Skip to content

Commit

Permalink
Merge pull request #8291 from projectdiscovery/dns-fixes
Browse files Browse the repository at this point in the history 
fixes multiple dns templates with false postive results
  • Loading branch information
@DhiyaneshGeek
DhiyaneshGeek authored Oct 1, 2023
2 parents bee8471 + b20a9f1 commit 6018e12
Show file tree
Hide file tree
Showing 12 changed files with 114 additions and 35 deletions.
8 changes: 4 additions & 4 deletions dns/azure-takeover-detection.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ dns:
matchers-condition: and
matchers:
- type: word
part: answer
words:
- "azure-api.net"
- "azure-mobile.net"
Expand All @@ -50,7 +51,6 @@ dns:
- "NXDOMAIN"

extractors:
- type: regex
group: 1
regex:
- "IN\tCNAME\t(.+)"
- type: dsl
dsl:
- cname
6 changes: 3 additions & 3 deletions dns/caa-fingerprint.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ dns:
type: CAA

matchers:
- type: word
words:
- "IN\tCAA"
- type: regex
regex:
- "IN\tCAA\\t(.+)$"

extractors:
- type: regex
Expand Down
14 changes: 7 additions & 7 deletions dns/detect-dangling-cname.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@ dns:
words:
- "NXDOMAIN"

- type: word
words:
- "IN\tCNAME"

extractors:
- type: regex
group: 1
part: answer
regex:
- "IN\tCNAME\t(.+)"
- "IN\tCNAME\\t(.+)$"

extractors:
- type: dsl
dsl:
- cname
6 changes: 6 additions & 0 deletions dns/dmarc-detect.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@ dns:
- name: "_dmarc.{{FQDN}}"
type: TXT

matchers:
- type: regex
part: answer
regex:
- "IN\tTXT\\t(.+)$"

extractors:
- type: regex
group: 1
Expand Down
53 changes: 49 additions & 4 deletions dns/dns-saas-service-detection.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,14 @@ dns:
matchers-condition: or
matchers:
- type: word
part: answer
name: ms-office
words:
- outlook.com
- office.com

- type: word
part: answer
name: azure
words:
- "azure-api.net"
Expand All @@ -56,23 +58,26 @@ dns:
- "trafficmanager.net"

- type: word
part: answer
name: zendesk
words:
- "zendesk.com"

- type: word
part: answer
name: announcekit
words:
- "cname.announcekit.app"

- type: word
part: answer
name: wix
words:
- "wixdns.net"

- type: word
part: answer
name: akamai-cdn
condition: or
words:
- akadns.net
- akagtm.org
Expand All @@ -96,6 +101,7 @@ dns:
- edgesuite.net

- type: word
part: answer
name: cloudflare-cdn
words:
- cloudflare.net
Expand All @@ -117,53 +123,62 @@ dns:
- sn-cloudflare.com

- type: word
part: answer
name: amazon-cloudfront
words:
- cloudfront.net

- type: word
part: answer
name: salesforce
words:
- salesforce.com
- siteforce.com
- force.com

- type: word
part: answer
name: amazon-aws
words:
- amazonaws.com
- elasticbeanstalk.com
- awsglobalaccelerator.com

- type: word
part: answer
name: fastly-cdn
words:
- fastly.net

- type: word
part: answer
name: netlify
words:
- netlify.app
- netlify.com
- netlifyglobalcdn.com

- type: word
part: answer
name: vercel
words:
- vercel.app

- type: word
part: answer
name: sendgrid
words:
- sendgrid.net
- sendgrid.com

- type: word
part: answer
name: qualtrics
words:
- qualtrics.com

- type: word
part: answer
name: heroku
words:
- herokuapp.com
Expand All @@ -173,44 +188,52 @@ dns:
- herokuspace.com

- type: word
part: answer
name: gitlab
words:
- gitlab.com
- gitlab.io

- type: word
part: answer
name: perforce-akana
words:
- akana.com
- apiportal.akana.com

- type: word
part: answer
name: skilljar
words:
- skilljarapp.com

- type: word
part: answer
name: datagrail
words:
- datagrail.io

- type: word
part: answer
name: platform.sh
words:
- platform.sh

- type: word
part: answer
name: folloze
words:
- folloze.com

- type: word
part: answer
name: pendo-receptive
words:
- receptive.io
- pendo.io

- type: word
part: answer
name: discourse
words:
- bydiscourse.com
Expand All @@ -220,6 +243,7 @@ dns:
- hosted-by-discourse.com

- type: word
part: answer
name: adobe-marketo
words:
- marketo.com
Expand All @@ -228,38 +252,45 @@ dns:
- mktossl.com
- mktoweb.com

- type: regex
- type: word
part: answer
name: adobe-marketo
- 'mkto-.{5,8}\.com'

- type: word
part: answer
name: adobe-marketo
words:
- marketo.com

- type: word
part: answer
name: rock-content
words:
- postclickmarketing.com
- rockcontent.com
- rockstage.io

- type: word
part: answer
name: rocketlane
words:
- rocketlane.com

- type: word
part: answer
name: webflow
words:
- proxy-ssl.webflow.com

- type: word
part: answer
name: stacker-hq
words:
- stacker.app

- type: word
part: answer
name: hubspot
words:
- hs-analytics.net
Expand All @@ -285,12 +316,14 @@ dns:
- usemessages.com

- type: word
part: answer
name: gitbook
words:
- gitbook.com
- gitbook.io

- type: word
part: answer
name: google-firebase
words:
- fcm.googleapis.com
Expand All @@ -311,6 +344,7 @@ dns:
- firebaseremoteconfig.googleapis.com

- type: word
part: answer
name: zendesk
words:
- zdassets.com
Expand All @@ -319,12 +353,14 @@ dns:
- zopim.com

- type: word
part: answer
name: imperva
words:
- incapdns.net
- incapsula.com

- type: word
part: answer
name: proofpoint
words:
- infoprtct.com
Expand All @@ -334,13 +370,15 @@ dns:
- proofpoint.com

- type: word
part: answer
name: q4-investor-relations
words:
- q4inc.com
- q4ir.com
- q4web.com

- type: word
part: answer
name: google-hosted
words:
- appspot.com
Expand All @@ -354,38 +392,45 @@ dns:
- run.app

- type: word
part: answer
name: wp-engine
words:
- wpengine.com

- type: word
part: answer
name: github
words:
- github.com
- github.io
- githubusercontent.com

- type: word
part: answer
name: ghost
words:
- ghost.io

- type: word
part: answer
name: digital-ocean
words:
- ondigitalocean.app

- type: word
part: answer
name: typedream
words:
- ontypedream.com

- type: word
part: answer
name: oracle-eloqua-marketing
words:
- hs.eloqua.com

- type: regex
part: answer
regex:
- "IN\tCNAME"
- "IN\\s*CNAME"
- "IN\tCNAME\\t(.+)$"
- "IN\\s*CNAME\\t(.+)$"
Loading

0 comments on commit 6018e12

Please sign in to comment.