Nmap Development mailing list archives
Re: NSEC Enumeration script
From: David Fifield <david () bamsoftware com>
Date: Sat, 26 Feb 2011 01:27:17 -0800
On Thu, Feb 24, 2011 at 09:48:54PM +0100, John Bond wrote:
Updated script which fixes a few issues which where occurring due to bad error handeling, flawed logic and laziness. if anyone needs a copy of my dns.lua file or a patch file just let me know
I like the idea and capabilities of this script a lot. I've been working on it to make it better fit the style of other scripts and hopefully be easier to understand. Please get the latest revision from svn co --username guest --password "" svn://svn.insecure.org/nmap-exp/david/nmap-nsec In this version I purposely removed some advanced features like secondary resolution of names. My idea is to get a simple version of the script debugged so it can be merged, and after that add more features. I also removed anything I was unsure was necessary, again with the goal of having a simpler script. For example, I removed the special wildcard detection because I wasn't having a problem without it and I suspected it may have been necessary because of a bug elsewhere. It's possible I'm wrong about this, so please test it with the environment that was giving you trouble before. The script and the library changes are getting closer to being accepted. I still have doubts about the interface of dns.dnssec_query. In the first place, it would be better if the DNSSEC queries could be made using the same top-level function as other DNS queries--is DNSSEC really so different that it needs a different interface? I don't mind having a convenience wrapper for DNSSEC, but it should call the same underlying function as other queries. Second, I tried disabling one of the recursive calls that dnssec_query makes, which was triggering the "IF YOU SEE THIS MESSAGE" message. I'm not sure what that was all about, but we should decide if we want the library making recursive calls like that, and if so, what the return value should be. There are a lot of incorrect copy-pasted comments in the new answerFetchers in dns.lua. Let me know if this version of the script works for you, and when you make changes, make them starting from the Subversion branch. I'll keep it up to date with any of your changes and it will be easier than tracking many patches through the mailing list. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: NSEC Enumeration script, (continued)
- Re: NSEC Enumeration script John Bond (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 07)
- Re: NSEC Enumeration script John Bond (Feb 08)
- Re: NSEC Enumeration script John Bond (Feb 09)
- Re: NSEC Enumeration script Patrik Karlsson (Feb 09)
- Re: NSEC Enumeration script John Bond (Feb 09)
- Re: NSEC Enumeration script John Bond (Feb 10)
- Re: NSEC Enumeration script Patrik Karlsson (Feb 10)
- Re: NSEC Enumeration script John Bond (Feb 15)
- Re: NSEC Enumeration script John Bond (Feb 24)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script John Bond (Feb 26)
- Re: NSEC Enumeration script John Bond (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script John Bond (Feb 26)
- Re: NSEC Enumeration script John Bond (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 26)
- Re: NSEC Enumeration script David Fifield (Feb 28)
- Re: NSEC Enumeration script John Bond (Mar 09)
- Re: NSEC Enumeration script David Fifield (Mar 14)