SSL enabled, while subdomains do have SSL enabled and might be vulnerable. I found that while checking for our domain, which is listed as "no SSL", while our www. and other subdomains actually do have SSL enabled.

@musalbas
Copy link
Owner

Indeed, the main inaccuracy of this scan is that subdomains weren't tested. I should have also tested www.*, but it is a little too late for that as 70%+ of the sites found to be vulnerable in the first scan are no longer vulnerable.

I stated in the readme: 'Please note that subdomains aren't tested, so sites that don't have SSL on their main domain will appear as "no SSL"'.

@tomhung
Copy link
Author

tomhung commented Apr 10, 2014

How about a list of the top 10,000 login urls!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tomhung @range @janbrennen @musalbas