Re: [PATCH] zoneTrans.nse domain script argument

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eddie Bell wrote:
> Hi Kris

Hey Eddie,

> This seems like a good idea. I haven't got access to nmap
> at the moment but I believe someone submitted a patch which
> gave NSE scripts access to whatever hostname was specified by
> the user on the command-line. Adding support for that would also
> be useful.

Indeed, good idea.  I've attached an updated patch.

> - eddie

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSERWb/9K37xXYl36AQLGhg//ZTowP1qhQd6asLLVGC6iq9B+LregwqGE
Sg3SSoUSCcdwLrg0dk7afVotWLeVqwWI+ESyA02yWh26LVwVmv1Z5gp0erSdvKXz
mCRACfq/96XPjQiHZXNwTkXZ0KQQ4iWfrP8ZeiJ+n9dUJ4aqLRBTIqMTFePVgBNg
f209R24v4OS8NVHLXvRA2NIppu6v2VvD5iU7kiw32NtyXFwacWKPVqdtfx8Oz7ZW
48SU1pPyXqx2TnPELkmIXGPaKzKG6ZhRGpu4JHPLsTFpT6yODyAQdMHhTe2KTQdv
LEetS4CcHQe+k1y0wBWyAz76eqp7ZEWN3DIcRvH0ybXkWGDG91wwzFVd+5jBKuKO
rH7f/whW+97KA+KVVZ/jxz+Srmy/TcWFAB7qQ5/0QJ40jSY5KHRx6NxDv8Xa7SNU
m44uHv5vK5r1uv5B7OsQSv0/bZPhJoWylp7IajMCQeB3sRbqqEQecsF1iGshAHJz
JCqAqNlXO3ho1TubvSIapCSP8ebHvNADMu7uAUaV0JtQM+fFgwZHfqEof3cw8O82
luuRAY9ScFS8vpfkMgOO0Qx7j1Lt7hRdqvnDMqJaEw3spQkCTE8+tTi0Jv5DW1vh
jB+qmLM/ulEz4RBrzKoFhCi0tCuSnAgvolywN8RCHbcjdfEMFs7v1tDY4w8BA7Th
R1gYN4qhwrY=
=Rsos
-----END PGP SIGNATURE-----

Index: zoneTrans.nse
===================================================================
--- zoneTrans.nse       (revision 7880)
+++ zoneTrans.nse       (working copy)
@@ -1,9 +1,10 @@
 --[[
 
 Send axfr queries to DNS servers. The domain to query is determined 
-by examining the domain servers hostname. If the query is successful 
-all domains and domain types are returned along with common type 
-specific data (SOA/MX/NS/PTR/A)
+by examining the name given on the command line, the domain servers
+hostname, or it can be specified with the "domain" script argument.
+If the query is successful all domains and domain types are returned
+along with common type specific data (SOA/MX/NS/PTR/A)
 
 constraints
 -----------
@@ -263,17 +264,32 @@
        local catch = function() soc:close() end
        local try = nmap.new_try(catch)
        
-       -- can't do anything without a hostname
-       if host.name == "" then return nil end
+       local domain = nil
+       local args = nmap.registry.args
 
+       if args.zoneTrans and args.zoneTrans.domain then
+               domain = args.zoneTrans.domain
+       elseif args.domain then
+               domain = args.domain
+       elseif host.targetname then
+               domain = host.targetname
+       elseif host.name ~= "" then
+               domain = host.name
+       else
+               -- can't do anything without a hostname
+               return
+       end
+
+       assert(domain)
+
        soc = nmap.new_socket()
        soc:set_timeout(4000)
        try(soc:connect(host.ip, port.number))
-       
+
        local req_id = '\222\173'
        local table = tab.new(3)
        local offset = 1 
-       local name = build_domain(string.lower(host.name))
+       local name = build_domain(string.lower(domain))
        local pkt_len = string.len(name) + 16
 
        -- build axfr request


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org