diff --git a/dns/txt-service-detector.yaml b/dns/txt-service-detector.yaml new file mode 100644 index 0000000000..2d35ce1e51 --- /dev/null +++ b/dns/txt-service-detector.yaml @@ -0,0 +1,218 @@ +id: txt-service-detector + +info: + name: DNS TXT Service Detector + author: rxerium + severity: info + description: Template to detect services associated with a domain through TXT records. + reference: + - https://www.abenezer.ca/blog/services-companies-use-txt-records?ref=upstract.com + metadata: + max-request: 1 + tags: dns,txt + +dns: + - name: "{{FQDN}}" + type: TXT + + matchers-condition: or + matchers: + - type: word + name: "Keybase" + words: + - "keybase-site-verification" + + - type: word + name: "Proton Mail" + words: + - "protonmail-verification" + + - type: word + name: "Webex" + words: + - "webexdomainverification" + + - type: word + name: "Apple" + words: + - "apple-domain-verification" + + - type: word + name: "Facebook" + words: + - "facebook-domain-verification" + + - type: word + name: "Autodesk" + words: + - "autodesk-domain-verification" + + - type: word + name: "Stripe" + words: + - "stripe-verification" + + - type: word + name: "Atlassian" + words: + - "atlassian-domain-verification" + + - type: word + name: "Adobe Sign" + words: + - "adobe-sign-verification" + + - type: word + name: "Zoho" + words: + - "zoho-verification" + + - type: word + name: "Have I been Pwned" + words: + - "have-i-been-pwned-verification" + + - type: word + name: "KnowBe4" + words: + - "knowbe4-site-verification" + + - type: word + name: "Jamf" + words: + - "jamf-site-verification" + + - type: word + name: "Parallels" + words: + - "parallels-domain-verification" + + - type: word + name: "Dropbox" + words: + - "dropbox-domain-verification" + + - type: word + name: "VMWare Cloud" + words: + - "vmware-cloud-verification" + + - type: word + name: "Canva" + words: + - "canva-site-verification" + + - type: word + name: "MongoDB" + words: + - "mongodb-site-verification" + + - type: word + name: "Slack" + words: + - "slack-domain-verification" + + - type: word + name: "TeamViewer" + words: + - "teamviewer-sso-verification" + + - type: word + name: "Bugcrowd" + words: + - "bugcrowd-verification" + + - type: word + name: "Cisco" + words: + - "cisco-site-verification" + + - type: word + name: "Palo Alto Networks" + words: + - "paloaltonetworks-site-verification" + + - type: word + name: "Twilio" + words: + - "twilio-domain-verification" + + - type: word + name: "Dell Technologies" + words: + - "dell-technologies-domain-verification" + + - type: word + name: "1password" + words: + - "1password-site-verification" + + - type: word + name: "Duo" + words: + - "duo_sso_verification" + + - type: word + name: "Sophos" + words: + - "sophos-domain-verification" + + - type: word + name: "Pinterest" + words: + - "pinterest-site-verification" + + - type: word + name: "Citrix" + words: + - "citrix-verification-code" + + - type: word + name: "Zapier" + words: + - "zapier-domain-verification-challenge" + + - type: word + name: "Uber" + words: + - "uber-domain-verification" + + - type: word + name: "Zoom" + words: + - "zoom-domain-verification" + + - type: word + name: "Lastpass" + words: + - "lastpass-verification-code" + + - type: word + name: "Google Workspace" + words: + - "google-site-verification" + + - type: word + name: "Flexera" + words: + - "flexera-domain-verification" + + - type: word + name: "Yandex" + words: + - "yandex-verification" + + - type: word + name: "Calendly" + words: + - "calendly-site-verification" + + - type: word + name: "Docusign" + words: + - "docusign" + + - type: word + name: "Whimsical" + words: + - "whimsical" \ No newline at end of file