javascript/udp/misconfiguration/mdns-enum.yaml

id: mDNS-enum

info:
  name: mDNS Enumeration
  author: matejsmycka
  severity: low
  description: |
    mDNS may disclose details about services running on a local network. When mDNS traffic is accessible from the public Internet, attackers can exploit it to map internal services. If exposure is suspected, perform enumeration with tools such as dig to collect additional information.
  metadata:
    verified: true
    shodan-query: port:5353
  tags: dns,udp,mdns,enum,js,enum

javascript:
  - pre-condition: |
      isUDPPortOpen(Host,Port);

    code: |
      let c = require("nuclei/net");
      let conn = c.Open('udp', `${Host}:${Port}`);
      // same as dig @<HOST> -p 5353 _services._dns-sd._udp.local PTR
      let packet = "e3bc01200001000000000001095f7365727669636573075f646e732d7364045f756470056c6f63616c00000c000100002904d000000000000c000a00083e6e072b14fd0be3"
      conn.SendHex(packet);
      let resp = conn.Recv(512);
      resp;

    args:
      Host: "{{Host}}"
      Port: 5353

    matchers:
      - type: dsl
        dsl:
          - "success == true"

    extractors:
      - type: regex
        regex:
          - "workstation"
          - "http"
          - "smb"
          - "qmobile"
          - "qdiscover"
          - "ftp"
          - "nut"
          - "dacp"
          - "airplay"
          - "device-info"
          - "home-assistant"
          - "spotify-connect"
          - "sftp-ssh"
          - "ssh"
          - "afpovertcp"
          - "googlecast"
          - "printer"
          - "occam"
# digest: 4b0a00483046022100cbf4e8efb747088218bc83f016c550915565dd21edb2629a2ab5280b82d3066602210089aaf631bed9fec045e390dad6e2916f438b6397cafdf1016e775135da264341:922c64590222798bb761d5b6d8e72950
feat: add mDNS enumeration template for service discovery 2025-09-19 08:16:55 +02:00			`id: mDNS-enum`

			`info:`
			`name: mDNS Enumeration`
			`author: matejsmycka`
			`severity: low`
			`description: \|`
Update mdns-enum.yaml 2025-10-19 00:48:02 +05:30			`mDNS may disclose details about services running on a local network. When mDNS traffic is accessible from the public Internet, attackers can exploit it to map internal services. If exposure is suspected, perform enumeration with tools such as dig to collect additional information.`
feat: add mDNS enumeration template for service discovery 2025-09-19 08:16:55 +02:00			`metadata:`
Update mdns-enum.yaml 2025-10-19 00:48:02 +05:30			`verified: true`
			`shodan-query: port:5353`
chore: add 'vuln','discovery' tags to new templates 2025-10-22 09:38:05 +02:00			`tags: dns,udp,mdns,enum,js,enum`
feat: add mDNS enumeration template for service discovery 2025-09-19 08:16:55 +02:00
			`javascript:`
			`- pre-condition: \|`
			`isUDPPortOpen(Host,Port);`
Update mdns-enum.yaml 2025-10-19 00:48:02 +05:30
feat: add mDNS enumeration template for service discovery 2025-09-19 08:16:55 +02:00			`code: \|`
			`let c = require("nuclei/net");`
			let conn = c.Open('udp', `${Host}:${Port}`);
			`// same as dig @<HOST> -p 5353 _services._dns-sd._udp.local PTR`
			`let packet = "e3bc01200001000000000001095f7365727669636573075f646e732d7364045f756470056c6f63616c00000c000100002904d000000000000c000a00083e6e072b14fd0be3"`
			`conn.SendHex(packet);`
			`let resp = conn.Recv(512);`
			`resp;`

			`args:`
			`Host: "{{Host}}"`
			`Port: 5353`

Update mdns-enum.yaml 2025-09-19 13:01:48 +05:30			`matchers:`
			`- type: dsl`
			`dsl:`
Update mdns-enum.yaml 2025-10-19 00:48:02 +05:30			`- "success == true"`
Update mdns-enum.yaml 2025-09-19 13:01:48 +05:30
feat: add mDNS enumeration template for service discovery 2025-09-19 08:16:55 +02:00			`extractors:`
			`- type: regex`
			`regex:`
			`- "workstation"`
			`- "http"`
			`- "smb"`
			`- "qmobile"`
			`- "qdiscover"`
			`- "ftp"`
			`- "nut"`
			`- "dacp"`
			`- "airplay"`
			`- "device-info"`
			`- "home-assistant"`
			`- "spotify-connect"`
			`- "sftp-ssh"`
			`- "ssh"`
			`- "afpovertcp"`
			`- "googlecast"`
			`- "printer"`
Update mdns-enum.yaml 2025-09-19 13:01:48 +05:30			`- "occam"`
chore: sign templates 🤖 2025-10-22 05:12:05 +00:00			`# digest: 4b0a00483046022100cbf4e8efb747088218bc83f016c550915565dd21edb2629a2ab5280b82d3066602210089aaf631bed9fec045e390dad6e2916f438b6397cafdf1016e775135da264341:922c64590222798bb761d5b6d8e72950`