Nmap Development mailing list archives

Forward DNS names in output

From: David Fifield <david () bamsoftware com>
Date: Fri, 28 Aug 2009 13:54:37 -0600

On Thu, Aug 27, 2009 at 05:08:32PM -0500, Ron wrote:

On 08/27/2009 05:01 PM, Patrick Donnelly wrote:

/output.cc uses the hostname value (Target.h) for output. The value
*you* want is targetname, which is the name specified on the command
line. The hostname field is the same for all the hosts probably
because of rDNS?


Yes, that's correct, it's using rDNS to get the name (in this case,  
test.skullsecurity.org).

I realize this makes perfect sense when scanning an ip range, but when I  
give tagetnames on the commandline it'd be nice if they'd display in the  
output.

I don't think it's an urgent thing that has to be done, but it's  
something that makes scanning web servers with multiple domains a little  
tricky.


I think this is worth commenting on so I'm starting a new thread.
Patrick is right that Nmap uses the reverse DNS name in its output.

$ nmap -sP en.wikipedia.org
Host rr.pmtpa.wikimedia.org (208.80.152.2) is up (0.092s latency).

When the reverse DNS is not available, it uses the IP address only, even
if it came from forward resolution of a domain name.

$ nmap -sP en.wikipedia.org -n
Host 208.80.152.2 is up (0.11s latency).

I have a personal TODO item to use the forward name in Zenmap, but I
found that it is not even in the XML output.

<host><status state="up" reason="conn-refused"/>
<address addr="208.80.152.2" addrtype="ipv4" />
<hostnames><hostname name="rr.pmtpa.wikimedia.org" type="PTR" /></hostnames>
</host>

I agree with Ron that this is confusing sometimes. It also loses
information. How should Nmap work in this regard? My quick proposal is
to always prefer the forward name to the reverse name in normal output,
and to use the reverse name when the forward name is not available. The
latter behavior is clearly what's wanted when scanning an IP range. In
XML output, both names would be recorded, with a different "type"
attribute for the forward name.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Forward DNS names in output David Fifield (Aug 28)
- Re: Forward DNS names in output Ron (Aug 28)
- Re: Forward DNS names in output Brandon Enright (Aug 28)
- Re: Forward DNS names in output Fyodor (Aug 28)
  - Re: Forward DNS names in output Patrick Donnelly (Aug 28)