Added dkim-record-detect

dns/dkim-record-detect.yaml

@@ -0,0 +1,48 @@
+id: dkim-record-detect
+
+info:
+  name: DKIM Record - Detection
+  author: princechaddha
+  severity: info
+  description: |
+    A DKIM (DomainKeys Identified Mail) TXT record was detected. DKIM is an email authentication method that allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain.
+  reference:
+    - https://www.rfc-editor.org/rfc/rfc6376
+    - https://dkim.org/
+  metadata:
+    max-request: 10
+  tags: dns,dkim,email,discovery
+
+dns:
+  - name: "{{selector}}._domainkey.{{FQDN}}"
+    type: TXT
+
+    payloads:
+      selector:
+        - default
+        - selector1
+        - selector2
+        - google
+        - k1
+        - s1
+        - s2
+        - dkim
+        - mail
+        - email
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "v=DKIM1"
+        case-insensitive: true
+
+      - type: regex
+        regex:
+          - 'p=[A-Za-z0-9+/]{20,}'
+        negative: false
+
+    extractors:
+      - type: regex
+        regex:
+          - "v=DKIM1(.+)"