dns-nsec-enum
脚本使用类型:
portrule
脚本所属分类:
discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/dns-nsec-enum.nse
Enumerates DNS names using the DNSSEC NSEC-walking technique.
Output is arranged by domain. Within a domain, subzones are shown with increased indentation.
The NSEC response record in DNSSEC is used to give negative answers to
queries, but it has the side effect of allowing enumeration of all
names, much like a zone transfer. This script doesn't work against
servers that use NSEC3 rather than NSEC; for that, see
dns-nsec3-enum
.
The domain or list of domains to enumerate. If not provided, the script will make a guess based on the name of the target.
执行格式
nmap -sSU -p 53 --script dns-nsec-enum --script-args dns-nsec-enum.domains=example.com <target>
53/udp open domain udp-response | dns-nsec-enum: | example.com | bulbasaur.example.com | charmander.example.com | dugtrio.example.com | www.dugtrio.example.com | gyarados.example.com | johto.example.com | blue.johto.example.com | green.johto.example.com | ns.johto.example.com | red.johto.example.com | ns.example.com | snorlax.example.com |_ vulpix.example.com
Author: John Bond
License: Simplified (2-clause) BSD license--See http://nmap.org/svn/docs/licenses/BSD-simplified