Metasploit mailing list archives
Meterpreter Script for Basic Network Enumeration
From: carlos_perez at darkoperator.com (Carlos Perez)
Date: Sat, 3 Jan 2009 12:04:03 -0400
Hi Guys
Here is a script for basic network enumeration using windows natives
tools in the target machine, the script is multi threaded for performance,
it will perform the following:
- Ping Sweep
- DNS Reverse lookup on IP range
- Fordward Lookup bruteforce using a List of hostnames
- Get NS and MX records for a given domain.
you can download the script from http://www.darkoperator.com/netenum.tar.gz
Let me know if you like it and any recommendations are welcomed.
here is some sample output:
meterpreter > run netenum
Network Enumerator Meterpreter Script by Darkoperator
Carlos Perez carlos_perez at darkoperator.com
Usage:
OPTIONS:
-d <opt> Domain Name for DNS Fordward Lookup
-fl To Perform DNS Fordward Lookup on host list and domain
-h Help menu.
-hl <opt> File with Host List for DNS Fordward Lookup
-ps To Perform Ping Sweeo on IP Range
-r <opt> The target address range or CIDR identifier
-rl To Perform DNS Reverse Lookup on IP Range
-st To Perform DNS lookup of MX, NS and SOA records for a domain
meterpreter > run netenum -fl -hl /home/carlos/hostlist.txt -d google.com
[*] Network Enumerator Meterpreter Script by Darkoperator
[*] Carlos Perez carlos_perez at darkoperator.com
[*] Performing DNS Fordward Lookup for hosts in /home/carlos/hostlist.txt
for domain google.com
[*] Name:cg-in-f100.google.com 209.85.171.100
[*] Name:cg-in-f102.google.com 209.85.171.102
[*] Name:googlemail.l.google.com
209.85.133.83,209.85.133.18,209.85.133.19
[*] Name:cg-in-f101.google.com 209.85.171.101
meterpreter > run netenum -rl -r 209.85.171.100-209.85.171.110
[*] Network Enumerator Meterpreter Script by Darkoperator
[*] Carlos Perez carlos_perez at darkoperator.com
[*] Performing DNS Reverse Lookup for IP range 209.85.171.100-209.85.171.110
[*] 209.85.171.100 is cg-in-f100.google.com
[*] 209.85.171.101 is cg-in-f101.google.com
[*] 209.85.171.102 is cg-in-f102.google.com
[*] 209.85.171.103 is cg-in-f103.google.com
[*] 209.85.171.104 is cg-in-f104.google.com
[*] 209.85.171.108 is cg-in-f108.google.com
meterpreter > run netenum -st -d google.com
[*] Getting MX and NS Records for Domain google.com
[*] Non-authoritative answer:
[*]
[*] google.com MX preference = 10, mail exchanger = smtp4.google.com
[*] google.com MX preference = 10, mail exchanger = smtp1.google.com
[*] google.com MX preference = 10, mail exchanger = smtp2.google.com
[*] google.com MX preference = 10, mail exchanger = smtp3.google.com
[*]
[*] google.com nameserver = ns3.google.com
[*] google.com nameserver = ns4.google.com
[*] google.com nameserver = ns1.google.com
[*] google.com nameserver = ns2.google.com
[*] smtp1.google.com internet address = 209.85.237.25
[*] smtp2.google.com internet address = 64.233.165.25
[*] smtp3.google.com internet address = 64.233.183.25
[*] smtp4.google.com internet address = 72.14.221.25
[*] ns1.google.com internet address = 216.239.32.10
[*] ns2.google.com internet address = 216.239.34.10
[*] ns3.google.com internet address = 216.239.36.10
[*] ns4.google.com internet address = 216.239.38.10
meterpreter > run netenum -ps -r 209.85.171.100-209.85.171.110
[*] Network Enumerator Meterpreter Script by Darkoperator
[*] Carlos Perez carlos_perez at darkoperator.com
[*] Performing ping sweep for IP range 209.85.171.100-209.85.171.110
[*] 209.85.171.100 host found
[*] 209.85.171.101 host found
[*] 209.85.171.102 host found
[*] 209.85.171.103 host found
[*] 209.85.171.104 host found
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090103/50ed61bd/attachment.htm>
Current thread:
- Meterpreter Script for Basic Network Enumeration Carlos Perez (Jan 03)