Nmap Development mailing list archives
Re: NSEC Enumeration script
From: Patrik Karlsson <patrik () cqure net>
Date: Wed, 9 Feb 2011 23:07:26 +0100
Hi John, I've been able to test your script against a number of different servers and it seems to work well. I experienced some read timeouts on one of the zones, not sure why, but the rest worked great. Would it be possible/make sense to harmonize the output with the dns-zone-transfer script? Also, I very briefly browsed the script and changes to the library and have a few comments: * You could replace the nmap.registry.args stuff with stdnse.get_script_args * To format output returned by a script you could use the tab library (see dns-zone-transfer) or stdnse.format_output * The dns.lua patch adds a second identical answerFetcher[types.MX] function which should probably be removed I'm attaching a patch that uses the new sendPacket function and removes the one you added. Regards //Patrik
Attachment:
dns.lua.patch
Description:
On 9 feb 2011, at 21.11, John Bond wrote:
On 8 February 2011 21:58, John Bond <john.r.bond () gmail com> wrote:This might be a dumb question, but does it work with NSEC3 servers?I have made an update so that the library almost recognises NSEC3 (for some reason the hash looks like its about a byte to big). and the nsec-enum script will error with NSEC3 not supportedupdated the enum script to resolve the enumerated records. output now like this 53/udp open domain udp-response | dns-nsec-enum: hosts for example.com: | ns.example.com:NS:SOA:RRSIG:NSEC:DNSKEY | www.example.com:A:RRSIG:NSEC | 3.3.3.3 | ftp.example.com:A:RRSIG:NSEC | 2.2.2.2 | x.example.com:CNAME:RRSIG:NSEC | y.example.com:A:RRSIG:NSEC | 1.1.1.1 <dns-nsec-enum.nse>_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSEC Enumeration script John Bond (Feb 04)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 08)
- Re: NSEC Enumeration script John Bond (Feb 09)
- Re: NSEC Enumeration script Patrik Karlsson (Feb 09)
- Re: NSEC Enumeration script John Bond (Feb 09)
- Re: NSEC Enumeration script John Bond (Feb 10)
- Re: NSEC Enumeration script Patrik Karlsson (Feb 10)
- Re: NSEC Enumeration script John Bond (Feb 15)
- Re: NSEC Enumeration script John Bond (Feb 24)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script John Bond (Feb 26)
- Re: NSEC Enumeration script John Bond (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script David Fifield (Feb 07)