From 39ad0b0f680f302a6a823e9f49fe64956fbd694f Mon Sep 17 00:00:00 2001 From: Rishi Date: Sun, 17 Mar 2024 12:54:28 +0000 Subject: [PATCH 1/2] soa-detection --- dns/soa-detect.yaml | 79 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 dns/soa-detect.yaml diff --git a/dns/soa-detect.yaml b/dns/soa-detect.yaml new file mode 100644 index 0000000000..d2fef30649 --- /dev/null +++ b/dns/soa-detect.yaml @@ -0,0 +1,79 @@ +id: soa-detect + +info: + name: SOA record service detection + author: rxerium + severity: info + description: Detects which domain provider a domain is using, detected through SOA records + reference: + - https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/ + metadata: + max-request: 1 + tags: dns,soa + +dns: + - name: "{{FQDN}}" + type: SOA + matchers-condition: or + matchers: + - type: word + name: "Cloudflare" + words: + - "dns.cloudflare.com" + + - type: word + name: "Amazon Web Services" + words: + - "awsdns" + + - type: word + name: "Akamai" + words: + - "hostmaster.akamai.com" + + - type: word + name: "Azure" + words: + - "azure-dns.com" + + - type: word + name: "NS1" + words: + - "nsone.net" + + - type: word + name: "Verizon" + words: + - "verizon.com" + + - type: word + name: "Google Cloud Platform" + words: + - "googledomains.com" + - "google.com" + + - type: word + name: "Alibaba" + words: + - "alibabadns.com" + + - type: word + name: "Safeway" + words: + - "safeway.com" + + - type: word + name: "Mark Monitor" + words: + - "markmonitor.com" + - "markmonitor.zone" + + - type: word + name: "Hetznet" + words: + - "hetzner.com" + + - type: word + name: "Edge Cast" + words: + - "edgecastdns.net" \ No newline at end of file From cf48f45e13aedd538df34c5033f390dca36b7c9b Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 19 Mar 2024 16:27:34 +0530 Subject: [PATCH 2/2] formatting --- dns/soa-detect.yaml | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/dns/soa-detect.yaml b/dns/soa-detect.yaml index d2fef30649..eb6eda0782 100644 --- a/dns/soa-detect.yaml +++ b/dns/soa-detect.yaml @@ -1,79 +1,83 @@ id: soa-detect info: - name: SOA record service detection + name: SOA Record Service - Detection author: rxerium severity: info - description: Detects which domain provider a domain is using, detected through SOA records + description: | + Detects which domain provider a domain is using, detected through SOA records reference: - https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/ metadata: max-request: 1 + verified: true tags: dns,soa dns: - name: "{{FQDN}}" + type: SOA + matchers-condition: or matchers: - type: word - name: "Cloudflare" + name: "cloudflare" words: - "dns.cloudflare.com" - type: word - name: "Amazon Web Services" + name: "amazon-web-services" words: - "awsdns" - type: word - name: "Akamai" + name: "akamai" words: - "hostmaster.akamai.com" - type: word - name: "Azure" + name: "azure" words: - "azure-dns.com" - type: word - name: "NS1" + name: "ns1" words: - "nsone.net" - type: word - name: "Verizon" + name: "verizon" words: - "verizon.com" - type: word - name: "Google Cloud Platform" + name: "google-cloud-platform" words: - "googledomains.com" - "google.com" - type: word - name: "Alibaba" + name: "alibaba" words: - "alibabadns.com" - type: word - name: "Safeway" + name: "safeway" words: - "safeway.com" - type: word - name: "Mark Monitor" + name: "mark-monitor" words: - "markmonitor.com" - "markmonitor.zone" - type: word - name: "Hetznet" + name: "hetznet" words: - "hetzner.com" - type: word - name: "Edge Cast" + name: "edge-cast" words: - - "edgecastdns.net" \ No newline at end of file + - "edgecastdns.net"