diff --git a/dns/spf-record-detect.yaml b/dns/spf-record-detect.yaml new file mode 100644 index 0000000000..3dca6d7520 --- /dev/null +++ b/dns/spf-record-detect.yaml @@ -0,0 +1,23 @@ +id: spf-record + +info: + name: SPF Record Detected + author: rxerium + severity: info + description: An SPF TXT record was detected + reference: + - https://www.mimecast.com/content/how-to-create-an-spf-txt-record + tags: dns,spf + +dns: + - name: "{{FQDN}}" + type: TXT + matchers: + - type: word + words: + - "v=spf1" + + extractors: + - type: regex + regex: + - "v=spf1(.+)" \ No newline at end of file