Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] [NSE] DNS library
From: Sven Klemm <sven () c3d2 de>
Date: Fri, 15 Aug 2008 08:17:24 +0200
Hi Philip,


I've been working on a DNS library for NSE.


very nice library.


The most interesting function for you probably is

dns.query(dname, dtype, host, port, tries)

where all but the first arguments are optional:
* dname is the domain name to query
* dtype is the number of the DNS record type you want.
  Usually you use dns.types.* (e.g. dns.types.MX).
  It also accepts strings (e.g. "A", "PTR", ...) which it looks
  up in the dns.types table.
* host and port are the nameserver you want to ask
* tries is the number of tries, so it won't get into an
   infinite loop on circular references

It then tries to find a nice answer depending on the answer it
received and the DNS record type.


Can you explain this a bit more?


If no nameserver is given it tries to use the nameservers known
to Nmap. This works only if you apply the patch I attached,
which is against the current svn version (rev 9443).

For a reverse lookup you need dns.reverse(ip) to
prepare the IP address for a PTR query:

dns.query(dns.reverse(ip), dns.types.PTR))


I am getting the following error with the version you posted:
SCRIPT ENGINE: ./nselib/dns.lua:422: bad argument #2 to 'unpack' (string expected, got nil)
The reason for this is L is 64 bit on my architecture and it will be for all architectures once my patch for binlib gets applied. The attached patch fixes dns.lua to use I instead.
Is querying for SRV implemented? I tried it but it returned false and a table with an empty questions table and an empty answers table. Maybe it could give an error message for types not supported. 


One detail I'd like to change is instead of passing four optional
arguments to pass only one option table (maybe with some
more options, e.g. set "no recurse" option or omit trying to
format the answer).
I think passing the options in a table is a great idea as it allows to add further options later without changing the function signature. 

Cheers,
Sven

--
Sven Klemm
http://cthulhu.c3d2.de/~sven/


--- nselib/dns.lua.orig 2008-08-14 16:08:05.000000000 +0200
+++ nselib/dns.lua      2008-08-14 16:02:48.000000000 +0200
@@ -473,7 +473,7 @@
         entry.SOA.retry, 
         entry.SOA.expire, 
         entry.SOA.minimum 
-        = bin.unpack(">L5", data, np)
+        = bin.unpack(">I5", data, np)
    end
 
 ---
@@ -526,7 +526,7 @@
    for i = 1, count do
       local currRR = {}
       pos, currRR.dname = decStr(data, pos)
-      pos, currRR.dtype, currRR.class, currRR.ttl = bin.unpack(">SSL", data, pos)
+      pos, currRR.dtype, currRR.class, currRR.ttl = bin.unpack(">SSI", data, pos)
 
       local reslen
       pos, reslen = bin.unpack(">S", data, pos)


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]