Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] dns-brute - DNS brute-forcer
From: cirrus <cirrus () 0x0lab org>
Date: Wed, 9 Feb 2011 12:20:48 +0200

On 7 February 2011 20:30, David Fifield <david () bamsoftware com> wrote:

Thanks. This scritp looks like a good idea and I've made a note in our
TODO to evaluate it.

At first I was thinking this functionality should be merged with
hostmap: http://nmap.org/nsedoc/scripts/hostmap. But that has a differnt
goal: find different names for the same IP address. Your script finds
different names under the same domain, that may be on different
addresses. It's also a lot like http-vhosts:
http://nmap.org/nsedoc/scripts/http-vhosts, which finds different
virtual hosts on the same HTTP server, without doing DNS lookups.

How did you derive your list of names? In any case, when this is merged,
we'll want to use the same list for this script and http-vhosts.

I've only briefly looked over the code. What's with the 7900 magic
number here?

   if (howmany > 7900) then
       --Cannot unpack a list with more than 7900 items so we will set it
to 7900
       stdnse.print_debug("Hostlist items per thread is more than 7900.
Setting to 7900.")
       howmany = 7900
   end

David Fifield


Hello.

As Patrick mentioned I've added the more than 7900 check to avoid reaching
the limit when a very big hostname list is used and the dns-brute.threads is
set to very small. There is probably a better way to pass the list to the
tread.

The list where not derived using a specific method (an analysis of the 100
most common DNS names would be useful). Having said that I've found the 115
names contained to be among very common hostnames.
I've had a look at the http-vhosts host list and it is more targeted on http
services, whereas my lists is more targeted on generic services, such as
sql, ns, mx, etc. As such I do think that http-vhosts and dns-brute should
have different lists.

The script could be very useful when scanning for IPv6 hosts, so I'm also
attaching an updated version of the script, which also supports IPv6
resolving (when the dns-brute.ipv6 flag is set).

--
cirrus

Attachment: dns-brute.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault