105 lines
3.0 KiB
YAML
105 lines
3.0 KiB
YAML
id: rdap-whois
|
|
|
|
info:
|
|
name: RDAP WHOIS
|
|
author: ricardomaia,sttlr
|
|
severity: info
|
|
description: |
|
|
RDAP (Registration Data Access Protocol) is a standard defined by the IETF to replace the whois protocol
|
|
in queries for information about Internet resource records such as domain names, IP addresses, and ASNs.
|
|
reference:
|
|
- https://about.rdap.org/
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
|
cvss-score: 0
|
|
cwe-id: CWE-200
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
tags: miscellaneous,whois,rdap,osint,misc
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "https://www.rdap.net/domain/{{Host}}"
|
|
|
|
redirects: true
|
|
max-redirects: 3
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: json
|
|
part: body
|
|
name: status
|
|
json:
|
|
- '.status[]'
|
|
|
|
- type: json
|
|
part: body
|
|
name: registrationDate
|
|
json:
|
|
- '.events[] | select(.eventAction == "registration").eventDate'
|
|
|
|
- type: json
|
|
part: body
|
|
name: lastChangeDate
|
|
json:
|
|
- '.events[] | select(.eventAction == "last changed").eventDate'
|
|
|
|
- type: json
|
|
part: body
|
|
name: expirationDate
|
|
json:
|
|
- '.events[] | select(.eventAction == "expiration").eventDate'
|
|
|
|
- type: json
|
|
part: body
|
|
name: registrantName
|
|
json:
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "fn") | .[-1]'
|
|
|
|
- type: json
|
|
part: body
|
|
name: registrantOrg
|
|
json:
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "org") | .[-1]'
|
|
|
|
- type: json
|
|
part: body
|
|
name: registrantEmail
|
|
json:
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "email") | .[-1]'
|
|
|
|
- type: json
|
|
part: body
|
|
name: registrantPhone
|
|
json:
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "tel") | .[-1]'
|
|
|
|
- type: json
|
|
part: body
|
|
name: registrantAddress
|
|
json:
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "adr") | .[-1][] | select(. != "")'
|
|
|
|
- type: json
|
|
part: body
|
|
name: registrantCountry
|
|
json:
|
|
- '.entities[] | select(.roles[] | contains("registrant")) | .vcardArray[1].[] | select(.[0] == "adr") | .[-1][-1]'
|
|
|
|
- type: json
|
|
part: body
|
|
name: nameServers
|
|
json:
|
|
- '.nameservers[] | .ldhName'
|
|
|
|
- type: json
|
|
part: body
|
|
name: secureDNS
|
|
json:
|
|
- '.secureDNS.delegationSigned // false'
|
|
# digest: 4a0a00473045022100da4861d87282b414d2f7cb32ed394492c5748ab3c8b727cdc900b4ff45afd45c022021a743aba5ff7daabb05d039e88bf6b78f76f69862e08fb9b68dbd4f98c0666b:922c64590222798bb761d5b6d8e72950 |