Nmap Development mailing list archives
New Nmap script dns-server with supporting changes and some tidying up of nselib dns
From: Ulrik Haugen <qha () lysator liu se>
Date: Fri, 14 Aug 2015 21:12:08 +0200
Hi hello! I just created a pull request: https://github.com/nmap/nmap/pull/198
From the comment:
I have created an Nmap script to scan for dns servers optionally limited to one or more of recursive servers over tcp and udp, servers with upwards referrals over udp or amplifiers over udp, see example below. Probes can be extensively configured to whatever provokes your targets. Responses received are clearly presented. At work we are running an earlier version of this script with good results. The changes to dns.lua enable working with rcodes and opcodes directly rather than bitwise through the flags, make sendPackets available externally so that the amplification ratio can be determined, encodes and decodes more flags. The rest is mainly tidying up and some changes to encodeFQDN as the version I started with did not work on names with terminal dot and I wanted to be able to supply the root as a script argument. I look forward to getting your feedback. In particular if anyone has suggestions for making both the plain and xml formatted output look good. Best regards /Ulrik Haugen Example run with report argument: # nmap -sUS -p53 --script dns-server --script-args 'dns-server.report=ra:upref:amp>30,dns-server.name=a,dns-server.type=ns,dns-server.clear-opt' server-a.example.net server-b.example.net server-c.example.net server-d.example.net Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-14 20:40 CEST Nmap scan report for server-a.example.net (192.168.21.9) Host is up (0.00032s latency). rDNS record for 192.168.21.9: ns.example.net PORT STATE SERVICE 53/tcp open domain | dns-server: | reported for: recursion | status: nxdomain (3) | id: 8234 | flags: qr rd ra | rr counts: query: 1, answer: 0, authority: 1, additional: 0 | question section: | a. IN NS | authority section: |_ . 10271 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015081401 1800 900 604800 86400 53/udp open domain | dns-server: | reported for: recursion | payload amplification: 94/19=4.9 | status: nxdomain (3) | id: 24639 | flags: qr rd ra | rr counts: query: 1, answer: 0, authority: 1, additional: 0 | question section: | a. IN NS | authority section: |_ . 10271 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015081401 1800 900 604800 86400 Nmap scan report for server-b.example.net (192.168.26.52) Host is up (0.00057s latency). PORT STATE SERVICE 53/tcp open domain 53/udp open domain Nmap scan report for server-c.example.net (192.168.23.21) Host is up (0.00034s latency). PORT STATE SERVICE 53/tcp open domain 53/udp open domain Nmap scan report for server-d.example.net (192.168.249.154) Host is up (0.0018s latency). PORT STATE SERVICE 53/tcp open domain 53/udp open domain | dns-server: | reported for: upwards referral | payload amplification: 498/19=26.2 | status: noerror (0) | id: 6456 | flags: qr rd | rr counts: query: 1, answer: 0, authority: 13, additional: 4 | question section: | a. IN NS | authority section: | . 3600 IN NS d.root-servers.net. | . 3600 IN NS c.root-servers.net. | . 3600 IN NS b.root-servers.net. | . 3600 IN NS a.root-servers.net. | . 3600 IN NS m.root-servers.net. | . 3600 IN NS l.root-servers.net. | . 3600 IN NS k.root-servers.net. | . 3600 IN NS j.root-servers.net. | . 3600 IN NS i.root-servers.net. | . 3600 IN NS h.root-servers.net. | . 3600 IN NS g.root-servers.net. | . 3600 IN NS f.root-servers.net. | . 3600 IN NS e.root-servers.net. | additional section: | d.root-servers.net. 3600 IN A 128.8.10.90 | c.root-servers.net. 3600 IN A 192.33.4.12 | b.root-servers.net. 3600 IN A 192.228.79.201 |_ a.root-servers.net. 3600 IN A 198.41.0.4 Nmap done: 4 IP addresses (4 hosts up) scanned in 4.92 seconds _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New Nmap script dns-server with supporting changes and some tidying up of nselib dns Ulrik Haugen (Aug 14)