Nmap Development mailing list archives
Re: [NSE] New script dns-blacklist
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 2 Jan 2012 21:52:33 +0100
Hi Patrik,There was no patch for the first two services attached to your post? I checked them out and they both seem interesting, the first one would probably fit under the PROXY section, while the second one shouldprobablygo into a category called ATTACK or similar?No sory, I dind't send the patch. I wanted to do it once I had added the three providers. Yes, the first one is in the PROXY category and the second one I created the ATTACK category. The output of "dns-blacklist.list" is the following: Pre-scan script results: | dns-blacklist: | ATTACK | all.bl.blocklist.de | dnsbl.httpbl.org | dnsbl.httpbl.org.apikey - the http:BL API key | PROXY | dnsbl.ahbl.org | socks.dnsbl.sorbs.net | misc.dnsbl.sorbs.net | http.dnsbl.sorbs.net | tor.dan.me.uk | dnsbl.tornevall.org | SPAM | dnsbl.ahbl.org | dnsbl.inps.de | bl.nszones.com | l2.apews.org | list.quorum.to | all.spamrats.com | bl.spamcop.net | spam.dnsbl.sorbs.net |_ sbl.spamhaus.org You can see that it is listing the API key argument that must be specified for the "dnsbl.httpbl.org" provider.In regards to the third one I think it both looks interesting andsomethingto add. For the key part I don't think it's very difficult to do with the existing library. One way of doing it would be to get a script argument with the key in the fmt_query function of each services that needs one. Check out the first service in the list, it has a fmt_query function to show how it works. I guess it could look something like this: fmt_query = function(ip) local rev_ip = dns.reverse(ip):match("^(.*)%.in%-addr%.arpa$") local key = stdnse.get_script_args("dnsbl.key.dnsbl.httpbl.org") if ( not(key) ) then return end return ("%s.%s.dnsbl.httpbl.org"):format(key,rev_ip) end I guess the checkBL function would need to be patched to handle an empty response from the fmt_query function.I have a somewhat similar solution. You can check the patch, it isn't fully implemented though.Cheers, Patrik
Hi Duarte, I changed so that each service now has a "new" function through which it can be instantiated. This way it can get the configuration there and it does no longer have to be passed to each and every function. Maybe this is a bit too ambitious or just a bad idea, as most of the services don't have any benefit of this? I've attached a patch against SVN but haven't done any extensive testing of the change. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
Attachment:
dnsbl.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 03)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Arne Martin Wandsvig (Jan 07)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 08)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 15)