nuclei-templates/http/miscellaneous/rdap-whois.yaml

id: rdap-whois

info:
  name: RDAP WHOIS
  author: ricardomaia
  severity: info
  description: |
    RDAP (Registration Data Access Protocol) is a standard defined by the IETF to replace the whois protocol
    in queries for information about Internet resource records such as domain names, IP addresses, and ASNs.
  reference:
    - https://about.rdap.org/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0.0
    cwe-id: CWE-200
  metadata:
    max-request: 1
    verified: true
  tags: whois,rdap,osint,misc

http:
  - method: GET
    path:
      - "https://www.rdap.net/domain/{{Host}}"

    redirects: true
    max-redirects: 3
    extractors:
      - type: json
        part: body
        name: raw
        json:
          - "."

      - type: regex
        part: body
        name: domain
        group: 1
        regex:
          - '^{"objectClassName":"domain","handle":".*?","ldhName":"(.*?)"'

      - type: regex
        part: body
        name: legalRepresentative
        group: 1
        regex:
          - 'legalRepresentative":"(.*?)"'

      - type: regex
        part: body
        name: identifier
        group: 1
        regex:
          - 'identifier":"(.*?)"'

      - type: regex
        part: body
        name: email
        group: 1
        regex:
          - 'email",{},"text","(.*?)"'

      - type: regex
        part: body
        name: registrationDate
        group: 1
        regex:
          - '"eventAction":"registration","eventDate":"(.*?)"'

      - type: regex
        part: body
        name: lastChangeDate
        group: 1
        regex:
          - '"eventAction":"last changed","eventDate":"(.*?)"'

      - type: regex
        part: body
        name: expirationDate
        group: 1
        regex:
          - '"eventAction":"expiration","eventDate":"(.*?)"'

      - type: regex
        part: body
        name: nameServers
        group: 1
        regex:
          - 'nameserver","ldhName":"(.*?)"'

      - type: regex
        part: body
        name: secureDNS
        group: 1
        regex:
          - '"secureDNS":{"delegationSigned":(.*?)}'
Update and rename rdap.yaml to rdap-whois.yaml 2023-09-01 03:09:44 +00:00			`id: rdap-whois`
Misc RDAP WHOIS template 2023-08-24 23:44:31 +00:00
			`info:`
			`name: RDAP WHOIS`
Update and rename rdap.yaml to rdap-whois.yaml 2023-09-01 03:09:44 +00:00			`author: ricardomaia`
			`severity: info`
Misc RDAP WHOIS template 2023-08-24 23:44:31 +00:00			`description: \|`
			`RDAP (Registration Data Access Protocol) is a standard defined by the IETF to replace the whois protocol`
			`in queries for information about Internet resource records such as domain names, IP addresses, and ASNs.`
Update and rename rdap.yaml to rdap-whois.yaml 2023-09-01 03:09:44 +00:00			`reference:`
			`- https://about.rdap.org/`
Misc RDAP WHOIS template 2023-08-24 23:44:31 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N`
			`cvss-score: 0.0`
			`cwe-id: CWE-200`
			`metadata:`
			`max-request: 1`
Update and rename rdap.yaml to rdap-whois.yaml 2023-09-01 03:09:44 +00:00			`verified: true`
Update rdap-whois.yaml 2023-09-04 11:39:42 +00:00			`tags: whois,rdap,osint,misc`
Misc RDAP WHOIS template 2023-08-24 23:44:31 +00:00
			`http:`
			`- method: GET`
			`path:`
			`- "https://www.rdap.net/domain/{{Host}}"`

Update and rename rdap.yaml to rdap-whois.yaml 2023-09-01 03:09:44 +00:00			`redirects: true`
			`max-redirects: 3`
Misc RDAP WHOIS template 2023-08-24 23:44:31 +00:00			`extractors:`
			`- type: json`
			`part: body`
			`name: raw`
			`json:`
			`- "."`

			`- type: regex`
			`part: body`
			`name: domain`
			`group: 1`
			`regex:`
			`- '^{"objectClassName":"domain","handle":".?","ldhName":"(.?)"'`

			`- type: regex`
			`part: body`
			`name: legalRepresentative`
			`group: 1`
			`regex:`
			`- 'legalRepresentative":"(.*?)"'`

			`- type: regex`
			`part: body`
			`name: identifier`
			`group: 1`
			`regex:`
			`- 'identifier":"(.*?)"'`

			`- type: regex`
			`part: body`
			`name: email`
			`group: 1`
			`regex:`
			`- 'email",{},"text","(.*?)"'`

			`- type: regex`
			`part: body`
			`name: registrationDate`
			`group: 1`
			`regex:`
			`- '"eventAction":"registration","eventDate":"(.*?)"'`

			`- type: regex`
			`part: body`
			`name: lastChangeDate`
			`group: 1`
			`regex:`
			`- '"eventAction":"last changed","eventDate":"(.*?)"'`

			`- type: regex`
			`part: body`
			`name: expirationDate`
			`group: 1`
			`regex:`
			`- '"eventAction":"expiration","eventDate":"(.*?)"'`

			`- type: regex`
			`part: body`
			`name: nameServers`
			`group: 1`
			`regex:`
			`- 'nameserver","ldhName":"(.*?)"'`

			`- type: regex`
			`part: body`
			`name: secureDNS`
			`group: 1`
			`regex:`
			`- '"secureDNS":{"delegationSigned":(.*?)}'`