From 8306559987fc93162dec15696935dfcac53db2a3 Mon Sep 17 00:00:00 2001
From: Duarte Duarte <duarte.duarte@blip.pt>
Date: Wed, 2 Jan 2019 16:19:46 +0000
Subject: [PATCH] Add Edgecast and Squarespace to takeover detections

---
 agents/url_takeover_detector.go | 44 +++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/agents/url_takeover_detector.go b/agents/url_takeover_detector.go
index 7d24bab..b5d3076 100644
--- a/agents/url_takeover_detector.go
+++ b/agents/url_takeover_detector.go
@@ -151,6 +151,14 @@ func (a *URLTakeoverDetector) runDetectorFunctions(u *url.URL) {
 	if a.detectPantheon(u.String(), addrs, cname, string(body)) {
 		return
 	}
+
+	if a.detectEdgecastCDN(u.String(), addrs, cname, string(body)) {
+		return
+	}
+
+	if a.detectSquarespace(u.String(), addrs, cname, string(body)) {
+		return
+	}
 }
 
 func (a *URLTakeoverDetector) detectGithubPages(u string, addrs []string, cname string, body string) bool {
@@ -426,3 +434,39 @@ func (a *URLTakeoverDetector) detectPantheon(u string, addrs []string, cname str
 	}
 	return true
 }
+
+func (a *URLTakeoverDetector) detectEdgecastCDN(u string, addrs []string, cname string, body string) bool {
+	if !strings.HasSuffix(cname, ".edgecastcdn.net") {
+		return false
+	}
+	a.session.AddTagToResponsiveURL(u, "EdgecastCDN", "info", "https://www.verizondigitalmedia.com")
+	if strings.Contains(body, "404 - Not Found") {
+		a.session.AddTagToResponsiveURL(u, "Domain Takeover", "danger", "https://www.verizondigitalmedia.com/platform/edgecast-cdn/")
+	}
+	return true
+}
+
+func (a *URLTakeoverDetector) detectSquarespace(u string, addrs []string, cname string, body string) bool {
+	detected := false
+	_, subnet1, _ := net.ParseCIDR("198.49.23.0/24")
+	_, subnet2, _ := net.ParseCIDR("198.185.159.0/24")
+
+	for _, addr := range addrs {
+		ip := net.ParseIP(addr)
+		if ip != nil && (subnet1.Contains(ip) || subnet2.Contains(ip)) {
+			detected = true
+			break
+		}
+	}
+	if strings.HasSuffix(cname, ".squarespace.com.") {
+		detected = true
+	}
+	if detected {
+		a.session.AddTagToResponsiveURL(u, "Squarespace", "info", "https://www.squarespace.com/")
+		if strings.Contains(body, "Squarespace - Claim This Domain") {
+			a.session.AddTagToResponsiveURL(u, "Domain Takeover", "danger", "https://support.squarespace.com/hc/en-us/articles/115002755267")
+		}
+		return true
+	}
+	return false
+}