Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] dns-brute - DNS brute-forcer

From: cirrus <cirrus () 0x0lab org>
Date: Wed, 9 Feb 2011 12:20:48 +0200
On 7 February 2011 20:30, David Fifield <david () bamsoftware com> wrote:


Thanks. This scritp looks like a good idea and I've made a note in our
TODO to evaluate it.

At first I was thinking this functionality should be merged with
hostmap: http://nmap.org/nsedoc/scripts/hostmap. But that has a differnt
goal: find different names for the same IP address. Your script finds
different names under the same domain, that may be on different
addresses. It's also a lot like http-vhosts:
http://nmap.org/nsedoc/scripts/http-vhosts, which finds different
virtual hosts on the same HTTP server, without doing DNS lookups.

How did you derive your list of names? In any case, when this is merged,
we'll want to use the same list for this script and http-vhosts.

I've only briefly looked over the code. What's with the 7900 magic
number here?

   if (howmany > 7900) then
       --Cannot unpack a list with more than 7900 items so we will set it
to 7900
       stdnse.print_debug("Hostlist items per thread is more than 7900.
Setting to 7900.")
       howmany = 7900
   end

David Fifield



Hello.

As Patrick mentioned I've added the more than 7900 check to avoid reaching
the limit when a very big hostname list is used and the dns-brute.threads is
set to very small. There is probably a better way to pass the list to the
tread.

The list where not derived using a specific method (an analysis of the 100
most common DNS names would be useful). Having said that I've found the 115
names contained to be among very common hostnames.
I've had a look at the http-vhosts host list and it is more targeted on http
services, whereas my lists is more targeted on generic services, such as
sql, ns, mx, etc. As such I do think that http-vhosts and dns-brute should
have different lists.

The script could be very useful when scanning for IPv6 hosts, so I'm also
attaching an updated version of the script, which also supports IPv6
resolving (when the dns-brute.ipv6 flag is set).

--
cirrus

Attachment: dns-brute.nse
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: