Merge pull request #1511 from projectdiscovery/issue-1464-dns-ptr-query

Adding auto-PTR IP to FQDN
2025-12-17 20:05:27 +00:00 · 2022-01-19 17:30:12 +05:30 · 2022-01-19 17:30:12 +05:30 · 93616a9e80
commit 93616a9e80
parent 6a5b9a4337 f552b07a5f
3 changed files with 55 additions and 6 deletions
--- a/integration_tests/dns/ptr.yaml
+++ b/integration_tests/dns/ptr.yaml
@ -0,0 +1,22 @@
+id: ptr-fingerprint
+
+info:
+  name: PTR Fingerprint
+  author: pdteam
+  severity: info
+  tags: dns,ptr
+
+dns:
+  - name: "{{FQDN}}"
+    type: PTR
+
+    matchers:
+      - type: word
+        words:
+          - "IN\tPTR"
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - "IN\tPTR\t(.+)"
--- a/v2/cmd/integration-test/dns.go
+++ b/v2/cmd/integration-test/dns.go
@ -6,6 +6,7 @@ import (

 var dnsTestCases = map[string]testutils.TestCase{
 	"dns/basic.yaml": &dnsBasic{},
+	"dns/ptr.yaml":   &dnsPtr{},
 }

 type dnsBasic struct{}
@ -23,3 +24,19 @@ func (h *dnsBasic) Execute(filePath string) error {
 	}
 	return expectResultsCount(results, 1)
 }
+
+type dnsPtr struct{}
+
+// Execute executes a test case and returns an error if occurred
+func (h *dnsPtr) Execute(filePath string) error {
+	var routerErr error
+
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "1.1.1.1", debug)
+	if err != nil {
+		return err
+	}
+	if routerErr != nil {
+		return routerErr
+	}
+	return expectResultsCount(results, 1)
+}
--- a/v2/pkg/protocols/dns/dns.go
+++ b/v2/pkg/protocols/dns/dns.go
@ -1,7 +1,6 @@
 package dns

 import (
-	"net"
 	"strings"

 	"github.com/miekg/dns"
@ -9,6 +8,7 @@ import (

 	"github.com/weppos/publicsuffix-go/publicsuffix"

+	"github.com/projectdiscovery/iputil"
 	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions"
@ -170,11 +170,21 @@ func (request *Request) Requests() int {
 }

 // Make returns the request to be sent for the protocol
-func (request *Request) Make(domain string) (*dns.Msg, error) {
-	if request.question != dns.TypePTR && net.ParseIP(domain) != nil {
+func (request *Request) Make(host string) (*dns.Msg, error) {
+	isIP := iputil.IsIP(host)
+	switch {
+	case request.question == dns.TypePTR && isIP:
+		var err error
+		host, err = dns.ReverseAddr(host)
+		if err != nil {
+			return nil, err
+		}
+	default:
+		if isIP {
 			return nil, errors.New("cannot use IP address as DNS input")
 		}
-	domain = dns.Fqdn(domain)
+		host = dns.Fqdn(host)
+	}

 	// Build a request on the specified URL
 	req := new(dns.Msg)
@ -183,7 +193,7 @@ func (request *Request) Make(domain string) (*dns.Msg, error) {

 	var q dns.Question

-	final := replacer.Replace(request.Name, GenerateDNSVariables(domain))
+	final := replacer.Replace(request.Name, GenerateDNSVariables(host))

 	q.Name = dns.Fqdn(final)
 	q.Qclass = request.class