0x0Lab Blog Just another damn blog

2Dec/11Off

dns-brute.nse

I've always wondered why Nmap didn't have a DNS brute-forcing script. Some months ago I decided to have a look at the scripting engine, and make one.

The script can be found at: nmap-dns-brute
Arguments and examples of usage can be found at the Usage page.

Example output:
Pre-scan script results:
| dns-brute:
| DNS Brute-force hostnames
| www.foo.com - 127.0.0.1
| mail.foo.com - 127.0.0.2
| blog.foo.com - 127.0.1.3
| ns1.foo.com - 127.0.0.4
| admin.foo.com - 127.0.0.5
| Reverse DNS hostnames
| srv-32.foo.com - 127.0.0.16
| srv-33.foo.com - 127.0.1.23
| C-Classes
| 127.0.0.0/24
|_ 127.0.1.0/24

dns-brute.nse is now included in nmap. Thanks to David Fifield for reworking parts of the script and improving it. The version found in nmap does not include the reverse resolver (they recommend using -sL for reverse lookups).

Posted by cirrus

Tagged as: , , Comments Off
Comments (0) Trackbacks (0)

Sorry, the comment form is closed at this time.

No trackbacks yet.