Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] New script dns-blacklist

From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 26 Dec 2011 15:30:53 +0100
Hi list,

I just committed a new script called dns-blacklist which checks given or
scanned IP addresses against a bunch of different DNSBL services.
It groups services into categories and currently supports SPAM and PROXY
checking for known spam IP's and open proxies.
Services may be limited by category or names through script arguments and
by default all categories and all services are checked.
Here's some sample output:

Pre-scan script results:
| dns-blacklist:
| 1.2.3.4
|   PROXY
|     dnsbl.ahbl.org - PROXY
|     dnsbl.tornevall.org - PROXY
|       IP marked as "abusive host".
|       Proxy is working
|       Proxy has been scanned
|   SPAM
|     dnsbl.inps.de - SPAM
|       Spam Received See: http://www.sorbs.net/lookup.shtml?1.2.3.4
|     l2.apews.org - SPAM
|     list.quorum.to - SPAM
|     bl.spamcop.net - SPAM
|_    spam.dnsbl.sorbs.net - SPAM

We initially discussed creating one script per category and if we want that
there's no problem to go down that path as I see it.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: