nuclei-templates/dns/dns-waf-detect.yaml

201 lines
3.9 KiB
YAML
Raw Permalink Normal View History

2021-05-31 07:04:09 +00:00
id: dns-waf-detect
info:
name: DNS WAF Detection
author: lu4nx
severity: info
description: A DNS WAF was detected.
classification:
cwe-id: CWE-200
metadata:
max-request: 2
2023-10-14 11:27:55 +00:00
tags: tech,waf,dns
2021-05-31 07:04:09 +00:00
dns:
- name: "{{FQDN}}"
type: CNAME
- name: "{{FQDN}}"
type: NS
matchers:
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: sanfor-shield
words:
- ".sangfordns.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: 360panyun
words:
- ".360panyun.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: baiduyun
words:
- ".yunjiasu-cdn.net"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: chuangyudun
words:
- ".365cyd.cn"
- ".cyudun.net"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: knownsec
words:
- ".jiashule.com"
- ".jiasule.org"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: huaweicloud
words:
- ".huaweicloudwaf.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: xinliuyun
words:
- ".ngaagslb.cn"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: chinacache
words:
- ".chinacache.net"
- ".ccgslb.net"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: nscloudwaf
words:
- ".nscloudwaf.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: wangsu
words:
- ".wsssec.com"
- ".lxdns.com"
- ".wscdns.com"
- ".cdn20.com"
- ".cdn30.com"
- ".ourplat.net"
- ".wsdvs.com"
- ".wsglb0.com"
- ".wswebcdn.com"
- ".wswebpic.com"
- ".wsssec.com"
- ".wscloudcdn.com"
- ".mwcloudcdn.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: qianxin
words:
- ".360safedns.com"
- ".360cloudwaf.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: baiduyunjiasu
words:
- ".yunjiasu-cdn.net"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: anquanbao
words:
- ".anquanbao.net"
- type: regex
name: aliyun
regex:
- '\.w\.kunlun\w{2,3}\.com'
- type: regex
name: aliyun-waf
regex:
- '\.aliyunddos\d+\.com'
- '\.aliyunwaf\.com'
- '\.aligaofang\.com'
- '\.aliyundunwaf\.com'
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: xuanwudun
words:
- ".saaswaf.com"
- ".dbappwaf.cn"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: yundun
words:
- ".hwwsdns.cn"
- ".yunduncname.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: knownsec-ns
words:
- ".jiasule.net"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: chuangyudun
words:
- ".365cyd.net"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: qianxin
words:
- ".360wzb.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: anquanbao
words:
- ".anquanbao.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: wangsu
words:
- ".chinanetcenter.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: baiduyunjiasue
words:
- ".ns.yunjiasu.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: chinacache
words:
- ".chinacache.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: cloudflare
words:
- "ns.cloudflare.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2021-05-31 07:04:09 +00:00
name: edns
words:
2023-10-14 11:27:55 +00:00
- ".iidns.com"
2024-05-08 08:51:34 +00:00
- type: word
part: answer
name: ksyun
words:
- ".ksyunwaf.com"
# digest: 490a00463044022005bf81b04ee9a74169b2ea8baf29b776c3da72d7bf13cdf16f62a84baa003daf0220758d7619504e7c6a45cc29f1e7f3c71f7cbba93b4444cf419ddc9b01d486d265:922c64590222798bb761d5b6d8e72950