PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-22 15:39:03 +00:00
Code Issues Projects Releases Wiki Activity

Let resolveall.nse run against named targets

Browse Source
This commit is contained in:
dmiller
2016-11-02 20:23:19 +00:00
parent 6d49b6961b
commit ffd19d6639
2 changed files with 73 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Enabled resolveall to run against any target provided as a hostname, so
the resolveall.hosts script-arg is no longer required. [Daniel Miller]
o [NSE] Updated fingerprints for script http-default-accounts with 18 new o [NSE] Updated fingerprints for script http-default-accounts with 18 new
fingerprints. 4 fingerprints have been broadened to cover more variants. fingerprints. 4 fingerprints have been broadened to cover more variants.
[nnposter] [nnposter]

75
scripts/resolveall.nse
View File

@@ -3,18 +3,26 @@ local stdnse = require "stdnse"
local string = require "string" local string = require "string"
local table = require "table" local table = require "table"
local target = require "target" local target = require "target"
local ipOps = require "ipOps"
description = [[ description = [[
Resolves hostnames and adds every address (IPv4 or IPv6, depending on Resolves hostnames and adds every address (IPv4 or IPv6, depending on
Nmap mode) to Nmap's target list. This differs from Nmap's normal Nmap mode) to Nmap's target list. This differs from Nmap's normal
host resolution process, which only scans the first address (A or AAAA host resolution process, which only scans the first address (A or AAAA
record) returned for each host name. record) returned for each host name.
The script will run on any target provided by hostname. It can also be fed
hostnames via the <code>resolveall.hosts</code> argument. Because it adds new
targets by IP address it will not run recursively, since those new targets were
not provided by hostname. It will also not add the same IP that was initially
chosen for scanning by Nmap.
]] ]]
--- ---
-- @usage -- @usage
-- nmap --script=resolveall --script-args=newtargets,resolveall.hosts={<host1>, ...} ... -- nmap --script=resolveall --script-args=newtargets,resolveall.hosts={<host1>, ...} ...
-- @args resolveall.hosts Table of hosts to resolve -- nmap --script=resolveall manyaddresses.example.com
-- @args resolveall.hosts Table of hostnames to resolve
-- @output -- @output
-- Pre-scan script results: -- Pre-scan script results:
-- | resolveall: -- | resolveall:
@@ -26,6 +34,20 @@ record) returned for each host name.
-- | 74.125.39.105 -- | 74.125.39.105
-- | 74.125.39.104 -- | 74.125.39.104
-- |_ Successfully added 6 new targets -- |_ Successfully added 6 new targets
-- Host script results:
-- | resolveall:
-- | Host 'chat.freenode.net' also resolves to:
-- | 94.125.182.252
-- | 185.30.166.37
-- | 162.213.39.42
-- | 193.10.255.100
-- | 139.162.227.51
-- | 195.154.200.232
-- | 164.132.77.237
-- | 185.30.166.38
-- | 130.185.232.126
-- | 38.229.70.22
-- |_ Successfully added 10 new targets
-- @xmloutput -- @xmloutput
-- <elem key="newtargets">4</elem> -- <elem key="newtargets">4</elem>
-- <table key="hosts"> -- <table key="hosts">
@@ -45,11 +67,11 @@ categories = {"safe", "discovery"}
prerule = function() prerule = function()
if not stdnse.get_script_args("resolveall.hosts") then return stdnse.get_script_args("resolveall.hosts")
stdnse.verbose1("Skipping '%s', missing required argument 'resolveall.hosts'.", SCRIPT_NAME)
return false
end end
return true
hostrule = function(host)
return host.targetname
end end
local addtargets = function(list) local addtargets = function(list)
@@ -67,7 +89,7 @@ local addtargets = function(list)
return sum return sum
end end
action = function() preaction = function()
local hosts = stdnse.get_script_args("resolveall.hosts") local hosts = stdnse.get_script_args("resolveall.hosts")
if type(hosts) ~= "table" then if type(hosts) ~= "table" then
@@ -100,3 +122,44 @@ action = function()
end end
return xmloutput, stdnse.format_output(true, output) return xmloutput, stdnse.format_output(true, output)
end end
hostaction = function(host)
local sum = 0
local output = {}
local status, list = nmap.resolve(host.targetname, nmap.address_family())
if not status or #list <= 0 then
return nil
end
-- Don't re-add this same IP!
for i = #list, 1, -1 do
if ipOps.compare_ip(list[i], "eq", host.ip) then
table.remove(list, i)
end
end
if target.ALLOW_NEW_TARGETS then
sum = sum + addtargets(list)
end
table.insert(output, string.format("Host '%s' also resolves to:", host.targetname))
table.insert(output, list)
local xmloutput = {
addresses = list,
newtargets = sum or 0,
}
if sum > 0 then
table.insert(output, string.format("Successfully added %d new targets", sum))
else
table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
end
return xmloutput, stdnse.format_output(true, output)
end
local ActionsTable = {
-- prerule: resolve via script-args
prerule = preaction,
-- hostrule: resolve via scanned host
hostrule = hostaction
}
-- execute the action function corresponding to the current rule
action = function(...) return ActionsTable[SCRIPT_TYPE](...) end