nuclei-templates/dns/dns-waf-detect.yaml

175 lines
3.2 KiB
YAML

id: dns-waf-detect
info:
name: DNS WAF Detection
author: lu4nx
description: A DNS WAF was detected.
severity: info
tags: tech,waf,dns
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
dns:
- name: "{{FQDN}}"
type: CNAME
- name: "{{FQDN}}"
type: NS
matchers:
- type: word
name: sanfor-shield
words:
- ".sangfordns.com"
- type: word
name: 360panyun
words:
- ".360panyun.com"
- type: word
name: baiduyun
words:
- ".yunjiasu-cdn.net"
- type: word
name: chuangyudun
words:
- ".365cyd.cn"
- ".cyudun.net"
- type: word
name: knownsec
words:
- ".jiashule.com"
- ".jiasule.org"
- type: word
name: huaweicloud
words:
- ".huaweicloudwaf.com"
- type: word
name: xinliuyun
words:
- ".ngaagslb.cn"
- type: word
name: chinacache
words:
- ".chinacache.net"
- ".ccgslb.net"
- type: word
name: nscloudwaf
words:
- ".nscloudwaf.com"
- type: word
name: wangsu
words:
- ".wsssec.com"
- ".lxdns.com"
- ".wscdns.com"
- ".cdn20.com"
- ".cdn30.com"
- ".ourplat.net"
- ".wsdvs.com"
- ".wsglb0.com"
- ".wswebcdn.com"
- ".wswebpic.com"
- ".wsssec.com"
- ".wscloudcdn.com"
- ".mwcloudcdn.com"
- type: word
name: qianxin
words:
- ".360safedns.com"
- ".360cloudwaf.com"
- type: word
name: baiduyunjiasu
words:
- ".yunjiasu-cdn.net"
- type: word
name: anquanbao
words:
- ".anquanbao.net"
- type: regex
name: aliyun
regex:
- '\.w\.kunlun\w{2,3}\.com'
- type: regex
name: aliyun-waf
regex:
- '\.aliyunddos\d+\.com'
- '\.aliyunwaf\.com'
- '\.aligaofang\.com'
- '\.aliyundunwaf\.com'
- type: word
name: xuanwudun
words:
- ".saaswaf.com"
- ".dbappwaf.cn"
- type: word
name: yundun
words:
- ".hwwsdns.cn"
- ".yunduncname.com"
- type: word
name: knownsec-ns
words:
- ".jiasule.net"
- type: word
name: chuangyudun
words:
- ".365cyd.net"
- type: word
name: qianxin
words:
- ".360wzb.com"
- type: word
name: anquanbao
words:
- ".anquanbao.com"
- type: word
name: wangsu
words:
- ".chinanetcenter.com"
- type: word
name: baiduyunjiasue
words:
- ".ns.yunjiasu.com"
- type: word
name: chinacache
words:
- ".chinacache.com"
- type: word
name: cloudflare
words:
- "ns.cloudflare.com"
- type: word
name: edns
words:
- ".iidns.com"
# Enhanced by mp on 2022/03/13