From 29e6257541e47b4aebd9c9dc0d01f1ee752c0356 Mon Sep 17 00:00:00 2001
From: kris <kris@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 28 Sep 2010 02:04:20 +0000
Subject: [PATCH] Add the resolveall prerule script which takes a table of
 hosts and adds the resolved addresses to Nmap's target queue.

---
 CHANGELOG              |  5 +++
 scripts/resolveall.nse | 75 ++++++++++++++++++++++++++++++++++++++++++
 scripts/script.db      |  3 +-
 3 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 scripts/resolveall.nse

diff --git a/CHANGELOG b/CHANGELOG
index 46d3483a3..66068bf64 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,10 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Added the resolveall prerule script which takes a table of
+  target names as a "hosts" argument and adds all of the resolved
+  addresses (IPv4 or IPv6, depending on Nmap's -6 option) for all of
+  the hosts to the scanning queue. [Kris]
+
 o Fixed some inconsistencies in nmap-os-db and a small memory leak
   that would happen where there was more than one round of OS
   detection. These were reported by Xavier Sudre from netVigilance,
diff --git a/scripts/resolveall.nse b/scripts/resolveall.nse
new file mode 100644
index 000000000..98f2af496
--- /dev/null
+++ b/scripts/resolveall.nse
@@ -0,0 +1,75 @@
+description = [[
+Resolves hostnames and adds every address (IPv4 or IPv6, depending) to Nmap's
+target list.  Nmap itself resolves a host but only scans the first address.
+]]
+
+---
+-- @usage 
+-- nmap --script=resolveall --script-args=newtargets,resolveall.hosts={<host1>, ...} ...
+-- @args resolveall.hosts Table of hosts to resolve
+
+author = "Kris Katterjohn"
+
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+
+categories = {"safe", "discovery"}
+
+require 'target'
+
+prerule = function() return target.ALLOW_NEW_TARGETS end
+
+local addtargets = function(list)
+	local sum = 0
+
+	for _, t in ipairs(list) do
+		local st, err = target.add(t)
+		if st then
+			sum = sum + 1
+		else
+			stdnse.print_debug("Couldn't add target " .. t .. ": " .. err)
+		end
+	end
+
+	return sum
+end
+
+action = function()
+	local hosts
+
+	for _, k in ipairs({"resolveall.hosts", "hosts"}) do
+		if nmap.registry.args[k] then
+			hosts = nmap.registry.args[k]
+		end
+	end
+
+	if not hosts then
+		stdnse.print_debug(3,
+			"Skipping '%s' %s, 'resolveall.hosts' argument is missing.",
+			SCRIPT_NAME, SCRIPT_TYPE)
+		return
+	end
+
+	if type(hosts) ~= "table" then
+		stdnse.print_debug(3,
+			"Skipping '%s' %s, 'resolveall.hosts' must be a table.",
+			SCRIPT_NAME, SCRIPT_TYPE)
+		return
+	end
+
+	local sum = 0
+
+	for _, host in ipairs(hosts) do
+		local status, list = nmap.resolve(host, nmap.address_family())
+
+		if status and #list > 0 then
+			sum = sum + addtargets(list)
+		end
+	end
+
+	if sum == 0 then
+		return
+	end
+
+	return "Successfully added " .. tostring(sum) .. " new targets"
+end
+
diff --git a/scripts/script.db b/scripts/script.db
index c4c61e2f1..ca7bb5d66 100644
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -101,6 +101,7 @@ Entry { filename = "pop3-capabilities.nse", categories = { "default", "discovery
 Entry { filename = "pptp-version.nse", categories = { "version", } }
 Entry { filename = "qscan.nse", categories = { "discovery", "safe", } }
 Entry { filename = "realvnc-auth-bypass.nse", categories = { "default", "safe", "vuln", } }
+Entry { filename = "resolveall.nse", categories = { "discovery", "safe", } }
 Entry { filename = "robots.txt.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "rpcinfo.nse", categories = { "discovery", "safe", } }
 Entry { filename = "skypev2-version.nse", categories = { "version", } }
@@ -140,7 +141,7 @@ Entry { filename = "ssl-cert.nse", categories = { "discovery", "safe", } }
 Entry { filename = "ssl-enum-ciphers.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "sslv2.nse", categories = { "default", "safe", } }
 Entry { filename = "svn-brute.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "targets-traceroute.nse", categories = { "safe", "discovery", } }
+Entry { filename = "targets-traceroute.nse", categories = { "discovery", "safe", } }
 Entry { filename = "telnet-brute.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "upnp-info.nse", categories = { "default", "safe", } }
 Entry { filename = "vnc-brute.nse", categories = { "auth", "intrusive", } }