Update dns-rebinding.yaml

dns/dns-rebinding.yaml

@@ -1,5 +1,4 @@
-id: dns-rebinding
+id: CVE-2023-29084
-
 info:
   name: DNS Rebinding Attack
   author: ricardomaia
@@ -20,7 +19,7 @@ dns:
       - type: regex
         part: answer
         regex:
-          - 'IN.*A.(\s)*(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(127\.0\.0\.1|\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})$'
+          - 'IN\s+A\s+(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})$'
 
     extractors:
       - type: regex
@@ -28,7 +27,7 @@ dns:
         name: IPv4
         group: 1
         regex:
-          - 'IN.*A.(\s)*(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(127\.0\.0\.1|\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})'
+          - 'IN\s+A\s+(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})'
 
   - name: "{{FQDN}}"
     type: AAAA
@@ -37,7 +36,7 @@ dns:
       - type: regex
         part: answer
         regex:
-          - "^IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
+          - "IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
 
     extractors:
       - type: regex
@@ -45,6 +44,4 @@ dns:
         name: IPv6_ULA
         group: 1
         regex:
-          - "^IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
+          - "IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
-
-# digest: 4a0a004730450221009a895344f0f4bf8d0444566a7a2392d2074708d88d29a0922ebb71935290785702200a338fe1517c225d45750b08f80f3a903cd5925a32c542b5559f0202173732be:922c64590222798bb761d5b6d8e72950