[NSE] dns-brute - DNS brute-forcer

[cirrus <cirrus () 0x0lab org>]

Hello list,

I've started developing a DNS brute-force script.
I'm attaching the script (also git accessible from: git://
code.0x0lab.org/nmap-dns-brute.git), please feel free to comment (It's my
first attempt at nse and lua, so please do point out any
issues/mistakes/etc.).
The script has been developed/tested with the current svn version.

$ head -n 32 dns-brute.nse
> description = [[
> Attempts to find DNS hostnames by brute force guessing.
> ]]
> -- 2011-01-26
>
> ---
> -- @usage
> -- nmap --script dns-brute --script-args dns-brute.domain=foo.com,
> dns-brute.threads=6,
> --    dns-brute.cclass, dns-brute.hostlist=./hostfile.txt, newtargets -sS
> -p 80
> -- nmap --script dns-brute www.foo.com
> -- @args dns-brute.hostlist The filename of a list of host strings to try.
> -- @args dns-brute.threads Thread to use (default 5).
> -- @args dns-brute.cclass If specified, adds the reverse DNS for the
> c-class of all discovered IP addresses. cclass can
> --    also be set to the value 'printall' to print all reverse DNS names
> instead of only the ones matching the base domain
> -- @args dns-brute.domain Domain name to brute force if no host is
> specified
> -- @args newtargets Add discovered targets to nmap scan queue (only applies
> when dns-brute.domain has been set)
> -- @output
> -- Pre-scan script results:
> -- | dns-brute:
> -- | Result:
> -- |   DNS Brute-force hostnames:
> -- |   www.foo.com - 127.0.0.1
> -- |   mail.foo.com - 127.0.0.2
> -- |   blog.foo.com - 127.0.1.3
> -- |   ns1.foo.com - 127.0.0.4
> -- |   admin.foo.com - 127.0.0.5
> -- |   Reverse DNS hostnames:
> -- |   srv-32.foo.com - 127.0.0.16
> -- |   srv-33.foo.com - 127.0.1.23
> -- |   C-Classes:
> -- |   127.0.0.0/24
> -- |_  127.0.1.0/24

Attachment: dns-brute.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/