dns-client-subnet-scan
脚本使用类型:
prerule, portrule
脚本所属分类:
discovery, safe
脚本下载地址: http://nmap.org/svn/scripts/dns-client-subnet-scan.nse
Performs a domain lookup using the edns-client-subnet option which allows clients to specify the subnet that queries supposedly originate from. The script uses this option to supply a number of geographically distributed locations in an attempt to enumerate as many different address records as possible. The script also supports requests using a given subnet.
[optional] The number of bits to use as subnet mask (default: 24)
The client subnet address to use
The domain to lookup eg. www.example.org
[optional] nameserver to use. (default = host.ip)
执行格式
nmap -sU -p 53 --script dns-client-subnet-scan --script-args \
dns-client-subnet-scan.domain=www.example.com, \
dns-client-subnet-scan.address=192.168.0.1 \
[,dns-client-subnet.nameserver=8.8.8.8] \
[,dns-client-subnet.mask=24] <target>
nmap --script dns-client-subnet-scan --script-args \
dns-client-subnet-scan.domain=www.example.com, \
dns-client-subnet-scan.address=192.168.0.1 \
dns-client-subnet.nameserver=8.8.8.8, \
[,dns-client-subnet.mask=24]
53/udp open domain udp-response | dns-client-subnet-scan: | www.google.com | 1.2.3.4 | 5.6.7.8 | 9.10.11.12 | 13.14.15.16 | . | . |_ .
Author: John Bond
License: Simplified (2-clause) BSD license--See http://nmap.org/svn/docs/licenses/BSD-simplified