From db4752cd10ec0984dbc6a8c277be183059d3105c Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sat, 15 Nov 2025 00:28:47 +0530
Subject: [PATCH] Added dkim-record-detect

---
 dns/dkim-record-detect.yaml | 48 +++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 dns/dkim-record-detect.yaml

diff --git a/dns/dkim-record-detect.yaml b/dns/dkim-record-detect.yaml
new file mode 100644
index 00000000000..3fa7cd2bd9c
--- /dev/null
+++ b/dns/dkim-record-detect.yaml
@@ -0,0 +1,48 @@
+id: dkim-record-detect
+
+info:
+  name: DKIM Record - Detection
+  author: princechaddha
+  severity: info
+  description: |
+    A DKIM (DomainKeys Identified Mail) TXT record was detected. DKIM is an email authentication method that allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain.
+  reference:
+    - https://www.rfc-editor.org/rfc/rfc6376
+    - https://dkim.org/
+  metadata:
+    max-request: 10
+  tags: dns,dkim,email,discovery
+
+dns:
+  - name: "{{selector}}._domainkey.{{FQDN}}"
+    type: TXT
+
+    payloads:
+      selector:
+        - default
+        - selector1
+        - selector2
+        - google
+        - k1
+        - s1
+        - s2
+        - dkim
+        - mail
+        - email
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "v=DKIM1"
+        case-insensitive: true
+
+      - type: regex
+        regex:
+          - 'p=[A-Za-z0-9+/]{20,}'
+        negative: false
+
+    extractors:
+      - type: regex
+        regex:
+          - "v=DKIM1(.+)"