DNS TXT Record Detected

ID: txt-fingerprint

Severity: info

Author: pdteam

Tags: dns,txt

Description

A DNS TXT record was detected. The TXT record lets a domain admin leave notes on a DNS server.

YAML Source

id: txt-fingerprint

info:
  name: DNS TXT Record Detected
  author: pdteam
  severity: info
  description: A DNS TXT record was detected. The TXT record lets a domain admin leave notes on a DNS server.
  reference:
    - https://www.netspi.com/blog/technical/network-penetration-testing/analyzing-dns-txt-records-to-fingerprint-service-providers/
  classification:
    cwe-id: CWE-200
  metadata:
    max-request: 1
  tags: dns,txt

dns:
  - name: "{{FQDN}}"
    type: TXT
    matchers:
      - type: regex
        part: answer
        regex:
          - "IN\tTXT\\t(.+)$"

    extractors:
      - type: regex
        group: 1
        regex:
          - "IN\tTXT\t(.+)"
# digest: 4b0a00483046022100d9ea414760699f0839a5d1807d059209634442c29976b88728fb98ad68b09a67022100f4c11f94fc53c6ec41a3754a908d54c67b96f34b730f32d26557adacb1692a9b:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "dns/txt-fingerprint.yaml"

View on Github