Nmap Development mailing list archives
I: [NSE] edns-client-subnet-00
From: Remo the Last <remothelast () yahoo it>
Date: Mon, 20 Feb 2012 10:18:40 +0000 (GMT)
----- Messaggio inoltrato ----- Da: Remo the Last <remothelast () yahoo it> A: Patrik Karlsson <patrik () cqure net> Inviato: Lunedì 20 Febbraio 2012 11:16 Oggetto: Re: [NSE] edns-client-subnet-00 hi hackers, i'm very interested in your script. Before your script i was using SNMP querys to get internal informations. So a little help: how install scripts on nmap and use them? Very thanks to any1. Re ________________________________ Da: Patrik Karlsson <patrik () cqure net> A: John Bond <john.r.bond () gmail com> Cc: nmap-dev <nmap-dev () insecure org> Inviato: Domenica 19 Febbraio 2012 14:35 Oggetto: Re: [NSE] edns-client-subnet-00 On Thu, Feb 16, 2012 at 9:13 AM, Patrik Karlsson <patrik () cqure net> wrote:
On Mon, Feb 13, 2012 at 10:43 PM, John Bond <john.r.bond () gmail com> wrote:Hello nmap Hackers, I have created a couple of scripts which implement the http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00 this is a draft ietf proposal but it is backed by google, verisign and neustar. At least google has already implemented it on its authoritative nameservers. I have written a blog post describing the scripts and its functions here http://b4ldr.wordpress.com/2012/02/13/mapping-cdn-domains/. In a nut shell it allows us to query CDN nameservers as if we were coming from different subnets. as an example instead of getting 6 ip addresses for www.google.com. We get lots (see the end). the two scripts requiere a patch to dns.lua. As the scripts them self
are a bit of a corner case and only useful against google (to my
knowledge), i can understand if they are not committed but it would be nice if the patch to dns.lua is so the scripts work out of the box. cheers John nmap -sU -p 53 --script dns-client-subnet-scan --script-args dns-client-subnet-scan.domain=www.google.com ns1.google.com </p> Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-13 21:19 CET Nmap scan report for ns1.google.com (216.239.32.10) Host is up (0.013s latency). PORT STATE SERVICE 53/udp open|filtered domain | dns-client-subnet-scan: | 173.194.33.16 | 173.194.33.17 | 173.194.33.18 |
173.194.33.19
| 173.194.33.20 | 173.194.33.48 | 173.194.33.49 | 173.194.33.50 | 173.194.33.51 | 173.194.33.52 | 173.194.34.112 | 173.194.34.113 | 173.194.34.114 | 173.194.34.115 | 173.194.34.116 | 173.194.34.144 | 173.194.34.145 | 173.194.34.146 | 173.194.34.147 | 173.194.34.148 | 173.194.34.16 | 173.194.34.17 | 173.194.34.176 | 173.194.34.177 | 173.194.34.178 | 173.194.34.179 | 173.194.34.18 | 173.194.34.180 | 173.194.34.19 | 173.194.34.20 |
173.194.34.48
| 173.194.34.49 | 173.194.34.50 | 173.194.34.51 | 173.194.34.52 | 173.194.34.80 | 173.194.34.81 | 173.194.34.82 | 173.194.34.83 | 173.194.34.84 | 173.194.41.112 | 173.194.41.113 | 173.194.41.114 | 173.194.41.115 | 173.194.41.116 | 173.194.41.144 | 173.194.41.145 | 173.194.41.146 | 173.194.41.147 | 173.194.41.148 | 173.194.41.80 | 173.194.41.81 | 173.194.41.82 | 173.194.41.83 | 173.194.41.84 | 173.194.65.103 | 173.194.65.104 |
173.194.65.105
| 173.194.65.106 | 173.194.65.147 | 173.194.65.99 | 173.194.66.103 | 173.194.66.104 | 173.194.66.105 | 173.194.66.106 | 173.194.66.147 | 173.194.66.99 | 173.194.67.103 | 173.194.67.104 | 173.194.67.105 | 173.194.67.106 | 173.194.67.147 | 173.194.67.99 | 173.194.69.103 | 173.194.69.104 | 173.194.69.105 | 173.194.69.106 | 173.194.69.147 | 173.194.69.99 | 209.85.137.103 | 209.85.137.104 | 209.85.137.105 | 209.85.137.147 | 209.85.137.99 |
209.85.143.104
| 209.85.143.99 | 209.85.147.103 | 209.85.147.104 | 209.85.147.105 | 209.85.147.106 | 209.85.147.147 | 209.85.147.99 | 209.85.173.103 | 209.85.173.104 | 209.85.173.105 | 209.85.173.147 | 209.85.173.99 | 209.85.229.103 | 209.85.229.104 | 209.85.229.105 | 209.85.229.147 | 209.85.229.99 | 72.14.204.103 | 72.14.204.104 | 72.14.204.105 | 72.14.204.147 | 72.14.204.99 | 74.125.113.103 | 74.125.113.104 | 74.125.113.105 | 74.125.113.106 |
74.125.113.147
| 74.125.113.99 | 74.125.115.103 | 74.125.115.104 | 74.125.115.105 | 74.125.115.106 | 74.125.115.147 | 74.125.115.99 | 74.125.127.103 | 74.125.127.104 | 74.125.127.105 | 74.125.127.106 | 74.125.127.147 | 74.125.127.99 | 74.125.157.104 | 74.125.157.147 | 74.125.157.99 | 74.125.159.103 | 74.125.159.104 | 74.125.159.105 | 74.125.159.106 | 74.125.159.147 | 74.125.159.99 | 74.125.224.240 | 74.125.224.241 | 74.125.224.242 | 74.125.224.243 |
74.125.224.244
| 74.125.224.80 | 74.125.224.81 | 74.125.224.82 | 74.125.224.83 | 74.125.224.84 | 74.125.225.80 | 74.125.225.81 | 74.125.225.82 | 74.125.225.83 | 74.125.225.84 | 74.125.226.144 | 74.125.226.145 | 74.125.226.146 | 74.125.226.147 | 74.125.226.148 | 74.125.227.112 | 74.125.227.113 | 74.125.227.114 | 74.125.227.115 | 74.125.227.116 | 74.125.227.48 | 74.125.227.49 | 74.125.227.50 | 74.125.227.51 | 74.125.227.52 | 74.125.229.208 |
74.125.229.209
| 74.125.229.210 | 74.125.229.211 | 74.125.229.212 | 74.125.230.208 | 74.125.230.209 | 74.125.230.210 | 74.125.230.211 | 74.125.230.212 | 74.125.230.240 | 74.125.230.241 | 74.125.230.242 | 74.125.230.243 | 74.125.230.244 | 74.125.230.80 | 74.125.230.81 | 74.125.230.82 | 74.125.230.83 | 74.125.230.84 | 74.125.239.16 | 74.125.239.17 | 74.125.239.18 | 74.125.239.19 | 74.125.239.20 | 74.125.31.103 | 74.125.31.104 | 74.125.31.105 |
74.125.31.106
| 74.125.31.147 | 74.125.31.99 | 74.125.53.103 | 74.125.53.104 | 74.125.53.105 | 74.125.53.106 | 74.125.53.147 | 74.125.53.99 | 74.125.71.103 | 74.125.71.104 | 74.125.71.105 | 74.125.71.106 | 74.125.71.147 | 74.125.71.99 | 74.125.79.103 | 74.125.79.104 | 74.125.79.105 | 74.125.79.106 | 74.125.79.147 |_ 74.125.79.99 Nmap done: 1 IP address (1 host up) scanned in 4.50 seconds _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Hi John, Nice work! I will review the scripts and get back to you soon. //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
Hi John, I've spent some time doing some changes to both the dns patch and the script(s) (hope you don't mind). To summarize, I added some documentation to the DNS library and cleaned up the code a little. In regards to the script dns-client-subnet-scan I made quite a few changes and added support for overriding the list of addresses with a subnet passed as an argument. I think this essentially gives it the capabilities of the dns-client-subnet script as well. I also added support for running the script as a prerule, like this: nmap --script dns-client-subnet-scan --script-args dns-client-subnet-scan.domain=www.example.org ,dns-client-subnet-scan.address=10.10.10.0,dns-client-subnet-scan.nameserver=8.8.8.8 I noticed that the draft has support for ipv6 as well so I made some changes to adapt for this, however I wasn't able to get it to run successfully. Not sure where it fails and I didn't have time to look into it further. For now I've added a restriction to the portrule and prerule to avoid running when Nmap is running using IPv6. It's all been committed as r28092. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] edns-client-subnet-00 John Bond (Feb 13)
- Re: [NSE] edns-client-subnet-00 Patrik Karlsson (Feb 16)
- Re: [NSE] edns-client-subnet-00 Patrik Karlsson (Feb 19)
- Message not available
- I: [NSE] edns-client-subnet-00 Remo the Last (Feb 20)
- Re: I: [NSE] edns-client-subnet-00 John Bond (Mar 12)
- Re: [NSE] edns-client-subnet-00 Patrik Karlsson (Feb 19)
- Re: [NSE] edns-client-subnet-00 Patrik Karlsson (Feb 16)