Generic SSRF DNS - No Reflection Lower Severity

[random-robbie]

Describe the bug

description: 'Out-of-band interaction: [Generic SSRF (GET)] [Triggering Parameter:
  Host] [DNS] Echoed Response: False'
host: xxxx.com

Expected behavior
This type of result is not particularly useful for review and should have either lower severity or an option to ignore.

BBOT Command
Example: bbot -m httpx -t evilcorp.com -m generic_ssrf

Additional Context:
Is it worth noting that there was a DNS response at all? Many of these detections occur due to proxying, CDNs, and other factors that don’t necessarily indicate an actual SSRF vulnerability. HTTP-based SSRF is more critical, but right now users can get bombarded by irrelevant results.

It would be great to have a configuration option to filter out or deprioritize these cases.

[liquidsec]

I think any OOB interaction is notable and is often telling you something interesting about the target. Both DNS and HTTP interactions can be triggered by something like a WAF and cause a false positive, unfortunately there is really no good way to rule those out.

I agree that DNS interactions are potentially much less interesting and FP more often. However they very much can indicate a full blown vulnerability, especially when it comes to XXE - that may never be capable of causing an HTTP request but may still be fully exploitable via an error-based technique, etc.

I need to think about each case and may have a different adjustment for each. But I think an http_interaction_only option or something like that would be fine.