mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 07:43:27 +08:00
119 lines
2.7 KiB
YAML
119 lines
2.7 KiB
YAML
id: mx-service-detector
|
|
|
|
info:
|
|
name: Email Service Detector
|
|
author: binaryfigments,rxerium
|
|
severity: info
|
|
description: An email service was detected. Check the email service or spam filter that is used for a domain.
|
|
classification:
|
|
cwe-id: CWE-200
|
|
metadata:
|
|
max-request: 1
|
|
tags: dns,service,discovery
|
|
|
|
dns:
|
|
- name: "{{FQDN}}"
|
|
type: MX
|
|
|
|
matchers-condition: or
|
|
matchers:
|
|
- type: word
|
|
name: "Office 365"
|
|
words:
|
|
- "mail.protection.outlook.com"
|
|
|
|
- type: word
|
|
name: "Google Apps"
|
|
words:
|
|
- "aspmx2.googlemail.com"
|
|
- "aspmx3.googlemail.com"
|
|
- "alt1.aspmx.l.google.com"
|
|
- "alt2.aspmx.l.google.com"
|
|
- "aspmx.l.google.com"
|
|
|
|
- type: word
|
|
name: "ProtonMail"
|
|
words:
|
|
- "mail.protonmail.ch"
|
|
- "mailsec.protonmail.ch"
|
|
|
|
- type: word
|
|
name: "Zoho Mail"
|
|
words:
|
|
- "mx.zoho.eu"
|
|
- "mx2.zoho.eu"
|
|
- "mx3.zoho.eu"
|
|
|
|
- type: word
|
|
name: "ForcePoint Email Security"
|
|
words:
|
|
- "in.mailcontrol.com"
|
|
|
|
- type: word
|
|
name: "E-Zorg NL"
|
|
words:
|
|
- "spamfilter02.ezorg.nl"
|
|
- "spamfilter01.ezorg.nl"
|
|
- "spamfilter.ezorg.nl"
|
|
- "spamfilter03.ezorg.nl"
|
|
|
|
- type: word
|
|
name: "Kerio Cloud EU"
|
|
words:
|
|
- "mx1.eu1.kerio.cloud"
|
|
- "mx2.eu1.kerio.cloud"
|
|
|
|
- type: word
|
|
name: "Kerio Cloud US"
|
|
words:
|
|
- "mx1.us1.kerio.cloud"
|
|
- "mx2.us1.kerio.cloud"
|
|
- "mx3.us1.kerio.cloud"
|
|
|
|
- type: word
|
|
name: "Proofpoint EU"
|
|
words:
|
|
- "mx1-eu1.ppe-hosted.com"
|
|
- "mx2-eu1.ppe-hosted.com"
|
|
|
|
- type: word
|
|
name: "Proofpoint US"
|
|
words:
|
|
- "mx1-us1.ppe-hosted.com"
|
|
- "mx2-us1.ppe-hosted.com"
|
|
|
|
- type: word
|
|
name: "Mimecast"
|
|
words:
|
|
- "mimecast.com"
|
|
|
|
- type: word
|
|
name: "Cisco IronPort"
|
|
words:
|
|
- "iphmx.com"
|
|
|
|
- type: word
|
|
name: "Trellix (FireEye)"
|
|
words:
|
|
- "fireeyecloud.com"
|
|
|
|
- type: word
|
|
name: "Symantec MessageLabs"
|
|
words:
|
|
- "messagelabs.com"
|
|
|
|
- type: word
|
|
name: "MailSpamProtection"
|
|
words:
|
|
- "mailspamprotection.com"
|
|
|
|
- type: word
|
|
name: "Retarus"
|
|
words:
|
|
- "retarus.com"
|
|
|
|
- type: word
|
|
name: "Rackspace Email"
|
|
words:
|
|
- "emailsrvr.com"
|
|
# digest: 4a0a00473045022100ae0a84ce7dc6f84e6af73f23f9b5272a459dc4bf88e0338c0fc05ec2b7453e0f022014974e1946fde27ea1124923b5c6acee7df3784c84f6438ca26356c33a635f62:922c64590222798bb761d5b6d8e72950 |