Full Disclosure mailing list archives
[Tool] nsec3map v0.3 - DNSSEC Zone Enumerator
From: An Onion <nsec3map () 3fnc org>
Date: Fri, 10 Apr 2015 00:49:07 +0200
nsec3map is a DNS zone enumerator that makes use of DNSSEC NSEC or NSEC3 records. It allows to discover hosts quickly and with a minimal number of DNS queries (usually just one query per resource record). In NSEC mode, it can be configured to send "A" queries, which can be useful in cases where the nameserver blocks the direct querying of NSEC records. In NSEC3 mode, the tool finds a domain name which is not covered by any received NSEC3 record locally and then queries the computed name to receive a new record of the NSEC3 chain. Once the chain (or a part of it) is obtained, the NSEC3 hashes can be cracked (e.g. using John the Ripper) to get the plaintext record names. This is usually not very hard to do using a dictionary attack or even brute force, as domain names tend to be rather short and easy to guess. nsec3map can also accurately extrapolate the total size of the NSEC3 chain based on the hash-distance covered by a small number of already obtained records. Furthermore, it supports an aggressive mode which can speed up the enumeration significantly by sending multiple queries in parallel, although this might cause the tool to send more queries than absolutely needed. Version 0.3 of nsec3map is capable of enumerating a high percentage ( > 99% ) of NSEC3 records even if the zone is very large (e.g. a million or more entries) in a matter of minutes on contemporary hardware. A few years ago we also demonstrated that we were able to crack 84% of a total of 1.31 million NSEC3 records obtained from a real TLD zone in a few days using common CPUs at the time. nsec3map v0.3 has now moved to a new repository on GitHub: https://github.com/anonion0/nsec3map _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [Tool] nsec3map v0.3 - DNSSEC Zone Enumerator An Onion (Apr 09)