Nmap Development mailing list archives
NSEC Enumeration script
From: John Bond <john.r.bond () gmail com>
Date: Fri, 4 Feb 2011 10:56:51 +0100
Hi All, I wanted to get to know dnssec and nse a bit more so decided to write an nse script to enumerate NSEC records. unfortunately the dns.lua library that comes as standard (using mac ports) dose not have support for dnssec or edns. so in order to produce my script i have had to hack about with the dns library a little. As this is my first experience with lua i thought it would be best to take a copy of dns.lua and hack that instead of trying to provide a patch. i have tried to make my additions compatible with the original library and would be interested to know how other scripts which use the dns library work with my additions. The things i have added are below and the library name i have used in the dns-nsec-enum script is dnsseclib Library will recognise and decode the following RR types * DS * DNSKEY * RRSIG * NSEC * OPT The library also has the ability to add an EDNS (OPT) packet setting the * Senders payload size * z bit 1 to indicate DNSSEC capabilities Here is the script info description = [[ This script takes an argument for a zone and attempt to enumerate all dns records avalible in this zone. for this script to work DNSEC and NSEC must be avalible. ]] --- -- @args dns-nsec-enum.domains- the dns-nsec-enum.domains name to attemp to enumarate, default is the dns-nsec-enum.domainsname of the target been scanned -- @usage -- nmap --script dnssecenum [--script-args dns-nsec-enum.domains=example.com] <target> -- @output -- | dns-nsec-enum: hosts for www.example.com -- | ftp.example.com:A:NS:SOA:TXT:AAAA:RRSIG:NSEC:DNSKEY -- | http.example.com:CNAME:RRSIG:NSEC -- | www.example.com:A:AAAA:RRSIG:NSEC -- | example.com:CNAME:RRSIG:NSEC To give an idea of the speed of the script i enumerated 1817 NSEC recordes with the following time sudo nmap -sU -p53 --script ./dns-nsec-enum.nse --script-args dns-nsec-enum.domains=example.com 1.2.3.4 -PN real 0m10.299s user 0m3.012s sys 0m0.266s As i mentioned i am new to LUA so please let me know were my mistakes are. Also the enumeration function is a little bit lax on the checks it dose so that the script runs faster. If this proves to be a problem ill change this Let me know how you get on Cheers john
Attachment:
dns-nsec-enum.nse
Description:
Attachment:
dnsseclib.lua
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSEC Enumeration script John Bond (Feb 04)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 08)
- Re: NSEC Enumeration script John Bond (Feb 09)
- Re: NSEC Enumeration script Patrik Karlsson (Feb 09)
- Re: NSEC Enumeration script John Bond (Feb 09)
- Re: NSEC Enumeration script John Bond (Feb 10)
- Re: NSEC Enumeration script Patrik Karlsson (Feb 10)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script David Fifield (Feb 07)