Nmap Development mailing list archives
Re: [NSE] dns-brute - DNS brute-forcer
From: cirrus <cirrus () 0x0lab org>
Date: Wed, 9 Feb 2011 12:20:48 +0200
On 7 February 2011 20:30, David Fifield <david () bamsoftware com> wrote:
Thanks. This scritp looks like a good idea and I've made a note in our TODO to evaluate it. At first I was thinking this functionality should be merged with hostmap: http://nmap.org/nsedoc/scripts/hostmap. But that has a differnt goal: find different names for the same IP address. Your script finds different names under the same domain, that may be on different addresses. It's also a lot like http-vhosts: http://nmap.org/nsedoc/scripts/http-vhosts, which finds different virtual hosts on the same HTTP server, without doing DNS lookups. How did you derive your list of names? In any case, when this is merged, we'll want to use the same list for this script and http-vhosts. I've only briefly looked over the code. What's with the 7900 magic number here? if (howmany > 7900) then --Cannot unpack a list with more than 7900 items so we will set it to 7900 stdnse.print_debug("Hostlist items per thread is more than 7900. Setting to 7900.") howmany = 7900 end David Fifield
Hello. As Patrick mentioned I've added the more than 7900 check to avoid reaching the limit when a very big hostname list is used and the dns-brute.threads is set to very small. There is probably a better way to pass the list to the tread. The list where not derived using a specific method (an analysis of the 100 most common DNS names would be useful). Having said that I've found the 115 names contained to be among very common hostnames. I've had a look at the http-vhosts host list and it is more targeted on http services, whereas my lists is more targeted on generic services, such as sql, ns, mx, etc. As such I do think that http-vhosts and dns-brute should have different lists. The script could be very useful when scanning for IPv6 hosts, so I'm also attaching an updated version of the script, which also supports IPv6 resolving (when the dns-brute.ipv6 flag is set). -- cirrus
Attachment:
dns-brute.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] dns-brute - DNS brute-forcer cirrus (Jan 31)
- Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Feb 07)
- Re: [NSE] dns-brute - DNS brute-forcer Patrick Donnelly (Feb 07)
- Re: [NSE] dns-brute - DNS brute-forcer cirrus (Feb 09)
- Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Mar 05)
- Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Mar 05)
- Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Feb 07)