Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
scripts/dns-brute: Adds wildcard detection for A and AAAA records. #950
+53
−6
Conversation
aars
commented
Jul 25, 2017
|
PS: I was unable to find any tests for this (or other scripts). If I missed those, please point me in the right direction. |
dmiller-nmap
commented
Jul 27, 2017
|
Thanks for this contribution! I've added it in r36867, with slight
modification:
* Instead of disabling the record type, we check each answer against the
wildcard address and only show it if they differ.
* Removed the change to SRV record enumeration, since we want these to be
shown simply because they exist as names for SRV records, even if they only
resolve to the wildcard address.
* Added a couple minor, unrelated refactorings that made the existing code
a little clearer.
Very useful! nmap.org uses wildcard records, so you can test (lightly) on
that.
Dan
…
|
nmap-bot
closed this
in 1139e8b
Jul 27, 2017
aars
commented
Jul 27, 2017
|
Ah! Good call on checking against the wildcard address. That's very useful! Cheers. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
aars commentedJul 25, 2017
•
edited
Hi!
The dns-brute script will happily list all configured hosts if a domain uses a wildcard record.
This PR adds detection for A and AAAA wildcards, and disables the type of record it thinks is a wildcard. I've added script arg
dns-brute.forceto override this.All and any feedback is welcome. If I can improve this somehow (
some built-in random string generation maybe?(I foundstdnse.generate_random_string)) please let me know!Cheers