Nmap Development mailing list archives
Re: DNS Discovery script
From: David Fifield <david () bamsoftware com>
Date: Tue, 12 Jan 2010 15:20:51 -0700
On Fri, Jan 08, 2010 at 10:56:23AM +0100, Patrik Karlsson wrote:
Hi all, I just posted a script on my blog that uses DNS Discovery to enumerate information from the MDNS/ZeroConf/Bonjour service. It decodes most of the DNS records and I have successfully tested it against several different systems including OS X, HP Laserjet printers, Ubuntu and Debian running the Avahi daemon. The script and some additional information is available from here: http://www.cqure.net/wp/2010/01/dns-service-discovery-nmap-script/ As always I'm open to feedback and suggestions. Also the scripts needs more testing, so please let me know of any success stories or failures.
Here are my results from running against Mac OS X:
5353/udp open zeroconf udp-response
| dns-service-discovery:
| Service: _ssh._tcp.local
| Answers: 1
| _ssh._tcp.local PTR IN
| name: _ssh._tcp.local
| Additional: 5
| mac-mini._ssh._tcp.local SRV IN
| priority: 0
| weight: 0
| port: 22
| target: mac-mini.local
| mac-mini._ssh._tcp.local TXT IN
| mac-mini._device-info._tcp.local TXT IN
| txt: model=Macmini2,1
| mac-mini.local AAAA IN
| addr: fe80:0:0:0:216:cbff:feae:d4ac
| mac-mini.local A IN
| addr: 192.168.0.190
| Service: _sftp-ssh._tcp.local
| Answers: 1
| _sftp-ssh._tcp.local PTR IN
| name: _sftp-ssh._tcp.local
| Additional: 5
| mac-mini._sftp-ssh._tcp.local SRV IN
| priority: 0
| weight: 0
| port: 22
| target: mac-mini.local
| mac-mini._sftp-ssh._tcp.local TXT IN
| mac-mini._device-info._tcp.local TXT IN
| txt: model=Macmini2,1
| mac-mini.local AAAA IN
| addr: fe80:0:0:0:216:cbff:feae:d4ac
| mac-mini.local A IN
| addr: 192.168.0.190
| Service: _rfb._tcp.local
| Answers: 1
| _rfb._tcp.local PTR IN
| name: _rfb._tcp.local
| Additional: 5
| mac-mini._rfb._tcp.local SRV IN
| priority: 0
| weight: 0
| port: 5900
| target: mac-mini.local
| mac-mini._rfb._tcp.local TXT IN
| mac-mini._device-info._tcp.local TXT IN
| txt: model=Macmini2,1
| mac-mini.local AAAA IN
| addr: fe80:0:0:0:216:cbff:feae:d4ac
| mac-mini.local A IN
|_ addr: 192.168.0.190
This is good! There's a lot of information there. I think the output
would benefit from being condensed. Like, the IP addresses are repeated
for every service and they don't have to be. And the "Answers:" section
doesn't appear to have any useful information. I guess what I'm saying
is, there's no reason for the output to mirror the structure of the DNS
packets. I think this is about all the relevant information:
22/tcp ssh
22/tcp sftp
5900/tcp rfb
Hostnames: mac-mini.local
Addresses: 192.168.0.190 fe80:0:0:0:216:cbff:feae:d4ac
Device info: model=Macmini2,1
Is there a reason you chose to write an mdns library instead of using
the existing dns library? Does it not provide some function you need?
Because DNS-SD is just another protocol on top of DNS, it would be nice
to have just one library handle it. Or if there is an mdns library, have
it require("dns") to do most of the work. In particular, there's no need
for mdns.decode_dns_name to duplicate dns.decStr.
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- DNS Discovery script Patrik Karlsson (Jan 08)
- Re: DNS Discovery script David Fifield (Jan 12)
- Re: DNS Discovery script Patrik Karlsson (Jan 13)
- Re: DNS Discovery script David Fifield (Jan 20)
- Re: DNS Discovery script Patrik Karlsson (Jan 20)
- Re: DNS Discovery script David Fifield (Jan 12)