PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 11:49:01 +00:00
Code Issues Projects Releases Wiki Activity

Add more record types to dns-zone-transfer

Browse Source 
New types: MD, MF, MB, MG, MR, WKS, HINFO, MINFO, RP, AFSDB, X25, ISDN,
RT, NAPTR. Several of these are obsolete/experimental. RP, AFSDB, and
NAPTR can be tested against zonetransfer.me. WKS (Well Known Services)
is very interesting, but little used, and not tested.
This commit is contained in:
dmiller
2012-07-09 16:02:28 +00:00
parent bcdb303a2b
commit 8a4ebef626
1 changed files with 82 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
scripts/dns-zone-transfer.nse
View File

@@ -207,7 +207,7 @@ end
function parse_domain(data, offset) function parse_domain(data, offset)
local offset, domain = dns.decStr(data, offset) local offset, domain = dns.decStr(data, offset)
domain = domain or "<parse error>" domain = domain or "<parse error>"
return offset, domain return offset, string.format("%s.", domain)
end end
--- Build RFC 1035 root domain name from the name of the DNS server --- Build RFC 1035 root domain name from the name of the DNS server
@@ -242,13 +242,29 @@ function build_domain(host)
return strbuf.dump(buf) return strbuf.dump(buf)
end end
local function parse_num_domain(data, offset)
local number, domain
number = bto16(data, offset)
offset, domain = parse_domain(data, offset+2)
return offset, string.format("%d %s", number, domain)
end
local function parse_txt(data, offset)
local field, len
len = string.byte(data, offset)
offset = offset + 1
offset, field = bin.unpack("A" .. len, data, offset)
return offset, string.format('"%s"', field)
end
--- Retrieve type specific data (rdata) from dns packets --- Retrieve type specific data (rdata) from dns packets
local RD = { local RD = {
A = function(data, offset) A = function(data, offset)
return offset+4, packet.toip(data:sub(offset, offset+3)) return offset+4, packet.toip(data:sub(offset, offset+3))
end, end,
NS = parse_domain, NS = parse_domain,
-- MD, MF, MD = parse_domain, -- obsolete per rfc1035, use MX
MF = parse_domain, -- obsolete per rfc1035, use MX
CNAME = parse_domain, CNAME = parse_domain,
SOA = function(data, offset) SOA = function(data, offset)
local field, info local field, info
@@ -263,24 +279,58 @@ local RD = {
offset = offset + 20 offset = offset + 20
return offset, strbuf.dump(info, ' ') return offset, strbuf.dump(info, ' ')
end, end,
-- MB, MG, MR, NULL, WKS, MB = parse_domain, -- experimental per RFC 1035
PTR = parse_domain, MG = parse_domain, -- experimental per RFC 1035
-- HINFO, MINFO MR = parse_domain, -- experimental per RFC 1035
MX = function(data, offset) --NULL -- RFC 1035 says anything can go in this field. Hex dump is good.
local field WKS = function(data, offset) -- RFC 1035, but untested!
-- mail server local len, ip, proto, svcs
offset = offset + 2 len = bto16(data, offset-2) - 5 -- length of bit field
offset, field = parse_domain(data, offset) ip = packet.toip(data:sub(offset, offset+3))
return offset, field proto = string.byte(data, offset+4)
end, svcs = {}
TXT = function(data, offset) local p = 0
local field, len for i=1, len do
len = string.byte(data, offset) local n = string.byte(data, offset + i)
offset = offset + 1 for j=0, 7 do
offset, field = bin.unpack("A" .. len, data, offset) if bit.band(128, n) then table.insert(svcs, p) end
return offset, field p = p + 1
n = bit.lshift(n, 1)
end
end
return offset + len, string.format("%s %d (%s)", ip, proto, table.concat(svcs, ","))
end, end,
--RP AFSDB X25 ISDN RT NSAP NSAP-PTR SIG KEY PX GPOS PTR = parse_domain,
HINFO = function(data, offset)
local cpu, os -- See RFC 1010 for standard values for these
offset, cpu = parse_txt(data, offset)
offset, os = parse_txt(data, offset)
return offset, string.format("%s %s", cpu, os)
end,
MINFO = function(data, offset)
local rmailbx, emailbx
offset, rmailbx = parse_domain(data, offset)
offset, emailbx = parse_domain(data, offset)
return offset, string.format("%s %s", rmailbx, emailbx)
end,
MX = parse_num_domain,
TXT = parse_txt,
RP = function(data, offset)
local mbox_dname, txt_dname
offset, mbox_dname = parse_domain(data, offset)
offset, txt_dname = parse_domain(data, offset)
return offset, string.format("%s %s", mbox_dname, txt_dname)
end,
AFSDB = parse_num_domain,
X25 = parse_txt,
ISDN = function(data, offset)
local addr, sa
offset, addr = parse_txt(data, offset)
offset, sa = parse_txt(data, offset)
return offset, string.format("%s %s", addr, sa)
end,
RT = parse_num_domain,
--NSAP NSAP-PTR SIG KEY PX GPOS
AAAA = function(data, offset) AAAA = function(data, offset)
return offset+16, packet.toipv6(data:sub(offset, offset+15)) return offset+16, packet.toipv6(data:sub(offset, offset+15))
end, end,
@@ -321,7 +371,19 @@ local RD = {
offset, info = parse_domain(data, offset) offset, info = parse_domain(data, offset)
return offset, string.format("%d %d %d %s", priority, weight, port, info) return offset, string.format("%d %d %d %s", priority, weight, port, info)
end, end,
--ATMA NAPTR KX CERT A6 DNAME SINK OPT TSIG IXFR AXFR MAILB MAILA ANY ZXFR --ATMA
NAPTR = function(data, offset)
local order, preference, flags, service, regexp, replacement
order = bto16(data, offset)
preference = bto16(data, offset+2)
offset, flags = parse_txt(data, offset+4)
offset, service = parse_txt(data, offset)
offset, regexp = parse_txt(data, offset)
offset, replacement = parse_domain(data, offset)
return offset, string.format('%d %d %s %s %s %s',
order, preference, flags, service, regexp, replacement)
end,
--KX CERT A6 DNAME SINK OPT TSIG IXFR AXFR MAILB MAILA ANY ZXFR
} }
function get_rdata(data, offset, ttype) function get_rdata(data, offset, ttype)