dns-zone-transfer
脚本使用类型:
prerule, portrule
脚本所属分类:
intrusive, discovery
脚本下载地址: http://nmap.org/svn/scripts/dns-zone-transfer.nse
Requests a zone transfer (AXFR) from a DNS server.
The script sends an AXFR query to a DNS server. The domain to query is
determined by examining the name given on the command line, the DNS
server's hostname, or it can be specified with the
dns-zone-transfer.domain
script argument. If the query is
successful all domains and domain types are returned along with common
type specific data (SOA/MX/NS/PTR/A).
This script can run at different phases of an Nmap scan:
dns-zone-transfer.server
the
DNS server to use, can be a hostname or an IP address and must be
specified. The dns-zone-transfer.port
argument is optional
and can be used to specify the DNS server port.
Useful resources
DNS server port, this argument concerns
the "Script Pre-scanning phase" and it's optional, the default
value is 53
.
DNS server. If set, this argument will enable the script for the "Script Pre-scanning phase".
If specified, adds returned DNS records onto Nmap scanning queue.
Domain to transfer.
If specified, adds all IP addresses
including private ones onto Nmap scanning queue when the
script argument newtargets
is given. The default
behavior is to skip private IPs (non-routable).
执行格式
nmap --script dns-zone-transfer.nse \ --script-args dns-zone-transfer.domain=<domain>
53/tcp open domain | dns-zone-transfer: | foo.com. SOA ns2.foo.com. piou.foo.com. | foo.com. TXT | foo.com. NS ns1.foo.com. | foo.com. NS ns2.foo.com. | foo.com. NS ns3.foo.com. | foo.com. A 127.0.0.1 | foo.com. MX mail.foo.com. | anansie.foo.com. A 127.0.0.2 | dhalgren.foo.com. A 127.0.0.3 | drupal.foo.com. CNAME | goodman.foo.com. A 127.0.0.4 i | goodman.foo.com. MX mail.foo.com. | isaac.foo.com. A 127.0.0.5 | julie.foo.com. A 127.0.0.6 | mail.foo.com. A 127.0.0.7 | ns1.foo.com. A 127.0.0.7 | ns2.foo.com. A 127.0.0.8 | ns3.foo.com. A 127.0.0.9 | stubing.foo.com. A 127.0.0.10 | vicki.foo.com. A 127.0.0.11 | votetrust.foo.com. CNAME | www.foo.com. CNAME |_ foo.com. SOA ns2.foo.com. piou.foo.com.
Author: Eddie Bell
License: VER007 整理 http://www.ver007.com