nuclei-templates/http/miscellaneous/rdap-whois.yaml

105 lines
3.0 KiB
YAML
Raw Permalink Normal View History

id: rdap-whois
2023-08-24 23:44:31 +00:00
info:
name: RDAP WHOIS
author: ricardomaia,sttlr
severity: info
2023-08-24 23:44:31 +00:00
description: |
RDAP (Registration Data Access Protocol) is a standard defined by the IETF to replace the whois protocol
in queries for information about Internet resource records such as domain names, IP addresses, and ASNs.
reference:
- https://about.rdap.org/
2023-08-24 23:44:31 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
2023-10-14 11:27:55 +00:00
cvss-score: 0
2023-08-24 23:44:31 +00:00
cwe-id: CWE-200
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 1
2024-01-14 09:21:50 +00:00
tags: miscellaneous,whois,rdap,osint,misc
2023-08-24 23:44:31 +00:00
http:
- method: GET
path:
- "https://www.rdap.net/domain/{{Host}}"
redirects: true
max-redirects: 3
matchers:
- type: status
status:
- 200
2023-08-24 23:44:31 +00:00
extractors:
- type: json
part: body
name: status
2023-08-24 23:44:31 +00:00
json:
- '.status[]'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: registrationDate
json:
- '.events[] | select(.eventAction == "registration").eventDate'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: lastChangeDate
json:
- '.events[] | select(.eventAction == "last changed").eventDate'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: expirationDate
json:
- '.events[] | select(.eventAction == "expiration").eventDate'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: registrantName
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "fn") | .[-1]'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: registrantOrg
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "org") | .[-1]'
- type: json
part: body
name: registrantEmail
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "email") | .[-1]'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: registrantPhone
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "tel") | .[-1]'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: registrantAddress
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "adr") | .[-1][] | select(. != "")'
2023-08-24 23:44:31 +00:00
- type: json
part: body
name: registrantCountry
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "adr") | .[-1][-1]'
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: nameServers
json:
- '.nameservers[] | .ldhName'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: secureDNS
json:
- '.secureDNS.delegationSigned // false'
# digest: 4a0a00473045022100da4861d87282b414d2f7cb32ed394492c5748ab3c8b727cdc900b4ff45afd45c022021a743aba5ff7daabb05d039e88bf6b78f76f69862e08fb9b68dbd4f98c0666b:922c64590222798bb761d5b6d8e72950