DNS SaaS Service Detection
ID: dns-saas-service-detection
Severity: info
Author: noah @thesubtlety,pdteam
Tags: dns,service
Description
Section titled “Description”A CNAME DNS record was discovered
YAML Source
Section titled “YAML Source”id: dns-saas-service-detection
info: name: DNS SaaS Service Detection author: noah @thesubtlety,pdteam severity: info description: A CNAME DNS record was discovered reference: - https://ns1.com/resources/cname - https://www.theregister.com/2021/02/24/dns_cname_tracking/ - https://www.ionos.com/digitalguide/hosting/technical-matters/cname-record/ metadata: max-request: 1 tags: dns,service
dns: - name: "{{FQDN}}" type: CNAME
extractors: - type: dsl dsl: - cname
matchers-condition: or matchers: - type: word part: answer name: ms-office words: - outlook.com - office.com
- type: word part: answer name: azure words: - "azure-api.net" - "azure.com" - "azure-mobile.net" - "azurecontainer.io" - "azurecr.io" - "azuredatalakestore.net" - "azureedge.net" - "azurefd.net" - "azurehdinsight.net" - "azurewebsites.net" - "azurewebsites.windows.net" - "blob.core.windows.net" - "cloudapp.azure.com" - "cloudapp.net" - "database.windows.net" - "redis.cache.windows.net" - "search.windows.net" - "servicebus.windows.net" - "visualstudio.com" - "-msedge.net" - "msappproxy.net" - "trafficmanager.net"
- type: word part: answer name: zendesk words: - "zendesk.com"
- type: word part: answer name: announcekit words: - "cname.announcekit.app"
- type: word part: answer name: wix words: - "wixdns.net"
- type: word part: answer name: akamai-cdn words: - akadns.net - akagtm.org - akahost.net - akam.net - akamai.com - akamai.net - akamaiedge-staging.net - akamaiedge.net - akamaientrypoint.net - akamaihd.net - akamaistream.net - akamaitech.net - akamaitechnologies.com - akamaitechnologies.fr - akamaized.net - akaquill.net - akasecure.net - akasripcn.net - edgekey.net - edgesuite.net
- type: word part: answer name: cloudflare-cdn words: - cloudflare.net - cloudflare-dm-cmpimg.com - cloudflare-ipfs.com - cloudflare-quic.com - cloudflare-terms-of-service-abuse.com - cloudflare.com - cloudflare.net - cloudflare.tv - cloudflareaccess.com - cloudflareclient.com - cloudflareinsights.com - cloudflareok.com - cloudflareportal.com - cloudflareresolve.com - cloudflaressl.com - cloudflarestatus.com - sn-cloudflare.com
- type: word part: answer name: amazon-cloudfront words: - cloudfront.net
- type: word part: answer name: salesforce words: - salesforce.com - siteforce.com - force.com
- type: word part: answer name: amazon-aws words: - amazonaws.com - elasticbeanstalk.com - awsglobalaccelerator.com
- type: word part: answer name: fastly-cdn words: - fastly.net
- type: word part: answer name: netlify words: - netlify.app - netlify.com - netlifyglobalcdn.com
- type: word part: answer name: vercel words: - vercel.app
- type: word part: answer name: sendgrid words: - sendgrid.net - sendgrid.com
- type: word part: answer name: qualtrics words: - qualtrics.com
- type: word part: answer name: heroku words: - herokuapp.com - herokucdn.com - herokudns.com - herokussl.com - herokuspace.com
- type: word part: answer name: gitlab words: - gitlab.com - gitlab.io
- type: word part: answer name: perforce-akana words: - akana.com - apiportal.akana.com
- type: word part: answer name: skilljar words: - skilljarapp.com
- type: word part: answer name: datagrail words: - datagrail.io
- type: word part: answer name: platform.sh words: - platform.sh
- type: word part: answer name: folloze words: - folloze.com
- type: word part: answer name: pendo-receptive words: - receptive.io - pendo.io
- type: word part: answer name: discourse words: - bydiscourse.com - discourse-cdn.com - discourse.cloud - discourse.org - hosted-by-discourse.com
- type: word part: answer name: adobe-marketo words: - marketo.com - marketo.co.uk - mktoweb.com - mktossl.com - mktoweb.com
- type: word part: answer name: adobe-marketo - 'mkto-.{5,8}\.com'
- type: word part: answer name: adobe-marketo words: - marketo.com
- type: word part: answer name: rock-content words: - postclickmarketing.com - rockcontent.com - rockstage.io
- type: word part: answer name: rocketlane words: - rocketlane.com
- type: word part: answer name: webflow words: - proxy-ssl.webflow.com
- type: word part: answer name: stacker-hq words: - stacker.app
- type: word part: answer name: hubspot words: - hs-analytics.net - hs-banner.com - hs-scripts.com - hsappstatic.net - hscollectedforms.net - hscoscdn00.net - hscoscdn10.net - hscoscdn20.net - hscoscdn30.net - hscoscdn40.net - hsforms.com - hsforms.net - hubapi.com - hubspot.com - hubspot.es - hubspot.net - hubspotemail.net - hubspotlinks.com - hubspotusercontent-na1.net - sidekickopen90.com - usemessages.com
- type: word part: answer name: gitbook words: - gitbook.com - gitbook.io
- type: word part: answer name: google-firebase words: - fcm.googleapis.com - firebase.com - firebase.google.com - firebase.googleapis.com - firebaseapp.com - firebaseappcheck.googleapis.com - firebasedynamiclinks-ipv4.googleapis.com - firebasedynamiclinks-ipv6.googleapis.com - firebasedynamiclinks.googleapis.com - firebaseinappmessaging.googleapis.com - firebaseinstallations.googleapis.com - firebaseio.com - firebaselogging-pa.googleapis.com - firebaselogging.googleapis.com - firebaseperusertopics-pa.googleapis.com - firebaseremoteconfig.googleapis.com
- type: word part: answer name: zendesk words: - zdassets.com - zdorigin.com - "zendesk.com" - zopim.com
- type: word part: answer name: imperva words: - incapdns.net - incapsula.com
- type: word part: answer name: proofpoint words: - infoprtct.com - metanetworks.com - ppe-hosted.com - pphosted.com - proofpoint.com
- type: word part: answer name: q4-investor-relations words: - q4inc.com - q4ir.com - q4web.com
- type: word part: answer name: google-hosted words: - appspot.com - cloudfunctions.net - ghs.googlehosted.com - ghs4.googlehosted.com - ghs46.googlehosted.com - ghs6.googlehosted.com - googlehosted.com - googlehosted.l.googleusercontent.com - run.app
- type: word part: answer name: wp-engine words: - wpengine.com
- type: word part: answer name: github words: - github.com - github.io - githubusercontent.com
- type: word part: answer name: ghost words: - ghost.io
- type: word part: answer name: digital-ocean words: - ondigitalocean.app
- type: word part: answer name: typedream words: - ontypedream.com
- type: word part: answer name: oracle-eloqua-marketing words: - hs.eloqua.com
- type: regex part: answer regex: - "IN\tCNAME\\t(.+)$" - "IN\\s*CNAME\\t(.+)$"# digest: 4a0a0047304502204351db0036f448045347e701d3f7c0635e732e00e5dfb727065324cf4cf70596022100ad1ff9e36dd6ff9d77ea77faf221d9c565471ee3f9f44e41b4af55abc94fcf7f:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "dns/dns-saas-service-detection.yaml"