Nmap Development mailing list archives
Scanning DNS names fast (was Re: favicon survey script)
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 6 Aug 2009 21:04:55 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 06 Aug 2009 22:51:23 +0200 Vlatko Kosturjak <kost () linux hr> wrote:
Brandon Enright wrote:Indeed, I have been scanning ;-) Here is what I scanned: * 100M random IPs (small percentage actually listening on 80) * 450k IPs resolved from links in Wikipedia (>99% listening on 80) * 3M names (not IPs) from open directory/dmoz, (>99% listening on 80)Wow! You really scanned a lot! :)
Yeah, actually the only aspect of this scanning that was non-trivial was the 3M open directory names. In the past I asked the list for ideas on how to get Nmap to scan millions of names quickly and I got a few decent ideas but nothing distilled down to something anybody could just apply. The issue is that Nmap uses gethostbyname() serially for each name so resolving even a few thousand names takes forever. Until we build some solution into Nmap for this, here is how to get around the problem. First, install a caching nameserver locally. I used djbdns and increased the cache size to 1GB but I bet even something like dnsmasq could be used if you can control its cache size. Point your /etc/resolve.conf to your local DNS resolver. Second, make a file with a list of all of the names you want to scan. Third, download the attached perl script for fast name resolving (pre-caching). Fourth, setup your scan like so: $ cat names.txt | ./fastprelookup.pl | nmap -iL - -n <other options> The reason this works is that fastprelookup.pl acts as a simple input buffer that resolves DNS names very quickly and gets them into your cache. Then when Nmap tries to resolve the names it goes very quickly. Instead of taking years to resolve/scan these names, it took a night. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkp7RX0ACgkQqaGPzAsl94J5TgCfWpCVg5cFTkCGwiNWUV8k6beR QDIAniHzu6QZrtgWI5tLbmGdykt7brSd =Syal -----END PGP SIGNATURE-----
Attachment:
fastprelookup.pl
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- favicon survey script David Fifield (Aug 04)
- Re: favicon survey script Brandon Enright (Aug 04)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)
- Re: favicon survey script David Fifield (Aug 05)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)
- Re: favicon survey script David Fifield (Aug 06)
- Re: favicon survey script Brandon Enright (Aug 06)
- Re: favicon survey script Vlatko Kosturjak (Aug 06)
- Scanning DNS names fast (was Re: favicon survey script) Brandon Enright (Aug 06)
- Re: favicon survey script David Fifield (Aug 06)
- Re: favicon survey script kx (Aug 06)
- Re: favicon survey script Joao Correa (Aug 06)
- Re: favicon survey script Joao Correa (Aug 09)
- Re: favicon survey script Joao Correa (Aug 09)
- Re: favicon survey script Fyodor (Aug 10)
- Re: favicon survey script Joao Correa (Aug 10)
- Re: favicon survey script Joao Correa (Aug 10)
- Re: favicon survey script Joao Correa (Aug 17)
- Re: favicon survey script David Fifield (Aug 18)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)
- Re: favicon survey script Brandon Enright (Aug 04)