2023-09-01 03:09:44 +00:00
|
|
|
id: rdap-whois
|
2023-08-24 23:44:31 +00:00
|
|
|
|
|
|
|
info:
|
|
|
|
name: RDAP WHOIS
|
2023-09-19 13:46:02 +00:00
|
|
|
author: ricardomaia,sttlr
|
2023-09-01 03:09:44 +00:00
|
|
|
severity: info
|
2023-08-24 23:44:31 +00:00
|
|
|
description: |
|
|
|
|
RDAP (Registration Data Access Protocol) is a standard defined by the IETF to replace the whois protocol
|
|
|
|
in queries for information about Internet resource records such as domain names, IP addresses, and ASNs.
|
2023-09-01 03:09:44 +00:00
|
|
|
reference:
|
|
|
|
- https://about.rdap.org/
|
2023-08-24 23:44:31 +00:00
|
|
|
classification:
|
|
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
2023-10-14 11:27:55 +00:00
|
|
|
cvss-score: 0
|
2023-08-24 23:44:31 +00:00
|
|
|
cwe-id: CWE-200
|
|
|
|
metadata:
|
2023-09-01 03:09:44 +00:00
|
|
|
verified: true
|
2023-10-14 11:27:55 +00:00
|
|
|
max-request: 1
|
2023-09-04 11:39:42 +00:00
|
|
|
tags: whois,rdap,osint,misc
|
2023-08-24 23:44:31 +00:00
|
|
|
|
|
|
|
http:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "https://www.rdap.net/domain/{{Host}}"
|
|
|
|
|
2023-09-01 03:09:44 +00:00
|
|
|
redirects: true
|
|
|
|
max-redirects: 3
|
2023-09-19 13:46:02 +00:00
|
|
|
matchers:
|
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|
|
|
|
|
2023-08-24 23:44:31 +00:00
|
|
|
extractors:
|
|
|
|
- type: json
|
|
|
|
part: body
|
2023-09-19 13:46:02 +00:00
|
|
|
name: status
|
2023-08-24 23:44:31 +00:00
|
|
|
json:
|
2023-09-19 13:46:02 +00:00
|
|
|
- '.status[]'
|
2023-08-24 23:44:31 +00:00
|
|
|
|
2023-09-19 13:46:02 +00:00
|
|
|
- type: json
|
2023-08-24 23:44:31 +00:00
|
|
|
part: body
|
2023-09-19 13:46:02 +00:00
|
|
|
name: registrationDate
|
|
|
|
json:
|
|
|
|
- '.events[] | select(.eventAction == "registration").eventDate'
|
2023-08-24 23:44:31 +00:00
|
|
|
|
2023-09-19 13:46:02 +00:00
|
|
|
- type: json
|
2023-08-24 23:44:31 +00:00
|
|
|
part: body
|
2023-09-19 13:46:02 +00:00
|
|
|
name: lastChangeDate
|
|
|
|
json:
|
|
|
|
- '.events[] | select(.eventAction == "last changed").eventDate'
|
2023-08-24 23:44:31 +00:00
|
|
|
|
2023-09-19 13:46:02 +00:00
|
|
|
- type: json
|
2023-08-24 23:44:31 +00:00
|
|
|
part: body
|
2023-09-19 13:46:02 +00:00
|
|
|
name: expirationDate
|
|
|
|
json:
|
|
|
|
- '.events[] | select(.eventAction == "expiration").eventDate'
|
2023-08-24 23:44:31 +00:00
|
|
|
|
2023-09-19 13:46:02 +00:00
|
|
|
- type: json
|
2023-08-24 23:44:31 +00:00
|
|
|
part: body
|
2023-09-19 13:46:02 +00:00
|
|
|
name: registrantName
|
|
|
|
json:
|
|
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "fn") | .[-1]'
|
2023-08-24 23:44:31 +00:00
|
|
|
|
2023-09-19 13:46:02 +00:00
|
|
|
- type: json
|
2023-08-24 23:44:31 +00:00
|
|
|
part: body
|
2023-09-19 13:46:02 +00:00
|
|
|
name: registrantOrg
|
|
|
|
json:
|
|
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "org") | .[-1]'
|
|
|
|
|
|
|
|
- type: json
|
|
|
|
part: body
|
|
|
|
name: registrantEmail
|
|
|
|
json:
|
|
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "email") | .[-1]'
|
2023-08-24 23:44:31 +00:00
|
|
|
|
2023-09-19 13:46:02 +00:00
|
|
|
- type: json
|
2023-08-24 23:44:31 +00:00
|
|
|
part: body
|
2023-09-19 13:46:02 +00:00
|
|
|
name: registrantPhone
|
|
|
|
json:
|
|
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "tel") | .[-1]'
|
2023-08-24 23:44:31 +00:00
|
|
|
|
2023-09-19 13:46:02 +00:00
|
|
|
- type: json
|
2023-08-24 23:44:31 +00:00
|
|
|
part: body
|
2023-09-19 13:46:02 +00:00
|
|
|
name: registrantAddress
|
|
|
|
json:
|
|
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "adr") | .[-1][] | select(. != "")'
|
2023-08-24 23:44:31 +00:00
|
|
|
|
2023-09-19 13:46:02 +00:00
|
|
|
- type: json
|
|
|
|
part: body
|
|
|
|
name: registrantCountry
|
|
|
|
json:
|
|
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "adr") | .[-1][-1]'
|
|
|
|
|
|
|
|
- type: json
|
2023-08-24 23:44:31 +00:00
|
|
|
part: body
|
|
|
|
name: nameServers
|
2023-09-19 13:46:02 +00:00
|
|
|
json:
|
|
|
|
- '.nameservers[] | .ldhName'
|
2023-08-24 23:44:31 +00:00
|
|
|
|
2023-09-19 13:46:02 +00:00
|
|
|
- type: json
|
2023-08-24 23:44:31 +00:00
|
|
|
part: body
|
|
|
|
name: secureDNS
|
2023-09-19 13:46:02 +00:00
|
|
|
json:
|
|
|
|
- '.secureDNS.delegationSigned // false'
|
2023-10-19 13:13:52 +00:00
|
|
|
# digest: 4b0a00483046022100ad80b6de8e6031b71c9ed3714fee31c4d47447bc27ca8b8e5784ef200f27c663022100ad31bbd079ecfe1ac91bdc0b590cff4bd93bac28cffd56abeb0db5ac43837f0b:922c64590222798bb761d5b6d8e72950
|