nuclei-templates/http/miscellaneous/rdap-whois.yaml

97 lines
2.1 KiB
YAML

id: rdap-whois
info:
name: RDAP WHOIS
author: ricardomaia
severity: info
description: |
RDAP (Registration Data Access Protocol) is a standard defined by the IETF to replace the whois protocol
in queries for information about Internet resource records such as domain names, IP addresses, and ASNs.
reference:
- https://about.rdap.org/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
max-request: 1
verified: true
tags: whois,rdap,osint,misc
http:
- method: GET
path:
- "https://www.rdap.net/domain/{{Host}}"
redirects: true
max-redirects: 3
extractors:
- type: json
part: body
name: raw
json:
- "."
- type: regex
part: body
name: domain
group: 1
regex:
- '^{"objectClassName":"domain","handle":".*?","ldhName":"(.*?)"'
- type: regex
part: body
name: legalRepresentative
group: 1
regex:
- 'legalRepresentative":"(.*?)"'
- type: regex
part: body
name: identifier
group: 1
regex:
- 'identifier":"(.*?)"'
- type: regex
part: body
name: email
group: 1
regex:
- 'email",{},"text","(.*?)"'
- type: regex
part: body
name: registrationDate
group: 1
regex:
- '"eventAction":"registration","eventDate":"(.*?)"'
- type: regex
part: body
name: lastChangeDate
group: 1
regex:
- '"eventAction":"last changed","eventDate":"(.*?)"'
- type: regex
part: body
name: expirationDate
group: 1
regex:
- '"eventAction":"expiration","eventDate":"(.*?)"'
- type: regex
part: body
name: nameServers
group: 1
regex:
- 'nameserver","ldhName":"(.*?)"'
- type: regex
part: body
name: secureDNS
group: 1
regex:
- '"secureDNS":{"delegationSigned":(.*?)}'