nuclei-templates/http/miscellaneous/rdap-whois.yaml

106 lines
2.8 KiB
YAML
Raw Normal View History

id: rdap-whois
2023-08-24 23:44:31 +00:00
info:
name: RDAP WHOIS
author: ricardomaia,sttlr
severity: info
2023-08-24 23:44:31 +00:00
description: |
RDAP (Registration Data Access Protocol) is a standard defined by the IETF to replace the whois protocol
in queries for information about Internet resource records such as domain names, IP addresses, and ASNs.
reference:
- https://about.rdap.org/
2023-08-24 23:44:31 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
max-request: 1
verified: true
2023-09-04 11:39:42 +00:00
tags: whois,rdap,osint,misc
2023-08-24 23:44:31 +00:00
http:
- method: GET
path:
- "https://www.rdap.net/domain/{{Host}}"
redirects: true
max-redirects: 3
matchers:
- type: status
status:
- 200
2023-08-24 23:44:31 +00:00
extractors:
- type: json
part: body
name: status
2023-08-24 23:44:31 +00:00
json:
- '.status[]'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: registrationDate
json:
- '.events[] | select(.eventAction == "registration").eventDate'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: lastChangeDate
json:
- '.events[] | select(.eventAction == "last changed").eventDate'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: expirationDate
json:
- '.events[] | select(.eventAction == "expiration").eventDate'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: registrantName
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "fn") | .[-1]'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: registrantOrg
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "org") | .[-1]'
- type: json
part: body
name: registrantEmail
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "email") | .[-1]'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: registrantPhone
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "tel") | .[-1]'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: registrantAddress
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "adr") | .[-1][] | select(. != "")'
2023-08-24 23:44:31 +00:00
- type: json
part: body
name: registrantCountry
json:
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "adr") | .[-1][-1]'
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: nameServers
json:
- '.nameservers[] | .ldhName'
2023-08-24 23:44:31 +00:00
- type: json
2023-08-24 23:44:31 +00:00
part: body
name: secureDNS
json:
- '.secureDNS.delegationSigned // false'