nuclei-templates/dns/dns-saas-service-detection....

437 lines
9.6 KiB
YAML
Raw Permalink Normal View History

id: dns-saas-service-detection
2022-12-21 05:28:37 +00:00
info:
2022-12-22 16:02:20 +00:00
name: DNS SaaS Service Detection
author: noah @thesubtlety,pdteam
2022-12-21 05:28:37 +00:00
severity: info
description: A CNAME DNS record was discovered
2022-12-22 16:02:20 +00:00
reference:
- https://ns1.com/resources/cname
- https://www.theregister.com/2021/02/24/dns_cname_tracking/
- https://www.ionos.com/digitalguide/hosting/technical-matters/cname-record/
metadata:
max-request: 1
tags: dns,service
2022-12-21 05:28:37 +00:00
dns:
- name: "{{FQDN}}"
type: CNAME
2022-12-21 22:44:27 +00:00
extractors:
- type: dsl
dsl:
- cname
2022-12-21 22:44:27 +00:00
2022-12-21 05:28:37 +00:00
matchers-condition: or
matchers:
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 08:46:09 +00:00
name: ms-office
2022-12-21 05:28:37 +00:00
words:
- outlook.com
- office.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: azure
2022-12-21 05:28:37 +00:00
words:
- "azure-api.net"
- "azure.com"
- "azure-mobile.net"
- "azurecontainer.io"
- "azurecr.io"
- "azuredatalakestore.net"
- "azureedge.net"
- "azurefd.net"
- "azurehdinsight.net"
- "azurewebsites.net"
- "azurewebsites.windows.net"
- "blob.core.windows.net"
- "cloudapp.azure.com"
- "cloudapp.net"
- "database.windows.net"
- "redis.cache.windows.net"
- "search.windows.net"
- "servicebus.windows.net"
- "visualstudio.com"
- "-msedge.net"
- "msappproxy.net"
2022-12-21 05:28:37 +00:00
- "trafficmanager.net"
2022-12-22 08:46:09 +00:00
2022-12-21 05:28:37 +00:00
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-21 05:28:37 +00:00
name: zendesk
words:
- "zendesk.com"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-21 05:28:37 +00:00
name: announcekit
words:
- "cname.announcekit.app"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-21 05:28:37 +00:00
name: wix
words:
- "wixdns.net"
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: akamai-cdn
2022-12-21 05:28:37 +00:00
words:
- akadns.net
- akagtm.org
- akahost.net
- akam.net
- akamai.com
- akamai.net
- akamaiedge-staging.net
- akamaiedge.net
- akamaientrypoint.net
- akamaihd.net
- akamaistream.net
- akamaitech.net
- akamaitechnologies.com
- akamaitechnologies.fr
- akamaized.net
- akaquill.net
- akasecure.net
- akasripcn.net
- edgekey.net
- edgesuite.net
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: cloudflare-cdn
2022-12-21 05:28:37 +00:00
words:
- cloudflare.net
- cloudflare-dm-cmpimg.com
- cloudflare-ipfs.com
- cloudflare-quic.com
- cloudflare-terms-of-service-abuse.com
- cloudflare.com
- cloudflare.net
- cloudflare.tv
- cloudflareaccess.com
- cloudflareclient.com
- cloudflareinsights.com
- cloudflareok.com
- cloudflareportal.com
- cloudflareresolve.com
- cloudflaressl.com
- cloudflarestatus.com
- sn-cloudflare.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: amazon-cloudfront
2022-12-21 05:28:37 +00:00
words:
- cloudfront.net
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: salesforce
2022-12-21 05:28:37 +00:00
words:
- salesforce.com
- siteforce.com
- force.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: amazon-aws
2022-12-21 05:28:37 +00:00
words:
- amazonaws.com
- elasticbeanstalk.com
- awsglobalaccelerator.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: fastly-cdn
2022-12-21 05:28:37 +00:00
words:
- fastly.net
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: netlify
2022-12-21 05:28:37 +00:00
words:
- netlify.app
- netlify.com
- netlifyglobalcdn.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: vercel
2022-12-21 05:28:37 +00:00
words:
- vercel.app
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: sendgrid
2022-12-21 05:28:37 +00:00
words:
- sendgrid.net
- sendgrid.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: qualtrics
2022-12-21 05:28:37 +00:00
words:
- qualtrics.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: heroku
2022-12-21 05:28:37 +00:00
words:
- herokuapp.com
- herokucdn.com
- herokudns.com
- herokussl.com
- herokuspace.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: gitlab
2022-12-21 05:28:37 +00:00
words:
- gitlab.com
- gitlab.io
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: perforce-akana
2022-12-21 05:28:37 +00:00
words:
- akana.com
- apiportal.akana.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: skilljar
2022-12-21 05:28:37 +00:00
words:
- skilljarapp.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: datagrail
2022-12-21 05:28:37 +00:00
words:
- datagrail.io
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: platform.sh
2022-12-21 05:28:37 +00:00
words:
- platform.sh
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: folloze
2022-12-21 05:28:37 +00:00
words:
- folloze.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: pendo-receptive
2022-12-21 05:28:37 +00:00
words:
- receptive.io
- pendo.io
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: discourse
2022-12-21 05:28:37 +00:00
words:
- bydiscourse.com
- discourse-cdn.com
- discourse.cloud
- discourse.org
- hosted-by-discourse.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: adobe-marketo
2022-12-21 05:28:37 +00:00
words:
- marketo.com
- marketo.co.uk
- mktoweb.com
- mktossl.com
- mktoweb.com
2023-09-29 15:10:50 +00:00
- type: word
part: answer
2023-10-14 11:27:55 +00:00
name: adobe-marketo - 'mkto-.{5,8}\.com'
2022-12-21 05:28:37 +00:00
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: adobe-marketo
2022-12-21 05:28:37 +00:00
words:
- marketo.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: rock-content
2022-12-21 05:28:37 +00:00
words:
- postclickmarketing.com
- rockcontent.com
- rockstage.io
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: rocketlane
2022-12-21 05:28:37 +00:00
words:
- rocketlane.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: webflow
2022-12-21 05:28:37 +00:00
words:
- proxy-ssl.webflow.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: stacker-hq
2022-12-21 05:28:37 +00:00
words:
- stacker.app
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: hubspot
2022-12-21 05:28:37 +00:00
words:
- hs-analytics.net
- hs-banner.com
- hs-scripts.com
- hsappstatic.net
- hscollectedforms.net
- hscoscdn00.net
- hscoscdn10.net
- hscoscdn20.net
- hscoscdn30.net
- hscoscdn40.net
- hsforms.com
- hsforms.net
- hubapi.com
- hubspot.com
- hubspot.es
- hubspot.net
- hubspotemail.net
- hubspotlinks.com
- hubspotusercontent-na1.net
- sidekickopen90.com
- usemessages.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: gitbook
2022-12-21 05:28:37 +00:00
words:
- gitbook.com
- gitbook.io
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: google-firebase
2022-12-21 05:28:37 +00:00
words:
- fcm.googleapis.com
- firebase.com
- firebase.google.com
- firebase.googleapis.com
- firebaseapp.com
- firebaseappcheck.googleapis.com
- firebasedynamiclinks-ipv4.googleapis.com
- firebasedynamiclinks-ipv6.googleapis.com
- firebasedynamiclinks.googleapis.com
- firebaseinappmessaging.googleapis.com
- firebaseinstallations.googleapis.com
- firebaseio.com
- firebaselogging-pa.googleapis.com
- firebaselogging.googleapis.com
- firebaseperusertopics-pa.googleapis.com
- firebaseremoteconfig.googleapis.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: zendesk
2022-12-21 05:28:37 +00:00
words:
- zdassets.com
- zdorigin.com
2023-10-14 11:27:55 +00:00
- "zendesk.com"
2022-12-21 05:28:37 +00:00
- zopim.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: imperva
2022-12-21 05:28:37 +00:00
words:
- incapdns.net
- incapsula.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-21 05:28:37 +00:00
name: proofpoint
words:
- infoprtct.com
- metanetworks.com
- ppe-hosted.com
- pphosted.com
- proofpoint.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: q4-investor-relations
2022-12-21 05:28:37 +00:00
words:
- q4inc.com
- q4ir.com
- q4web.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: google-hosted
2022-12-21 05:28:37 +00:00
words:
- appspot.com
- cloudfunctions.net
- ghs.googlehosted.com
- ghs4.googlehosted.com
- ghs46.googlehosted.com
- ghs6.googlehosted.com
- googlehosted.com
- googlehosted.l.googleusercontent.com
- run.app
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: wp-engine
2022-12-21 05:28:37 +00:00
words:
- wpengine.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: github
2022-12-21 05:28:37 +00:00
words:
- github.com
- github.io
- githubusercontent.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: ghost
2022-12-21 05:28:37 +00:00
words:
- ghost.io
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: digital-ocean
2022-12-21 05:28:37 +00:00
words:
- ondigitalocean.app
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: typedream
2022-12-21 05:28:37 +00:00
words:
- ontypedream.com
- type: word
2023-09-29 15:10:50 +00:00
part: answer
2022-12-22 16:02:20 +00:00
name: oracle-eloqua-marketing
2022-12-21 05:28:37 +00:00
words:
- hs.eloqua.com
2023-08-05 08:36:36 +00:00
- type: regex
2023-09-29 15:10:50 +00:00
part: answer
2023-08-05 08:36:36 +00:00
regex:
2023-09-29 15:10:50 +00:00
- "IN\tCNAME\\t(.+)$"
- "IN\\s*CNAME\\t(.+)$"
# digest: 490a0046304402205694ac1cba58232ec715831e94086da7081a9b756f86016358b1347a1a340787022040615d63a66787d706d2be8b3f13cead87f7278c471091a7783bfab4e4fa2aef:922c64590222798bb761d5b6d8e72950