Adds DNS-based Cloud WAF detect

2021-05-31 14:05:54 +08:00 · 2021-05-31 14:05:54 +08:00 · 470bb7ae21
parent 7e51302d1e
commit 470bb7ae21
1 changed files with 172 additions and 0 deletions
--- a/technologies/dns-based-waf-detect.yaml
+++ b/technologies/dns-based-waf-detect.yaml
@ -0,0 +1,172 @@
+id: dns-based-waf-detect
+
+info:
+  name: DNS-based WAF Detection
+  author: lu4nx
+  severity: info
+  tags: waf,tech, cloud
+
+dns:
+  - name: "{{FQDN}}"
+    type: A
+    recursion: true
+    retries: 5
+    class: inet
+    matchers:
+      - type: word
+        name: sanfor-shield
+        words:
+          - ".sangfordns.com"
+
+      - type: word
+        name: 360panyun
+        words:
+          - ".360panyun.com"
+
+      - type: word
+        name: baiduyun
+        words:
+          - ".yunjiasu-cdn.net"
+
+      - type: word
+        name: chuangyudun
+        words:
+          - ".365cyd.cn"
+          - ".cyudun.net"
+
+      - type: word
+        name: knownsec
+        words:
+          - ".jiashule.com"
+          - ".jiasule.org"
+
+      - type: word
+        name: huaweicloud
+        words:
+          - ".huaweicloudwaf.com"
+
+      - type: word
+        name: xinliuyun
+        words:
+          - ".ngaagslb.cn"
+
+      - type: word
+        name: chinacache
+        words:
+          - ".chinacache.net"
+          - ".ccgslb.net"
+
+      - type: word
+        name: nscloudwaf
+        words:
+          - ".nscloudwaf.com"
+
+      - type: word
+        name: wangsu
+        words:
+          - ".wsssec.com"
+          - ".lxdns.com"
+          - ".wscdns.com"
+          - ".cdn20.com"
+          - ".cdn30.com"
+          - ".ourplat.net"
+          - ".wsdvs.com"
+          - ".wsglb0.com"
+          - ".wswebcdn.com"
+          - ".wswebpic.com"
+          - ".wsssec.com"
+          - ".wscloudcdn.com"
+          - ".mwcloudcdn.com"
+
+      - type: word
+        name: qianxin
+        words:
+          - ".360safedns.com"
+          - ".360cloudwaf.com"
+
+      - type: word
+        name: baiduyunjiasu
+        words:
+          - ".yunjiasu-cdn.net"
+
+      - type: word
+        name: anquanbao
+        words:
+          - ".anquanbao.net"
+
+      - type: regex
+        name: aliyun
+        regex:
+          - '\.w\.kunlun\w{2,3}\.com'
+
+      - type: regex
+        name: aliyun-waf
+        regex:
+          - '\.aliyunddos\d+\.com'
+          - '\.aliyunwaf\.com'
+          - '\.aligaofang\.com'
+          - '\.aliyundunwaf\.com'
+
+      - type: word
+        name: xuanwudun
+        words:
+          - ".saaswaf.com"
+          - ".dbappwaf.cn"
+
+      - type: word
+        name: yundun
+        words:
+          - ".hwwsdns.cn"
+          - ".yunduncname.com"
+
+dns:
+  - name: "{{FQDN}}"
+    type: NS
+    recursion: true
+    retries: 5
+    class: inet
+    matchers:
+      - type: word
+        name: knownsec
+        words:
+          - ".jiasule.net"
+
+      - type: word
+        name: chuangyudun
+        words:
+          - ".365cyd.net"
+
+      - type: word
+        name: qianxin
+        words:
+          - ".360wzb.com"
+
+      - type: word
+        name: anquanbao
+        words:
+          - ".anquanbao.com"
+
+      - type: word
+        name: wangsu
+        words:
+          - ".chinanetcenter.com"
+
+      - type: word
+        name: baiduyunjiasue
+        words:
+          - ".ns.yunjiasu.com"
+
+      - type: word
+        name: chinacache
+        words:
+          - ".chinacache.com"
+
+      - type: word
+        name: cloudflare
+        words:
+          - "ns.cloudflare.com"
+
+      - type: word
+        name: edns
+        words:
+          - ".iidns.com"