Nmap Development mailing list archives

Re: [NSE] dns-brute - DNS brute-forcer

From: David Fifield <david () bamsoftware com>
Date: Sat, 5 Mar 2011 13:50:39 -0800

On Sat, Mar 05, 2011 at 01:38:47PM -0800, David Fifield wrote:

On Mon, Feb 07, 2011 at 10:30:41AM -0800, David Fifield wrote:

On Mon, Jan 31, 2011 at 07:30:19PM +0200, cirrus wrote:

Hello list,

I've started developing a DNS brute-force script.
I'm attaching the script (also git accessible from: git://
code.0x0lab.org/nmap-dns-brute.git), please feel free to comment (It's my
first attempt at nse and lua, so please do point out any
issues/mistakes/etc.).
The script has been developed/tested with the current svn version.

-- @output
-- Pre-scan script results:
-- | dns-brute:
-- | Result:
-- |   DNS Brute-force hostnames:
-- |   www.foo.com - 127.0.0.1
-- |   mail.foo.com - 127.0.0.2
-- |   blog.foo.com - 127.0.1.3
-- |   ns1.foo.com - 127.0.0.4
-- |   admin.foo.com - 127.0.0.5
-- |   Reverse DNS hostnames:
-- |   srv-32.foo.com - 127.0.0.16
-- |   srv-33.foo.com - 127.0.1.23
-- |   C-Classes:
-- |   127.0.0.0/24
-- |_  127.0.1.0/24


Thanks. This scritp looks like a good idea and I've made a note in our
TODO to evaluate it.


Nice job! I reworked parts of this script and committed it.


I forgot to mention: I think it would be neat if this script could
accept multiple domains for its prerule instead of just one. You could
use a technique like we're using in the pending dns-nsec-enum script:

        domains = stdnse.get_script_args('dns-nsec-enum.domains')
        if not domains then
                domains = guess_domain(host)
        end
        if not domains then
                return string.format("Can't determine domain for host %s; use %s.domains script arg.", host.ip, 
SCRIPT_NAME)
        end
        if type(domains) == 'string' then
                domains = { domains }
        end

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] dns-brute - DNS brute-forcer cirrus (Jan 31)
- Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Feb 07)
  - Re: [NSE] dns-brute - DNS brute-forcer Patrick Donnelly (Feb 07)
  - Re: [NSE] dns-brute - DNS brute-forcer cirrus (Feb 09)
  - Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Mar 05)
    - Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Mar 05)