From f1a3c26b661a3be6121493d1dcef32db437234c8 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 9 Jul 2012 18:50:21 +0000
Subject: [PATCH] Fixed dns-zone-transfer support of WKS records (tested with
 Bind9)

---
 scripts/dns-zone-transfer.nse | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/scripts/dns-zone-transfer.nse b/scripts/dns-zone-transfer.nse
index 4fd480747..0da947c38 100644
--- a/scripts/dns-zone-transfer.nse
+++ b/scripts/dns-zone-transfer.nse
@@ -290,15 +290,20 @@ local RD = {
     proto = string.byte(data, offset+4)
     svcs = {}
     local p = 0
+    local bits = {128, 64, 32, 16, 8, 4, 2, 1}
     for i=1, len do
-      local n = string.byte(data, offset + i)
-      for j=0, 7 do
-        if bit.band(128, n) then table.insert(svcs, p) end
+      local n = string.byte(data, offset + i + 4)
+      for _, v in ipairs(bits) do
+        if bit.band(v, n) > 0 then table.insert(svcs, p) end
         p = p + 1
-        n = bit.lshift(n, 1)
       end
     end
-    return offset + len, string.format("%s %d (%s)", ip, proto, table.concat(svcs, ","))
+    if proto == 6 then
+      proto = "TCP"
+    elseif proto == 17 then
+      proto = "UDP"
+    end
+    return offset + len, string.format("%s %s %s", ip, proto, table.concat(svcs, " "))
   end,
   PTR = parse_domain,
   HINFO = function(data, offset)