Nmap Development mailing list archives
Re: NSEC Enumeration script
From: John Bond <john.r.bond () gmail com>
Date: Mon, 7 Feb 2011 21:19:26 +0100
On 7 February 2011 19:18, David Fifield <david () bamsoftware com> wrote:
On Mon, Feb 07, 2011 at 10:12:23AM -0800, David Fifield wrote:Thanks, John, I'm excited about this script. I and others would like to test it. Did you set up a DNSSEC server to test it, or did you use a public one? Can you give a brief guide on how to reproduce your results?And ane question: What version of Nmap did you derive your dnsseclib.lua from? It's missing some changes that were made more recently in dns.lua. If you know the original version then it's not too hard to make a diff and apply it to the newest source. David Fifield
Hi Dave, Thanks for the response, in relation to the version i worked on im not sure i think it was 5.21 installed via ports on mac and im a bit new to mac. anyway i have attached a patch file using the latest svn. i have had to add the old sendPackets functions as i couldn't get things working in 5 minutes and there were a few other bits and bobs that need tweaking. in relation to NSEC3 not sure what will happen here, i hope it will fail quietly however it wont be difficult to add a handler for nsec3 and intend to. the difficulty is in the enumeration. with nsec you say do you have b and the server goes no i dont have any records between a and c. so the next question you ask is ok do you have c- (- being the alphabetically lowest character). with nsec3 you need to change the way you enum things. however AFAIK nsec3 still works the same way but instead of saying i dont have anything between a and c they say i dont have anything between hash(a) and hash(b). so it will be possible to build some logic where you can do a light weight brute force* to get all hashes. i was thinking of using the nse thread library for this and starting one thread for each valid dns host character Finally with the server i used a public one. i could produce a valid ish zone to put on scanme.nmap.org but i am not sure my home adsl line could take all the nmap-dev testers :) *the type of thing im thinking of with a light wait brute force is to do something lie request a and b if the hashes returned are the same then there are no records between and an b else check a and ak etc etc
Attachment:
dns.lua.patch
Description:
Attachment:
dns-nsec-enum.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSEC Enumeration script John Bond (Feb 04)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 08)
- Re: NSEC Enumeration script John Bond (Feb 09)
- Re: NSEC Enumeration script Patrik Karlsson (Feb 09)
- Re: NSEC Enumeration script John Bond (Feb 09)
- Re: NSEC Enumeration script John Bond (Feb 10)
- Re: NSEC Enumeration script Patrik Karlsson (Feb 10)
- Re: NSEC Enumeration script John Bond (Feb 15)
- Re: NSEC Enumeration script John Bond (Feb 24)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script David Fifield (Feb 07)