search

blacklanternsecurity / baddns

Check subdomains for subdomain takeovers and other DNS tomfoolery
GNU General Public License v3.0
92 stars 5 forks source link

[SignatureBot] Add or update signature nucleitemplates_aws-bucket-takeover.yml #381

Closed liquidsec closed 7 months ago

liquidsec commented 11 months ago

Add or update signature: nucleitemplates_aws-bucket-takeover.yml

This PR adds or updates the follow signature:

identifiers:
  cnames: []
  ips: []
  nameservers: []
  not_cnames:
  - type: word
    value: amazonaws.com
  - type: word
    value: ks3.ksyun.com
  - type: word
    value: kss.ksyun.com
  - type: word
    value: kss3.ksyun.com
  - type: word
    value: ks3-cn-beijing.ksyun.com
  - type: word
    value: ks3-cn-guangzhou.ksyun.com
  - type: word
    value: ks3-cn-hk-1.ksyun.com
  - type: word
    value: ks3-cn-shanghai.ksyun.com
  - type: word
    value: ks3-jr-beijing.ksyun.com
  - type: word
    value: ks3-jr-shanghai.ksyun.com
  - type: word
    value: ks3-rus.ksyun.com
  - type: word
    value: ks3-sgp.ksyun.com
  - type: word
    value: obs.jrzq.huaweicloud.com
  - type: word
    value: obs.petalpay.huaweicloud.com
  - type: word
    value: oss-cn-hangzhou.aliyuncs.com
  - type: word
    value: oss-cn-shanghai.aliyuncs.com
  - type: word
    value: oss-cn-qingdao.aliyuncs.com
  - type: word
    value: oss-cn-beijing.aliyuncs.com
  - type: word
    value: oss-cn-zhangjiakou.aliyuncs.com
  - type: word
    value: oss-cn-huhehaote.aliyuncs.com
  - type: word
    value: oss-cn-shenzhen.aliyuncs.com
  - type: word
    value: oss-cn-hongkong.aliyuncs.com
  - type: word
    value: oss-us-west-1.aliyuncs.com
  - type: word
    value: oss-us-east-1.aliyuncs.com
  - type: word
    value: oss-ap-southeast-1.aliyuncs.com
  - type: word
    value: oss-ap-southeast-2.aliyuncs.com
  - type: word
    value: oss-ap-southeast-3.aliyuncs.com
  - type: word
    value: oss-ap-southeast-5.aliyuncs.com
  - type: word
    value: oss-ap-south-1.aliyuncs.com
  - type: word
    value: oss-ap-northeast-1.aliyuncs.com
  - type: word
    value: oss-eu-central-1.aliyuncs.com
  - type: word
    value: oss-me-east-1.aliyuncs.com
matcher_rule:
  matchers:
  - dsl:
    - Host != ip
    type: dsl
  - condition: and
    part: body
    type: word
    words:
    - The specified bucket does not exist
  - dsl:
    - contains(tolower(header), 'x-guploader-uploadid')
    negative: true
    type: dsl
  matchers-condition: and
mode: http
service_name: AWS Bucket Takeover Detection
source: nucleitemplates
liquidsec commented 11 months ago

Test results:

Signature Pass: true :heavy_check_mark:

liquidsec commented 7 months ago

closing for now because of the bizarre non-aws inclusions here. If nuclei changes this signature again, we will see another PR.