Merge pull request #557 from blacklanternsecurity/dev

Dev->Main
blacklanternsecurity · Jan 16, 2025 · ce13623 · ce13623
2 parents ea7bbb2 + 28921b1
commit ce13623
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 27 deletions.
diff --git a/baddns/modules/txt.py b/baddns/modules/txt.py
@@ -5,6 +5,7 @@
 from baddns.lib.findings import Finding
 
 import logging
+import ipaddress
 
 log = logging.getLogger(__name__)
 
@@ -41,6 +42,14 @@ async def dispatch(self):
             for match in DNSManager.dns_name_regex.finditer(txt_record):
                 start, end = match.span()
                 host = txt_record[start:end]
+
+                try:
+                    # Check if the host is an IP address
+                    ipaddress.ip_address(host)
+                    continue  # Skip this match if it's a valid IP address
+                except ValueError:
+                    pass
+
                 self.infomsg(f"Found host [{host}] in TXT record [{txt_record}] and analyzing with CNAME module")
 
                 cname_instance_direct = BadDNS_cname(
@@ -56,7 +65,7 @@ async def dispatch(self):
                     self.cname_findings_direct.append(
                         {
                             "finding": cname_instance_direct.analyze(),
-                            "description": "Vulnerable Host in TXT Record",
+                            "description": f"Vulnerable Host [{host}] in TXT Record",
                             "trigger": self.target_dnsmanager.target,
                         }
                     )

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "baddns"
-version = "1.6.0"
+version = "1.7.0"
 description = "Check subdomains for subdomain takeovers and other DNS tomfoolery"
 authors = ["liquidsec <[email protected]>"]
 repository = "https://github.com/blacklanternsecurity/baddns"
@@ -56,4 +56,4 @@ build-backend = "poetry_dynamic_versioning.backend"
 [tool.poetry-dynamic-versioning]
 enable = true
 metadata = true
-format = '1.6.{distance}'
+format = '1.7.{distance}'
diff --git a/tests/txt_test.py b/tests/txt_test.py
@@ -20,11 +20,30 @@ async def test_txt_match(fs, mock_dispatch_whois, configure_mock_resolver):
     assert findings
     expected = {
         "target": "bad.dns",
-        "description": "Vulnerable Host in TXT Record. Original Event: [Dangling CNAME, probable subdomain takeover (NXDOMAIN technique)]",
+        "description": "Vulnerable Host [baddns.azurewebsites.net] in TXT Record. Original Event: [Dangling CNAME, probable subdomain takeover (NXDOMAIN technique)]",
         "confidence": "PROBABLE",
         "signature": "Microsoft Azure Takeover Detection",
         "indicator": "azurewebsites.net",
         "trigger": "bad.dns",
         "module": "TXT",
     }
     assert any(expected == finding.to_dict() for finding in findings)
+
+
+@pytest.mark.asyncio
+async def test_txt_dontmatchip(fs, mock_dispatch_whois, configure_mock_resolver):
+    mock_data = {
+        "bad.dns": {"TXT": ["some text 100.100.100.100 some more text"]},
+        "_NXDOMAIN": ["baddns.azurewebsites.net"],
+    }
+    mock_resolver = configure_mock_resolver(mock_data)
+    target = "bad.dns"
+    mock_signature_load(fs, "nucleitemplates_azure-takeover-detection.yml")
+    signatures = load_signatures("/tmp/signatures")
+    baddns_txt = BadDNS_txt(target, signatures=signatures, dns_client=mock_resolver)
+
+    findings = None
+    if await baddns_txt.dispatch():
+        findings = baddns_txt.analyze()
+
+    assert not findings