id: detect-dangling-cname info: name: CNAME Detect Dangling author: pdteam,nytr0gen description: A CNAME detect dangling condition was discovered. Most commonly this relates to failing to remove records from the zone once they are no longer needed. severity: info tags: dns,takeover reference: - https://securitytrails.com/blog/subdomain-takeover-tips - https://nominetcyber.com/dangling-dns-is-no-laughing-matter/ - https://nabeelxy.medium.com/dangling-dns-records-are-a-real-vulnerability-361f2a29d37f - https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cve-id: cwe-id: CWE-200 dns: - name: "{{FQDN}}" type: A matchers-condition: and matchers: - type: word words: - "NXDOMAIN" - type: word words: - "IN\tCNAME" extractors: - type: regex group: 1 regex: - "IN\tCNAME\t(.+)" # Enhanced by mp on 2022/03/13