Nmap Development mailing list archives
Re: [NSE] WHOIS
From: Fyodor <fyodor () insecure org>
Date: Sun, 3 Feb 2008 14:47:31 -0800
On Sun, Feb 03, 2008 at 01:46:35AM +0000, jah wrote:
I'd like to share the attached whois.nse, which performs whois queries against the five Regional Internet Registries (ARIN, RIPE NCC, APNIC, LACNIC and AFRINIC) in order to return (a small number of) fields from the record pertaining to the range of IP address assignments in which the target IP address resides.
Hi Jah. This looks quite promising! It would be the longest Nmap NSE script by a wide margin. I'm glad you have done so much testing. I'm wondering if people will get their IP addresses banned for doing too many whois queries? It is very common that people scan consecutive ranges. What do you think about caching the resulting net ranges? So if someone scans 159.93.0.0/16, the first machine (159.93.0.0) would show: Host script results: | WHOIS: Record found at whois.ripe.net | inetnum: 159.93.0.0 - 159.93.255.255 | netname: JINR-NET | descr: Joint Institute for Nuclear Research |_ country: RU But then for 159.93.0.1, the script would first look up its cached entries and see that it already has results which include that IP. Then it could either just include the same information or (probably better) an abbreviated entry like we do with traceroute results. For example, maybe it could just give the netname or some other field, and a pointer to 159.93.0.0 for full results. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] WHOIS jah (Feb 02)
- Re: [NSE] WHOIS Fyodor (Feb 03)
- Re: [NSE] WHOIS jah (Feb 04)
- Re: [NSE] WHOIS Diman Todorov (Feb 04)
- Re: [NSE] WHOIS - Attempts to queue coroutines to limit the number of whois queries. jah (Feb 14)
- Re: [NSE] WHOIS jah (Feb 04)
- Re: [NSE] WHOIS Kris Katterjohn (Feb 04)
- <Possible follow-ups>
- Re: [NSE] WHOIS 4N9e Gutek (Feb 03)
- Re: [NSE] WHOIS Fyodor (Feb 03)