scripts/dns-brute: Adds wildcard detection for A and AAAA records. #950
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
PS: I was unable to find any tests for this (or other scripts). If I missed those, please point me in the right direction. |
aars
force-pushed
the
script-dns-brute-detect-wildcards
branch
from
de2df18
to
4764fcb
Compare
|
Thanks for this contribution! I've added it in r36867, with slight
modification:
* Instead of disabling the record type, we check each answer against the
wildcard address and only show it if they differ.
* Removed the change to SRV record enumeration, since we want these to be
shown simply because they exist as names for SRV records, even if they only
resolve to the wildcard address.
* Added a couple minor, unrelated refactorings that made the existing code
a little clearer.
Very useful! nmap.org uses wildcard records, so you can test (lightly) on
that.
Dan
…On Tue, Jul 25, 2017 at 8:17 AM, Aaron Heesakkers ***@***.***> wrote:
Hi!
The dns-brute script will happily list all configured hosts if a domain
uses a wildcard record.
This PR adds detection for A and AAAA wildcards, and disables the type of
record it thinks is a wildcard. I've added script arg dns-brute.force to
override this.
All and any feedback is welcome. If I can improve this somehow (some
built-in random string generation maybe?) please let me know!
Cheers
------------------------------
You can view, comment on, or merge this pull request online at:
#950
Commit Summary
- scripts/dns-brute: Adds wildcard detection for A and AAAA records.
File Changes
- *M* scripts/dns-brute.nse
<https://github.com/nmap/nmap/pull/950/files#diff-0> (74)
Patch Links:
- https://github.com/nmap/nmap/pull/950.patch
- https://github.com/nmap/nmap/pull/950.diff
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#950>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AJ9ZFRwslKficd57CPQC8h0J3HvzB-cxks5sRerdgaJpZM4OiimP>
.
|
|
Ah! Good call on checking against the wildcard address. That's very useful! Cheers. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Hi!
The dns-brute script will happily list all configured hosts if a domain uses a wildcard record.
This PR adds detection for A and AAAA wildcards, and disables the type of record it thinks is a wildcard. I've added script arg
dns-brute.forceto override this.All and any feedback is welcome. If I can improve this somehow (
some built-in random string generation maybe?(I foundstdnse.generate_random_string)) please let me know!Cheers