nuclei-templates/dns/soa-detect.yaml

84 lines
1.6 KiB
YAML

id: soa-detect
info:
name: SOA Record Service - Detection
author: rxerium
severity: info
description: |
Detects which domain provider a domain is using, detected through SOA records
reference:
- https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/
metadata:
max-request: 1
verified: true
tags: dns,soa
dns:
- name: "{{FQDN}}"
type: SOA
matchers-condition: or
matchers:
- type: word
name: "cloudflare"
words:
- "dns.cloudflare.com"
- type: word
name: "amazon-web-services"
words:
- "awsdns"
- type: word
name: "akamai"
words:
- "hostmaster.akamai.com"
- type: word
name: "azure"
words:
- "azure-dns.com"
- type: word
name: "ns1"
words:
- "nsone.net"
- type: word
name: "verizon"
words:
- "verizon.com"
- type: word
name: "google-cloud-platform"
words:
- "googledomains.com"
- "google.com"
- type: word
name: "alibaba"
words:
- "alibabadns.com"
- type: word
name: "safeway"
words:
- "safeway.com"
- type: word
name: "mark-monitor"
words:
- "markmonitor.com"
- "markmonitor.zone"
- type: word
name: "hetznet"
words:
- "hetzner.com"
- type: word
name: "edge-cast"
words:
- "edgecastdns.net"