Nmap Development mailing list archives
Re: DNS Discovery script
From: David Fifield <david () bamsoftware com>
Date: Tue, 12 Jan 2010 15:20:51 -0700
On Fri, Jan 08, 2010 at 10:56:23AM +0100, Patrik Karlsson wrote:
Hi all, I just posted a script on my blog that uses DNS Discovery to enumerate information from the MDNS/ZeroConf/Bonjour service. It decodes most of the DNS records and I have successfully tested it against several different systems including OS X, HP Laserjet printers, Ubuntu and Debian running the Avahi daemon. The script and some additional information is available from here: http://www.cqure.net/wp/2010/01/dns-service-discovery-nmap-script/ As always I'm open to feedback and suggestions. Also the scripts needs more testing, so please let me know of any success stories or failures.
Here are my results from running against Mac OS X: 5353/udp open zeroconf udp-response | dns-service-discovery: | Service: _ssh._tcp.local | Answers: 1 | _ssh._tcp.local PTR IN | name: _ssh._tcp.local | Additional: 5 | mac-mini._ssh._tcp.local SRV IN | priority: 0 | weight: 0 | port: 22 | target: mac-mini.local | mac-mini._ssh._tcp.local TXT IN | mac-mini._device-info._tcp.local TXT IN | txt: model=Macmini2,1 | mac-mini.local AAAA IN | addr: fe80:0:0:0:216:cbff:feae:d4ac | mac-mini.local A IN | addr: 192.168.0.190 | Service: _sftp-ssh._tcp.local | Answers: 1 | _sftp-ssh._tcp.local PTR IN | name: _sftp-ssh._tcp.local | Additional: 5 | mac-mini._sftp-ssh._tcp.local SRV IN | priority: 0 | weight: 0 | port: 22 | target: mac-mini.local | mac-mini._sftp-ssh._tcp.local TXT IN | mac-mini._device-info._tcp.local TXT IN | txt: model=Macmini2,1 | mac-mini.local AAAA IN | addr: fe80:0:0:0:216:cbff:feae:d4ac | mac-mini.local A IN | addr: 192.168.0.190 | Service: _rfb._tcp.local | Answers: 1 | _rfb._tcp.local PTR IN | name: _rfb._tcp.local | Additional: 5 | mac-mini._rfb._tcp.local SRV IN | priority: 0 | weight: 0 | port: 5900 | target: mac-mini.local | mac-mini._rfb._tcp.local TXT IN | mac-mini._device-info._tcp.local TXT IN | txt: model=Macmini2,1 | mac-mini.local AAAA IN | addr: fe80:0:0:0:216:cbff:feae:d4ac | mac-mini.local A IN |_ addr: 192.168.0.190 This is good! There's a lot of information there. I think the output would benefit from being condensed. Like, the IP addresses are repeated for every service and they don't have to be. And the "Answers:" section doesn't appear to have any useful information. I guess what I'm saying is, there's no reason for the output to mirror the structure of the DNS packets. I think this is about all the relevant information: 22/tcp ssh 22/tcp sftp 5900/tcp rfb Hostnames: mac-mini.local Addresses: 192.168.0.190 fe80:0:0:0:216:cbff:feae:d4ac Device info: model=Macmini2,1 Is there a reason you chose to write an mdns library instead of using the existing dns library? Does it not provide some function you need? Because DNS-SD is just another protocol on top of DNS, it would be nice to have just one library handle it. Or if there is an mdns library, have it require("dns") to do most of the work. In particular, there's no need for mdns.decode_dns_name to duplicate dns.decStr. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- DNS Discovery script Patrik Karlsson (Jan 08)
- Re: DNS Discovery script David Fifield (Jan 12)
- Re: DNS Discovery script Patrik Karlsson (Jan 13)
- Re: DNS Discovery script David Fifield (Jan 20)
- Re: DNS Discovery script Patrik Karlsson (Jan 20)
- Re: DNS Discovery script David Fifield (Jan 12)