Nmap Development mailing list archives

Re: [NSE] dns-brute - DNS brute-forcer

From: David Fifield <david () bamsoftware com>
Date: Mon, 7 Feb 2011 10:30:41 -0800

On Mon, Jan 31, 2011 at 07:30:19PM +0200, cirrus wrote:

Hello list,

I've started developing a DNS brute-force script.
I'm attaching the script (also git accessible from: git://
code.0x0lab.org/nmap-dns-brute.git), please feel free to comment (It's my
first attempt at nse and lua, so please do point out any
issues/mistakes/etc.).
The script has been developed/tested with the current svn version.

-- @output
-- Pre-scan script results:
-- | dns-brute:
-- | Result:
-- |   DNS Brute-force hostnames:
-- |   www.foo.com - 127.0.0.1
-- |   mail.foo.com - 127.0.0.2
-- |   blog.foo.com - 127.0.1.3
-- |   ns1.foo.com - 127.0.0.4
-- |   admin.foo.com - 127.0.0.5
-- |   Reverse DNS hostnames:
-- |   srv-32.foo.com - 127.0.0.16
-- |   srv-33.foo.com - 127.0.1.23
-- |   C-Classes:
-- |   127.0.0.0/24
-- |_  127.0.1.0/24


Thanks. This scritp looks like a good idea and I've made a note in our
TODO to evaluate it.

At first I was thinking this functionality should be merged with
hostmap: http://nmap.org/nsedoc/scripts/hostmap. But that has a differnt
goal: find different names for the same IP address. Your script finds
different names under the same domain, that may be on different
addresses. It's also a lot like http-vhosts:
http://nmap.org/nsedoc/scripts/http-vhosts, which finds different
virtual hosts on the same HTTP server, without doing DNS lookups.

How did you derive your list of names? In any case, when this is merged,
we'll want to use the same list for this script and http-vhosts.

I've only briefly looked over the code. What's with the 7900 magic
number here?

    if (howmany > 7900) then
        --Cannot unpack a list with more than 7900 items so we will set it to 7900
        stdnse.print_debug("Hostlist items per thread is more than 7900. Setting to 7900.")
        howmany = 7900
    end

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] dns-brute - DNS brute-forcer cirrus (Jan 31)
- Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Feb 07)
  - Re: [NSE] dns-brute - DNS brute-forcer Patrick Donnelly (Feb 07)
  - Re: [NSE] dns-brute - DNS brute-forcer cirrus (Feb 09)
  - Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Mar 05)
    - Re: [NSE] dns-brute - DNS brute-forcer David Fifield (Mar 05)