Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DNS Trace for DNS Templates #419

Closed
m0chan opened this issue Nov 24, 2020 · 3 comments · Fixed by #1236
Closed

Add DNS Trace for DNS Templates #419

m0chan opened this issue Nov 24, 2020 · 3 comments · Fixed by #1236
Assignees
@Mzack9999
Labels
Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Milestone
v2.5.4

Comments

@m0chan
Copy link

m0chan commented Nov 24, 2020
edited by sync-by-unito bot

Is your feature request related to a problem? Please describe.

Currently for DNS templates we can only 'match' on terms when a domain is not in an error state, for example if it's in SERVFAIL we cannot see the authoritative name-servers it fails on.

Describe the solution you'd like

-trace flag - This would allow nuclei to walk the whole DNS tree and match on any user supplied term it encounters.

Hmu on twitter if you need me to explain in greater depth. m0chan98
@ehsandeep ehsandeep added Priority: Medium This issue may be useful, and needs some attention. Type: Enhancement Most issues will probably ask for additions or changes. labels Nov 24, 2020
@ehsandeep ehsandeep changed the title Add DNS Trace for DNS Templates [Feature] Add DNS Trace for DNS Templates May 13, 2021
@ehsandeep ehsandeep added enhancement and removed Type: Enhancement Most issues will probably ask for additions or changes. labels May 26, 2021
@indianajson
Copy link

I would like to second this request. There is a group of vulnerabilities relating to DNS that cannot be identified with Nuclei directly because of this limitation. While getting a SERVFAIL back from Nuclei is nice, that leaves a lot of manual work for researchers investigating DNS misconfigurations. Adding +trace would allow that work to be automated into a nice workflow + template.

@Mzack9999
Copy link
Member

This should be covered in #641 (still in development), the internal scripting engine has access to dnsx methods (including trace)

@forgedhallpass forgedhallpass added Type: Enhancement Most issues will probably ask for additions or changes. and removed enhancement labels Oct 7, 2021
@forgedhallpass forgedhallpass changed the title [Feature] Add DNS Trace for DNS Templates Add DNS Trace for DNS Templates Oct 29, 2021
@Mzack9999 Mzack9999 self-assigned this Nov 9, 2021
@Mzack9999 Mzack9999 added the Status: In Progress This issue is being worked on, and has someone assigned. label Nov 9, 2021
@Mzack9999 Mzack9999 linked a pull request Nov 9, 2021 that will close this issue
Adding dns trace support in dns templates #1236
Merged
4 tasks
@Mzack9999 Mzack9999 added Status: Review Needed The issue has a PR attached to it which needs to be reviewed and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Nov 10, 2021
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels Nov 18, 2021
@ehsandeep
Copy link
Member

@indianajson @m0chan this is now supported at the template level in the dev branch, trace: true will perform DNS tracing for the requested domain similar to dig +trace

dns:
  - name: "{{FQDN}}"
    type: A
    class: inet
    recursion: true
    retries: 3
    trace: true
    trace-max-recursion: 10

@ehsandeep ehsandeep added this to the v2.5.4 milestone Nov 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
v2.5.4
Development

Successfully merging a pull request may close this issue.

Adding dns trace support in dns templates projectdiscovery/nuclei
5 participants
@indianajson @ehsandeep @Mzack9999 @forgedhallpass @m0chan