2025-09-06 18:48:20 +05:30
|
|
|
id: zeroconf-detect
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Zeroconf - Detect
|
|
|
|
|
author: pussycat0x
|
|
|
|
|
severity: info
|
|
|
|
|
description: |
|
2025-09-06 19:13:01 +05:30
|
|
|
Queried `_services._dns-sd._udp.local` over UDP/5353 and identified Zeroconf (mDNS/DNS-SD) services that were advertised locally.
|
2025-09-06 18:48:20 +05:30
|
|
|
reference:
|
|
|
|
|
- https://en.wikipedia.org/wiki/Zero-configuration_networking
|
|
|
|
|
metadata:
|
|
|
|
|
verified: true
|
2025-09-06 18:50:11 +05:30
|
|
|
zoomeye-query: service="zeroconf"
|
2025-09-06 18:48:20 +05:30
|
|
|
tags: zeroconf,network,js,udp
|
|
|
|
|
|
|
|
|
|
javascript:
|
2025-09-06 19:13:01 +05:30
|
|
|
|
2025-09-06 18:48:20 +05:30
|
|
|
- pre-condition: |
|
|
|
|
|
isUDPPortOpen(Host,Port);
|
2025-09-06 19:13:01 +05:30
|
|
|
|
2025-09-06 18:48:20 +05:30
|
|
|
code: |
|
|
|
|
|
let packet = bytes.NewBuffer();
|
|
|
|
|
const c = require("nuclei/net");
|
|
|
|
|
const cmd = "000000000001000000000000095f7365727669636573075f646e732d7364045f756470056c6f63616c00000c0001"
|
|
|
|
|
packet.WriteString(cmd)
|
|
|
|
|
let conn = c.Open('udp', `${Host}:${Port}`);
|
|
|
|
|
conn.SendHex(packet);
|
2025-09-06 18:50:11 +05:30
|
|
|
const result = conn.RecvFullHex();
|
|
|
|
|
result
|
2025-09-06 18:48:20 +05:30
|
|
|
|
|
|
|
|
args:
|
|
|
|
|
Host: "{{Host}}"
|
|
|
|
|
Port: 5353
|
|
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
|
|
|
|
- 'success == true'
|
2025-09-06 19:13:01 +05:30
|
|
|
- 'contains_all(response, "udp.local","rvices._dns-sd") || contains(response, "-servers.net")'
|
2025-09-06 18:48:20 +05:30
|
|
|
condition: and
|
2025-09-06 13:56:33 +00:00
|
|
|
# digest: 4b0a00483046022100b9a010065afdcc27130ed5274fb55b87252a649736e3648dde05a4d9fba5af99022100bba14c22d55461ea2db67f1e2fdb02a9cb370c32eaff05ed2a4f7523ea931e4b:922c64590222798bb761d5b6d8e72950
|
