mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
49 lines
1.2 KiB
YAML
49 lines
1.2 KiB
YAML
id: dkim-record-detect
|
|
|
|
info:
|
|
name: DKIM Record - Detection
|
|
author: princechaddha
|
|
severity: info
|
|
description: |
|
|
A DKIM (DomainKeys Identified Mail) TXT record was detected. DKIM is an email authentication method that allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain.
|
|
reference:
|
|
- https://www.rfc-editor.org/rfc/rfc6376
|
|
- https://dkim.org/
|
|
metadata:
|
|
max-request: 10
|
|
tags: dns,dkim,email,discovery
|
|
|
|
dns:
|
|
- name: "{{selector}}._domainkey.{{FQDN}}"
|
|
type: TXT
|
|
|
|
payloads:
|
|
selector:
|
|
- default
|
|
- selector1
|
|
- selector2
|
|
- google
|
|
- k1
|
|
- s1
|
|
- s2
|
|
- dkim
|
|
- mail
|
|
- email
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "v=DKIM1"
|
|
case-insensitive: true
|
|
|
|
- type: regex
|
|
regex:
|
|
- 'p=[A-Za-z0-9+/]{20,}'
|
|
negative: false
|
|
|
|
extractors:
|
|
- type: regex
|
|
regex:
|
|
- "v=DKIM1(.+)"
|
|
# digest: 490a0046304402203b26233c356e1d25b66e4391b61e29c7547624bd7457bdff47b216b4ce142d31022015cf8bf03c1bb50fe65beec8f1f178707487fe245f7d03862d397e2210aaf8a1:922c64590222798bb761d5b6d8e72950 |