search

blacklanternsecurity / baddns

Check subdomains for subdomain takeovers and other DNS tomfoolery
GNU General Public License v3.0
96 stars 5 forks source link

[SignatureBot] Add or update signature nucleitemplates_tumblr-takeover.yml #358

Closed liquidsec closed 1 year ago

liquidsec commented 1 year ago

Add or update signature: nucleitemplates_tumblr-takeover.yml

This PR adds or updates the follow signature:

identifiers:
  cnames:
  - type: word
    value: tumblr.com
  - type: word
    value: txmblr.com
  - type: word
    value: umblr.com
  ips: []
  nameservers: []
  not_cnames: []
matcher_rule:
  matchers:
  - dsl:
    - Host != ip
    type: dsl
  - condition: and
    part: body
    type: word
    words:
    - Whatever you were looking for doesn't currently exist at this address.
    - There's nothing here.
  - condition: and
    dsl:
    - '!contains(host,"tumblr.com")'
    - '!contains(host,"txmblr.com")'
    - '!contains(host,"umblr.com")'
    type: dsl
  matchers-condition: and
mode: http
service_name: tumblr takeover detection
source: nucleitemplates
liquidsec commented 1 year ago

Test results:

Signature Pass: true :heavy_check_mark:

Match Table:

Domain Match
tumblr.com true
txmblr.com false
umblr.com false
liquidsec commented 1 year ago

blocking in favor of dnsReaper signature