diff --git a/dns/txt-service-detect.yaml b/dns/txt-service-detect.yaml new file mode 100644 index 0000000000..d286a8d2fe --- /dev/null +++ b/dns/txt-service-detect.yaml @@ -0,0 +1,220 @@ +id: txt-service-detect + +info: + name: DNS TXT Service - Detect + author: rxerium + severity: info + description: | + Finding the services companies use via their TXT records. + reference: + - https://www.abenezer.ca/blog/services-companies-use-txt-records + metadata: + max-request: 1 + verified: true + tags: dns,txt + +dns: + - name: "{{FQDN}}" + type: TXT + + matchers-condition: or + matchers: + - type: word + name: "keybase" + words: + - "keybase-site-verification" + + - type: word + name: "proton-mail" + words: + - "protonmail-verification" + + - type: word + name: "webex" + words: + - "webexdomainverification" + + - type: word + name: "apple" + words: + - "apple-domain-verification" + + - type: word + name: "facebook" + words: + - "facebook-domain-verification" + + - type: word + name: "autodesk" + words: + - "autodesk-domain-verification" + + - type: word + name: "stripe" + words: + - "stripe-verification" + + - type: word + name: "atlassian" + words: + - "atlassian-domain-verification" + + - type: word + name: "adobe-sign" + words: + - "adobe-sign-verification" + + - type: word + name: "zoho" + words: + - "zoho-verification" + + - type: word + name: "have-i-been-pwned" + words: + - "have-i-been-pwned-verification" + + - type: word + name: "knowbe4" + words: + - "knowbe4-site-verification" + + - type: word + name: "jamf" + words: + - "jamf-site-verification" + + - type: word + name: "parallels" + words: + - "parallels-domain-verification" + + - type: word + name: "dropbox" + words: + - "dropbox-domain-verification" + + - type: word + name: "vmware-cloud" + words: + - "vmware-cloud-verification" + + - type: word + name: "canva" + words: + - "canva-site-verification" + + - type: word + name: "mongodb" + words: + - "mongodb-site-verification" + + - type: word + name: "slack" + words: + - "slack-domain-verification" + + - type: word + name: "teamViewer" + words: + - "teamviewer-sso-verification" + + - type: word + name: "bugcrowd" + words: + - "bugcrowd-verification" + + - type: word + name: "cisco" + words: + - "cisco-site-verification" + + - type: word + name: "palo-alto-networks" + words: + - "paloaltonetworks-site-verification" + + - type: word + name: "twilio" + words: + - "twilio-domain-verification" + + - type: word + name: "dell-technologies" + words: + - "dell-technologies-domain-verification" + + - type: word + name: "1password" + words: + - "1password-site-verification" + + - type: word + name: "duo" + words: + - "duo_sso_verification" + + - type: word + name: "sophos" + words: + - "sophos-domain-verification" + + - type: word + name: "pinterest" + words: + - "pinterest-site-verification" + + - type: word + name: "citrix" + words: + - "citrix-verification-code" + + - type: word + name: "zapier" + words: + - "zapier-domain-verification-challenge" + + - type: word + name: "uber" + words: + - "uber-domain-verification" + + - type: word + name: "zoom" + words: + - "zoom-domain-verification" + + - type: word + name: "lastpass" + words: + - "lastpass-verification-code" + + - type: word + name: "google-workspace" + words: + - "google-site-verification" + + - type: word + name: "flexera" + words: + - "flexera-domain-verification" + + - type: word + name: "yandex" + words: + - "yandex-verification" + + - type: word + name: "calendly" + words: + - "calendly-site-verification" + + - type: word + name: "docusign" + words: + - "docusign" + + - type: word + name: "whimsical" + words: + - "whimsical"