admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-11 13:13:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2e9901bf9ec94de03e5ed7490847aac0ccbc598
nuclei-templates/code/windows/audit/kisa/dns-zone-transfer-check.yaml
ghost b2039aeba4 chore: sign templates 🤖
2025-07-10 10:32:02 +00:00

57 lines
2.1 KiB
YAML
Raw Blame History

id: dns-zone-transfer-check
info:
name: DNS Zone Transfer Check
author: nukunga[SungHyunJeon]
severity: medium
description: |
Ensure DNS zone transfers are restricted by verifying that the SecureSecondaries registry value is set to 2 for all active zones.
Unrestricted zone transfers can expose sensitive domain information, helping attackers map the network infrastructure.
impact: |
If DNS zone transfers are not properly restricted, attackers could access domain and zone details, which may aid in planning and launching further attacks against the network infrastructure.
remediation: |
Configure DNS zone transfer restrictions by:
- Disabling zone transfers entirely, or
- Restricting transfers to designated servers by setting the SecureSecondaries registry value to 2.
reference:
- https://isms.kisa.or.kr/main/csap/notice/?boardId=bbs_0000000000000004&mode=view&cntId=85
tags: code,windows-audit,kisa,dns,zone-transfer
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
$regPath = "HKLM:\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\DNS Server\Zones"
$zones = Get-ChildItem -Path $regPath -ErrorAction SilentlyContinue
if (!$zones) {
"DNS_ZONE_TRANSFER_COMPLIANT"
exit
}
$vulnerable = $false
foreach ($zone in $zones) {
$secureVal = (Get-ItemProperty -Path $zone.PSPath -ErrorAction SilentlyContinue).SecureSecondaries
if ($secureVal -ne 2) {
$vulnerable = $true
break
}
}
if ($vulnerable) {
"DNS_ZONE_TRANSFER_VULNERABLE"
} else {
"DNS_ZONE_TRANSFER_COMPLIANT"
}
matchers:
- type: word
words:
- "DNS_ZONE_TRANSFER_VULNERABLE"
# digest: 4b0a00483046022100be81b405c5b43fdf1fb9aee817558e543a42f9c049d3df45c13ec227f7b0db900221009822d46e216e816a520a0bc614186cf3b157a4dd8adcfc092e035485822bd400:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink