Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: NSEC Enumeration script
From: John Bond <john.r.bond () gmail com>
Date: Thu, 17 Mar 2011 22:54:44 +0100

On 17 March 2011 21:53, John Bond <john.r.bond () gmail com> wrote:
On 17 March 2011 21:26, David Fifield <david () bamsoftware com> wrote:

Okay, that's good. But let's not worry about these until after the
dns-nsec-enum script is merged; we have no use for NSEC3 at the moment.
yes i agree however just keep in mind that the current nsec3 stuff i
have submitted doesn't work and im not sure how easy it would be to
remove it without breaking the nsec script

also i am making some progress with the nsec3 script :)

Ok i have a very early nsec3 enumeration script.  at the moment you
will have to run it in debug.  Also it will never end in fact thats
one reason i wanted to post so early because i dont know what to do
with it.  first of all it is not as efficient as djb's stats, as i
perform many more queries then his, will have to look at what he dose.
but more importantly i am not sure if you can ever know for certain
you have all the hashs unless you try every single permutaion.
however at the same time i know i must be missing something

it will also requiere all my patches and the base32 library which
probably means nobody will get to test it but if you are intrested let
me know and i would be happy to help

nmap -sU -p53 -d -v --script ./scripts/dns-nsec3-enum.nse
--script-args 'dns-nsec3-enum.domains={example.org}' -PN

Attachment: dns-nsec3-enum.nse

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]