mirror of
https://github.com/nmap/nmap.git
synced 2025-12-09 22:21:29 +00:00
Add hostmap-robtex by Arturo Busleiman.
Originally called http-robtex-shared-domains. http://seclists.org/nmap-dev/2012/q2/20
This commit is contained in:
david
71
scripts/hostmap-robtex.nse
Normal file
71
scripts/hostmap-robtex.nse
Normal file
@@ -0,0 +1,71 @@
|
||||
description = [[
|
||||
Tries to find hostnames that resolve to the target's IP address by querying the Robtex service at http://www.robtex.com/dns/.
|
||||
]];
|
||||
|
||||
---
|
||||
-- @usage
|
||||
-- nmap --script hostmap-robtex --script-args hostmap-robtex.host='<domain_name>'
|
||||
--
|
||||
-- @args hostmap-robtex.host IPv4 address of the host to lookup
|
||||
--
|
||||
-- @output
|
||||
-- Pre-scan script results:
|
||||
-- | hostmap-robtex:
|
||||
-- | example.edu
|
||||
-- | example.net
|
||||
-- | example.edu
|
||||
-- |_ example.net
|
||||
-- (some results omitted for brevity)
|
||||
--
|
||||
-- TODO:
|
||||
-- * Add list of nameservers, or group output accordingly
|
||||
--
|
||||
|
||||
author = "Arturo Busleiman <buanzo@buanzo.com.ar>";
|
||||
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
|
||||
categories = {
|
||||
"discovery",
|
||||
"safe",
|
||||
"external"
|
||||
};
|
||||
|
||||
require "http";
|
||||
require "shortport";
|
||||
|
||||
--- Scrape domains sharing name servers from robtex website
|
||||
-- @param data string containing the retrieved web page
|
||||
-- @return table containing the resolved host names
|
||||
function parse_robtex_response (data)
|
||||
local result = {};
|
||||
|
||||
for linkhref, ns, domain in string.gmatch(data, "<a href=\"(.-)\.html#shared\" title=\"using ns (.-)\">(.-)</a>") do
|
||||
if not table.contains(result, domain) then
|
||||
table.insert(result, domain);
|
||||
end
|
||||
end
|
||||
return result;
|
||||
end
|
||||
|
||||
prerule = function ()
|
||||
return stdnse.get_script_args("hostmap-robtex.host") ~= nil;
|
||||
end;
|
||||
|
||||
action = function (host, port)
|
||||
local target = stdnse.get_script_args("hostmap-robtex.host");
|
||||
|
||||
local link = "http://www.robtex.com/dns/" .. target .. ".html";
|
||||
local htmldata = http.get_url(link);
|
||||
local domains = parse_robtex_response(htmldata.body);
|
||||
if (#domains > 0) then
|
||||
return stdnse.format_output(true, domains);
|
||||
end
|
||||
end;
|
||||
|
||||
function table.contains (table, element)
|
||||
for _, value in pairs(table) do
|
||||
if value == element then
|
||||
return true;
|
||||
end
|
||||
end
|
||||
return false;
|
||||
end
|
||||
Reference in New Issue
Block a user