DNSSEC Detection
ID: dnssec-detection
Severity: info
Author: pdteam
Tags: dns,dnssec
Description
Section titled “Description”Domain Name System Security Extensions (DNSSEC) are enabled. The Delegation of Signing (DS) record provides information about a signed zone file when DNSSEC enabled.
YAML Source
Section titled “YAML Source”id: dnssec-detection
info: name: DNSSEC Detection author: pdteam severity: info description: Domain Name System Security Extensions (DNSSEC) are enabled. The Delegation of Signing (DS) record provides information about a signed zone file when DNSSEC enabled. reference: - https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en - https://www.cyberciti.biz/faq/unix-linux-test-and-validate-dnssec-using-dig-command-line/ classification: cwe-id: CWE-200 metadata: max-request: 1 tags: dns,dnssec
dns: - name: "{{FQDN}}" type: DS matchers: - type: regex part: answer regex: - "IN\tDS\\t(.+)$"# digest: 4a0a004730450220290ab8ad56a2744d90235725b83a26a9cba804533fd7b4b022016afc1c0ac870022100b9a60da058fee3dd3ee0423ab9760ab1d11352e69b6d0afe695b77b849826f99:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "dns/dnssec-detection.yaml"