2.0

BadDNS 2.0 Changelog

New Modules

• DMARC — Detect missing or misconfigured DMARC records, with RFC 7489 two-step subdomain lookup
• MTA-STS — Detect MTA-STS subdomain takeovers and misconfigurations
• WILDCARD — Detect wildcard DNS records enabling domain-wide subdomain takeover
• SPF — SPF policy checks, takeover detection, and subdomain fallback; skips cloud provider targets via cloudcheck

New Features

• Negative signature system — Suppress false positives from known non-vulnerable providers (Cloudflare, Route53, Akamai, Imperva/Incapsula, Bodis, Microsoft Lync/Skype,
  Demandware/Salesforce Commerce Cloud)
• --min-confidence and --min-severity CLI filters — Filter findings by confidence and severity thresholds
• not_cnames exclusion in CNAME module — Skip known-safe CNAME patterns (synced with upstream nuclei templates)
• Finding name property — Proper display names for findings (replaces N/A signatures with descriptive module names)
• Severity/confidence alignment with BBOT 3.0 — INFORMATIONAL severity replaced with INFO
• JSON output support

New Signatures

• Fastly, Hashnode, Discourse, SendPulse, Lovable
• Updated Azure signature (removed retired services, added web.core.windows.net)
• Fixed/rewritten signatures: SurveyGizmo, Launchrock, Pantheon, redirect.pizza, AWS S3 bucket
• Removed 3 invalid signatures
• Automated SignatureBot updates: Mailgun, Tave, Launchrock, SurveyGizmo

Bug Fixes

• Fix DMARC false positives on subdomains (RFC 7489 two-step lookup)
• Fix NSEC zone walking false positives caused by CNAME following
• Fix false positives in registration-based detection for restricted TLDs and self-referential SPF includes
• Filter SRV-style subdomains (_sip._tcp.*, etc.) to prevent false positives
• Fix unhandled LifetimeTimeout in CNAME chain following
• Fix nested omit_types handling in NS module
• Fix analyzeWHOIS returning None instead of empty list
• Fix unhandled part: cname in matcher and signature generation
• Skip DNS targets with labels exceeding 63-octet RFC 1035 limit

Performance

• Speed up references module with WHOIS caching and concurrent domain processing

Developer / Infrastructure

• Python 3.10–3.14 matrix testing
• Migrated linting from black/flake8 to ruff
• Replaced mock with unittest.mock for Python 3.14 compatibility
• Achieved 100% test coverage across all modules
• Updated documentation for v2.0

1.12

What's Changed

• Bump pyyaml from 6.0.2 to 6.0.3 by @dependabot[bot] in #653
• [SignatureBot] Add or update signature dnsreaper_helpscout.yml by @liquidsec in #657
• [SignatureBot] Add or update signature dnsreaper_teamwork.yml by @liquidsec in #658
• [SignatureBot] Add or update signature nucleitemplates_wasabi-bucket-takeover.yml by @liquidsec in #503
• Bump mkdocs-material from 9.6.20 to 9.6.21 by @dependabot[bot] in #654
• [SignatureBot] Add or update signature dnsreaper_hatenablog.yml by @liquidsec in #656
• [SignatureBot] Add or update signature nucleitemplates_wix-takeover.yml by @liquidsec in #659
• [SignatureBot] Add or update signature dnsreaper_bettermode.yml by @liquidsec in #655
• Bump python-whois from 0.9.5 to 0.9.6 by @dependabot[bot] in #660
• Bump pyfakefs from 5.9.3 to 5.10.0 by @dependabot[bot] in #674
• Bump mkdocs-material from 9.6.21 to 9.6.22 by @dependabot[bot] in #675
• Bump pyfakefs from 5.10.0 to 5.10.1 by @dependabot[bot] in #678
• [SignatureBot] Add or update signature nucleitemplates_redirect-pizza-takeover.yml by @liquidsec in #676
• adjusting to latest whois version by @liquidsec in #679
• [SignatureBot] Add or update signature nucleitemplates_leadpages-takeover.yml by @liquidsec in #677
• [SignatureBot] Add or update signature nucleitemplates_wix-takeover.yml by @liquidsec in #673
• [SignatureBot] Add or update signature dnsreaper_hatenablog.yml by @liquidsec in #669

Full Changelog: 1.11.236...1.12.294

1.11

• Signature Updates
• Dependency Version Bumps

1.10.185

What's Changed

• Bump tldextract from 5.1.3 to 5.3.0 by @dependabot[bot] in #592
• Bump mkdocs-material from 9.6.9 to 9.6.12 by @dependabot[bot] in #591
• Bump pytest-cov from 6.0.0 to 6.1.1 by @dependabot[bot] in #589
• Bump poetry-dynamic-versioning from 1.7.1 to 1.8.2 by @dependabot[bot] in #586
• Bump pytest-asyncio from 0.25.3 to 0.26.0 by @dependabot[bot] in #584
• Bump pytest-mock from 3.14.0 to 3.14.1 by @dependabot[bot] in #596
• Bump pytest from 8.3.5 to 8.4.0 by @dependabot[bot] in #597
• Bump mkdocs-material from 9.6.12 to 9.6.14 by @dependabot[bot] in #595
• Bump pytest-cov from 6.1.1 to 6.2.1 by @dependabot[bot] in #602
• Bump pytest-asyncio from 0.26.0 to 1.0.0 by @dependabot[bot] in #603
• Bump requests from 2.32.3 to 2.32.4 by @dependabot[bot] in #599
• Bump pyfakefs from 5.8.0 to 5.9.1 by @dependabot[bot] in #613
• Bump pytest from 8.4.0 to 8.4.1 by @dependabot[bot] in #604
• Bump mkdocs-material from 9.6.14 to 9.6.15 by @dependabot[bot] in #614
• Bump poetry-dynamic-versioning from 1.8.2 to 1.9.1 by @dependabot[bot] in #616
• [SignatureBot] Add or update signature nucleitemplates_greatpages-takeover.yml by @liquidsec in #605
• [SignatureBot] Add or update signature nucleitemplates_greatpages-takeover.yml by @liquidsec in #617
• Bump mkdocs-material from 9.6.15 to 9.6.16 by @dependabot[bot] in #620
• Bump pyfakefs from 5.9.1 to 5.9.2 by @dependabot[bot] in #621
• [SignatureBot] Add or update signature nucleitemplates_greatpages-takeover.yml by @liquidsec in #622
• Bump pytest-asyncio from 1.0.0 to 1.1.0 by @dependabot[bot] in #618
• improved regex by @liquidsec in #623
• Bump requests from 2.32.3 to 2.32.4 by @dependabot[bot] in #600
• Bump urllib3 from 2.3.0 to 2.5.0 by @dependabot[bot] in #606

Full Changelog: 1.9.132...1.10.185

1.7.86

What's Changed

• Bump poetry-dynamic-versioning from 1.5.0 to 1.5.2 by @dependabot in #551
• Bump poetry-dynamic-versioning from 1.5.2 to 1.6.0 by @dependabot in #552
• Bump pyfakefs from 5.7.3 to 5.7.4 by @dependabot in #553
• Bump poetry-dynamic-versioning from 1.6.0 to 1.7.0 by @dependabot in #554
• Fix IP in txt record false positive by @liquidsec in #556
  Full Changelog: 1.6.68...1.7.86

1.6.68

What's Changed

• Bump mkdocs-material from 9.5.43 to 9.5.44 by @dependabot in #516
• Bump python-whois from 0.9.4 to 0.9.5 by @dependabot in #525
• Bump setuptools from 75.3.0 to 75.6.0 by @dependabot in #528
• Bump mkdocs-material from 9.5.44 to 9.5.45 by @dependabot in #527
• Bump pytest-httpx from 0.33.0 to 0.34.0 by @dependabot in #526
• Bump pytest from 8.3.3 to 8.3.4 by @dependabot in #532
• Bump pyfakefs from 5.7.1 to 5.7.2 by @dependabot in #533
• Bump mkdocs-material from 9.5.45 to 9.5.47 by @dependabot in #534
• Bump pytest-asyncio from 0.24.0 to 0.25.0 by @dependabot in #536
• Bump pyfakefs from 5.7.2 to 5.7.3 by @dependabot in #537
• Bump mkdocs-material from 9.5.47 to 9.5.49 by @dependabot in #538
• Bump poetry-dynamic-versioning from 1.4.1 to 1.5.0 by @dependabot in #541
• Bump jinja2 from 3.1.4 to 3.1.5 by @dependabot in #543
• Bump pytest-asyncio from 0.25.0 to 0.25.2 by @dependabot in #542
• Bump setuptools from 75.6.0 to 75.7.0 by @dependabot in #540
• Updating python-whois and other deps by @liquidsec in #544
  Full Changelog: v1.4.13...1.6.68

1.1.869

Initial Formal Release