2021-07-22 08:29:34 +00:00
id : detect-dangling-cname
info :
2022-03-14 13:44:54 +00:00
name : CNAME Detect Dangling
2021-07-22 08:29:34 +00:00
author : pdteam,nytr0gen
2022-03-14 13:44:54 +00:00
description : A CNAME detect dangling condition was discovered. Most commonly this relates to failing to remove records from the zone once they are no longer needed.
2021-07-22 08:29:34 +00:00
severity : info
tags : dns,takeover
2021-08-18 11:37:49 +00:00
reference :
2021-08-19 14:44:46 +00:00
- https://securitytrails.com/blog/subdomain-takeover-tips
- https://nominetcyber.com/dangling-dns-is-no-laughing-matter/
- https://nabeelxy.medium.com/dangling-dns-records-are-a-real-vulnerability-361f2a29d37f
- https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
2022-03-14 13:44:54 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score : 0.0
cve-id :
cwe-id : CWE-200
2021-07-22 08:29:34 +00:00
dns :
- name : "{{FQDN}}"
type : A
2021-12-09 13:05:44 +00:00
2021-07-22 08:29:34 +00:00
matchers-condition : and
matchers :
- type : word
words :
- "NXDOMAIN"
- type : word
words :
- "IN\tCNAME"
extractors :
- type : regex
group : 1
regex :
- "IN\tCNAME\t(.+)"
2022-03-14 13:44:54 +00:00
# Enhanced by mp on 2022/03/13