Nmap Development mailing list archives
Re: Forward DNS names in output
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 28 Aug 2009 20:39:15 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 28 Aug 2009 13:54:37 -0600 David Fifield <david () bamsoftware com> wrote:
On Thu, Aug 27, 2009 at 05:08:32PM -0500, Ron wrote:On 08/27/2009 05:01 PM, Patrick Donnelly wrote:/output.cc uses the hostname value (Target.h) for output. The value *you* want is targetname, which is the name specified on the command line. The hostname field is the same for all the hosts probably because of rDNS?Yes, that's correct, it's using rDNS to get the name (in this case, test.skullsecurity.org). I realize this makes perfect sense when scanning an ip range, but when I give tagetnames on the commandline it'd be nice if they'd display in the output. I don't think it's an urgent thing that has to be done, but it's something that makes scanning web servers with multiple domains a little tricky.I think this is worth commenting on so I'm starting a new thread. Patrick is right that Nmap uses the reverse DNS name in its output. $ nmap -sP en.wikipedia.org Host rr.pmtpa.wikimedia.org (208.80.152.2) is up (0.092s latency). When the reverse DNS is not available, it uses the IP address only, even if it came from forward resolution of a domain name. $ nmap -sP en.wikipedia.org -n Host 208.80.152.2 is up (0.11s latency). I have a personal TODO item to use the forward name in Zenmap, but I found that it is not even in the XML output. <host><status state="up" reason="conn-refused"/> <address addr="208.80.152.2" addrtype="ipv4" /> <hostnames><hostname name="rr.pmtpa.wikimedia.org" type="PTR" /></hostnames> </host> I agree with Ron that this is confusing sometimes. It also loses information. How should Nmap work in this regard? My quick proposal is to always prefer the forward name to the reverse name in normal output, and to use the reverse name when the forward name is not available. The latter behavior is clearly what's wanted when scanning an IP range. In XML output, both names would be recorded, with a different "type" attribute for the forward name. David Fifield
For the sake of providing a comment, I totally agree with your above suggestion. WRT forward name lookups, I think a long-term TODO item should be to either expand our asynchronous rDNS to do forward resolving too or to think about writing a new, fast, parallel, asynchronous forward resolver. As we start adding more web related scripts, names are going to matter a lot more. -iL is great until it hits the gethostbyname() loop. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkqYQHoACgkQqaGPzAsl94LZcgCgh9MB+1tnWXpuKWiLc7oO7gYo 3RAAnj7mlLywVPCAjyK4M5KUnYXZzKGm =f30g -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Forward DNS names in output David Fifield (Aug 28)
- Re: Forward DNS names in output Ron (Aug 28)
- Re: Forward DNS names in output Brandon Enright (Aug 28)
- Re: Forward DNS names in output Fyodor (Aug 28)
- Re: Forward DNS names in output Patrick Donnelly (Aug 28)