Awesome

Enumeration as a Service

Description

Enumeration as a Service (eaas.py) in a script that queries the DNS server of a particular domain looking for indications that the domain may be utilizing SaaS offerings. This analysis is performed on TXT, CNAME, A and MX Records. Query results, as well as highlighted results of interest are returned to the user.

Usage

./eaas.py <domain.com>

To Do

• Add known IP address ranges for lookups for SPF records (currently reliant on DNS)
• Checking for dependencies and prompting for install if not available on current machine
• Add "Verbose Mode" to allow user to decide whether or they want detailed responses
• Summary of findings at the end of the query for easier viewing
• Add any additional SaaS offerings which may have been overlooked (There are likely many)

Current Checks

Google

• google-site-verification TXT Record [Documentation]
• google.com in SPF Record
• google.com in MX Record
• googlemail.com in MX Record
• A records which have the term GOOGLE in the ASN Provider
• CNAME records that point to lync.com

Microsoft

• MS TXT record Documentation
• CNAME Record pointing to outlook
• protection.outlook.com in SPF record
• protection.outlook.com in SPF Record
• A records which have the term MICROSOFT in the ASN Provider

DocuSign

• docusign TXT Record Documentation

Facebook

• facebook-domain-verification TXT Record Documentation

Adobe

• adobe-sign-verification TXT Record Documentation
• adobe-idp-site-verification TXT Record Documentation

Atlassian

• atlassian-domain-verification TXT Record Documentation

Yandex

• yandex-verification TXT Record

Amazon

• _amazonses TXT Record Documentation

LogMeIn

• logmein-verification-code TXT Record Documentation

Citrix

• citrix-verification-code TXT Record

Salesforce / Pardot

• pardot TXT Record
• salesforce.com in SPF Record

Zuora

• zuora TXT Record

AirWatch

• A records which have AirWatch LLC in ASN Provider
• CNAME records that point to awmdm.com

ProofPoint

• pphosted.com in SPF Record
• pphosted in MX Record

Service Now

• service-now.com in SPF Record

NetSuite

• mailsenders.netsuite.com in SPF Record

Marketo

• mktomail.com in SPF Record

MailChimp / Mandrill

• spf.mandrillapp.com in SPF Record
• mcsv.net in SPF Record

ZenDesk

• zendesk.com in SPF Record

FreshDesk

• freshdesk.com in SPF Record

ZOHO

• zoho.com in MX Record