Nmap Development mailing list archives
Re: [NSE] dns-brute - DNS brute-forcer
From: David Fifield <david () bamsoftware com>
Date: Mon, 7 Feb 2011 10:30:41 -0800
On Mon, Jan 31, 2011 at 07:30:19PM +0200, cirrus wrote:
Hello list, I've started developing a DNS brute-force script. I'm attaching the script (also git accessible from: git:// code.0x0lab.org/nmap-dns-brute.git), please feel free to comment (It's my first attempt at nse and lua, so please do point out any issues/mistakes/etc.). The script has been developed/tested with the current svn version.-- @output -- Pre-scan script results: -- | dns-brute: -- | Result: -- | DNS Brute-force hostnames: -- | www.foo.com - 127.0.0.1 -- | mail.foo.com - 127.0.0.2 -- | blog.foo.com - 127.0.1.3 -- | ns1.foo.com - 127.0.0.4 -- | admin.foo.com - 127.0.0.5 -- | Reverse DNS hostnames: -- | srv-32.foo.com - 127.0.0.16 -- | srv-33.foo.com - 127.0.1.23 -- | C-Classes: -- | 127.0.0.0/24 -- |_ 127.0.1.0/24
Thanks. This scritp looks like a good idea and I've made a note in our TODO to evaluate it. At first I was thinking this functionality should be merged with hostmap: http://nmap.org/nsedoc/scripts/hostmap. But that has a differnt goal: find different names for the same IP address. Your script finds different names under the same domain, that may be on different addresses. It's also a lot like http-vhosts: http://nmap.org/nsedoc/scripts/http-vhosts, which finds different virtual hosts on the same HTTP server, without doing DNS lookups. How did you derive your list of names? In any case, when this is merged, we'll want to use the same list for this script and http-vhosts. I've only briefly looked over the code. What's with the 7900 magic number here? if (howmany > 7900) then --Cannot unpack a list with more than 7900 items so we will set it to 7900 stdnse.print_debug("Hostlist items per thread is more than 7900. Setting to 7900.") howmany = 7900 end David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] dns-brute - DNS brute-forcer cirrus (Jan 31)
- Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Feb 07)
- Re: [NSE] dns-brute - DNS brute-forcer Patrick Donnelly (Feb 07)
- Re: [NSE] dns-brute - DNS brute-forcer cirrus (Feb 09)
- Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Mar 05)
- Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Mar 05)
- Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Feb 07)