Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

New Nmap script dns-server with supporting changes and some tidying up of nselib dns

From: Ulrik Haugen <qha () lysator liu se>
Date: Fri, 14 Aug 2015 21:12:08 +0200
Hi hello!

I just created a pull request: https://github.com/nmap/nmap/pull/198


From the comment:


I have created an Nmap script to scan for dns servers optionally limited
to one or more of recursive servers over tcp and udp, servers with
upwards referrals over udp or amplifiers over udp, see example below.

Probes can be extensively configured to whatever provokes your targets.

Responses received are clearly presented.

At work we are running an earlier version of this script with good
results.

The changes to dns.lua enable working with rcodes and opcodes directly
rather than bitwise through the flags, make sendPackets available
externally so that the amplification ratio can be determined, encodes
and decodes more flags. The rest is mainly tidying up and some changes
to encodeFQDN as the version I started with did not work on names with
terminal dot and I wanted to be able to supply the root as a script
argument.

I look forward to getting your feedback. In particular if anyone has
suggestions for making both the plain and xml formatted output look
good.

Best regards
/Ulrik Haugen


Example run with report argument:

# nmap -sUS -p53 --script dns-server --script-args 
'dns-server.report=ra:upref:amp>30,dns-server.name=a,dns-server.type=ns,dns-server.clear-opt' server-a.example.net 
server-b.example.net server-c.example.net server-d.example.net

Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-14 20:40 CEST
Nmap scan report for server-a.example.net (192.168.21.9)
Host is up (0.00032s latency).
rDNS record for 192.168.21.9: ns.example.net
PORT   STATE SERVICE
53/tcp open  domain
| dns-server: 
|   reported for: recursion
|   status: nxdomain (3)
|   id: 8234
|   flags: qr rd ra
|   rr counts: query: 1, answer: 0, authority: 1, additional: 0
|   question section: 
|     a.                IN      NS
|   authority section: 
|_    . 10271   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2015081401 1800 900 604800 86400
53/udp open  domain
| dns-server: 
|   reported for: recursion
|   payload amplification: 94/19=4.9
|   status: nxdomain (3)
|   id: 24639
|   flags: qr rd ra
|   rr counts: query: 1, answer: 0, authority: 1, additional: 0
|   question section: 
|     a.                IN      NS
|   authority section: 
|_    . 10271   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2015081401 1800 900 604800 86400

Nmap scan report for server-b.example.net (192.168.26.52)
Host is up (0.00057s latency).
PORT   STATE SERVICE
53/tcp open  domain
53/udp open  domain

Nmap scan report for server-c.example.net (192.168.23.21)
Host is up (0.00034s latency).
PORT   STATE SERVICE
53/tcp open  domain
53/udp open  domain

Nmap scan report for server-d.example.net (192.168.249.154)
Host is up (0.0018s latency).
PORT   STATE SERVICE
53/tcp open  domain
53/udp open  domain
| dns-server: 
|   reported for: upwards referral
|   payload amplification: 498/19=26.2
|   status: noerror (0)
|   id: 6456
|   flags: qr rd
|   rr counts: query: 1, answer: 0, authority: 13, additional: 4
|   question section: 
|     a.                IN      NS
|   authority section: 
|     . 3600    IN      NS      d.root-servers.net.
|     . 3600    IN      NS      c.root-servers.net.
|     . 3600    IN      NS      b.root-servers.net.
|     . 3600    IN      NS      a.root-servers.net.
|     . 3600    IN      NS      m.root-servers.net.
|     . 3600    IN      NS      l.root-servers.net.
|     . 3600    IN      NS      k.root-servers.net.
|     . 3600    IN      NS      j.root-servers.net.
|     . 3600    IN      NS      i.root-servers.net.
|     . 3600    IN      NS      h.root-servers.net.
|     . 3600    IN      NS      g.root-servers.net.
|     . 3600    IN      NS      f.root-servers.net.
|     . 3600    IN      NS      e.root-servers.net.
|   additional section: 
|     d.root-servers.net.       3600    IN      A       128.8.10.90
|     c.root-servers.net.       3600    IN      A       192.33.4.12
|     b.root-servers.net.       3600    IN      A       192.228.79.201
|_    a.root-servers.net.       3600    IN      A       198.41.0.4

Nmap done: 4 IP addresses (4 hosts up) scanned in 4.92 seconds
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: