Nmap Development mailing list archives
Re: NSEC Enumeration script
From: John Bond <john.r.bond () gmail com>
Date: Wed, 9 Feb 2011 23:51:16 +0100
On 9 February 2011 23:07, Patrik Karlsson <patrik () cqure net> wrote:
Hi John, I've been able to test your script against a number of different servers and it seems to work well. I experienced some read timeouts on one of the zones, not sure why, but the rest worked great. Would it be possible/make sense to harmonize the output with the dns-zone-transfer script?
Good to know its working well, and ill take a look at dns-zone-transfer like you say it makes sense to keep things simlar I should also mention that the last script i posted was wrong. I had not fully understood the NSEC. Anyway i now have an out put like this
| www.example.com:bla.example.com:A:AAAA:RRSIG:NSEC | 3.3.3.3 | parent: bla.example.com | A 1.1.1.1 | AAAA 1::1 |
Basicly there is a little bit more info and a lot more duplication. I think it might be better to just do an any query to all the enumerated records. but feed back welcome
Also, I very briefly browsed the script and changes to the library and have a few comments: * You could replace the nmap.registry.args stuff with stdnse.get_script_args * To format output returned by a script you could use the tab library (see dns-zone-transfer) or stdnse.format_output
Ok ill check this out
* The dns.lua patch adds a second identical answerFetcher[types.MX] function which should probably be removed
oops copy and past must have got away from me :D And thanks for the patch that is definitely one of those thing that would have been there for ages. one more thing if you want to turn of the resolution of the enumeration set resolveAll = false. will add this to the args at som point Thanks for the feed back john
Attachment:
dns-nsec-enum.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSEC Enumeration script John Bond (Feb 04)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 08)
- Re: NSEC Enumeration script John Bond (Feb 09)
- Re: NSEC Enumeration script Patrik Karlsson (Feb 09)
- Re: NSEC Enumeration script John Bond (Feb 09)
- Re: NSEC Enumeration script John Bond (Feb 10)
- Re: NSEC Enumeration script Patrik Karlsson (Feb 10)
- Re: NSEC Enumeration script John Bond (Feb 15)
- Re: NSEC Enumeration script John Bond (Feb 24)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script John Bond (Feb 26)
- Re: NSEC Enumeration script John Bond (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script John Bond (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 07)
- Re: NSEC Enumeration script David Fifield (Feb 07)