Nmap Development mailing list archives
Script idea: DNS-based service discovery
From: David Fifield <david () bamsoftware com>
Date: Thu, 27 Aug 2009 15:37:52 -0600
Hi, I had an idea for an NSE script that I'm going to share in case someone wants to take it on. The idea is to discover services by querying the DNS-SD (DNS-based Service Discovery) service on UDP port 5353. The script will send the special service enumeration probe (_services._dns-sd._udp.local) described in section 9 of this document. It's the same probe as DNS-SD in nmap-service-probes. http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt The DNS-SD response is, not surprisingly, DNS, so the dns.lua library should be able to parse it. UDP port 5353 is commonly open on Mac OS X machines, and probably Windows machines that have installed Apple software like iTunes. The response can tell you a lot. When I run the above query against OS X, I get answers for _ssh._tcp.local, _sftp-ssh._tcp.local, and _rfb._tcp.local. A complete list of the registered services is at http://www.dns-sd.org/ServiceTypes.html. For experimenting with the protocol, use the dns-sd program that comes with OS X. Here is a command that generates the above-mentioned probe. dns-sd -B _services._dns-sd._udp . You can get even more information with follow-up probes. If, after you run the above command, you want more information about the ssh service, you run dns-sd -B _ssh._tcp . That returns a PTR record for mac-mini._ssh_._tcp.local (mac-mini is a host name). You can finally look that up: dns-sd -L mac-mini _ssh._tcp . That returns a SRV record saying the service is on port 22, A and AAAA records with the IPv4 and IPv6 addresses of the host, and a TXT record identifying the hardware: "model=Macmini2,1". There are a lot of possibilities here. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Script idea: DNS-based service discovery David Fifield (Aug 27)