Nmap Development mailing list archives
Re: [NSE] New script dns-blacklist
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 2 Jan 2012 16:11:34 +0100
On Mon, Jan 2, 2012 at 12:31 PM, Duarte Silva <duarte.silva () serializing me>wrote:
Hi Patrik, I added two new DNSBL providers, one for TOR nodes [1] and another for malware attacks [2]. I ended up stumbling on http:BL [3], which I wanted to add since it has some nice functionality. The problem is that this provider needs the user to provide a API key. Currently the library doesn't support user provided arguments. I already have some ideas on how to tackle the problem in a generic way (support for other providers) but I was wondering if you think the functionality the provider has, makes up for the trouble of changing the dnsbl library? [1] https://www.dan.me.uk/dnsbl [2] http://www.blocklist.de/en/api.html#dns [3] http://www.projecthoneypot.org/httpbl_api.php Regards, Duarte Silva
Hi Duarte,
There was no patch for the first two services attached to your post?
I checked them out and they both seem interesting, the first one would
probably fit under the PROXY section, while the second one should probably
go into a category called ATTACK or similar?
In regards to the third one I think it both looks interesting and something
to add. For the key part I don't think it's very difficult to do with the
existing library. One way of doing it would be to get a script argument
with the key in the fmt_query function of each services that needs one.
Check out the first service in the list, it has a fmt_query function to
show how it works. I guess it could look something like this:
fmt_query = function(ip)
local rev_ip = dns.reverse(ip):match("^(.*)%.in%-addr%.arpa$")
local key = stdnse.get_script_args("dnsbl.key.dnsbl.httpbl.org")
if ( not(key) ) then
return
end
return ("%s.%s.dnsbl.httpbl.org"):format(key,rev_ip)
end
I guess the checkBL function would need to be patched to handle an empty
response from the fmt_query function.
Cheers,
Patrik
--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 03)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Arne Martin Wandsvig (Jan 07)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 08)