Re: Finding v6 hosts by efficiently mapping ip6.arpa

[Daniel Miller <bonsaiviking () gmail com>]

I think this is a neat script. Some things I'd like to see:

1. Use of the targets library to add discovered names to the scan queue, and
2. A test to see if the DNS server being used behaves in a way that
can be used. I'm thinking a third script-arg, a known resolvable
address that the script would then truncate to determine how the
server treats incomplete ip6.arpa names. This could avoid a lengthy
process of queries if the server doesn't treat incomplete names
differently from unresolvable names (as I understand it).

Way to go getting this implemented, though! Sufficiently awesome to
make me think it was an April Fools joke.

Dan

On Sun, Apr 1, 2012 at 8:06 AM, Patrik Karlsson <patrik () cqure net> wrote:
> On Sat, Mar 31, 2012 at 2:49 PM, Thierry Zoller <Thierry () zoller lu> wrote:
>
> > This should be of interest to the group
> >
> > http://7bits.nl/blog/2012/03/26/finding-v6-hosts-by-efficiently-mapping-ip6-arpa
> >
> > --
> > http://blog.zoller.lu
> > Thierry Zoller
> >
> >
> > _______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > Archived at http://seclists.org/nmap-dev/
>
> Thanks Thierry!
>
> I just committed an Nmap script called dns-ip6-arpa-scan.nse, that
> implements the technique.
> It uses multiple threads to do the lookup and I was amazed by the result.
>
> Cheers,
> Patrik
> --
> Patrik Karlsson
> http://www.cqure.net
> http://twitter.com/nevdull77
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/