mirror of
https://github.com/nmap/nmap.git
synced 2025-12-06 12:41:29 +00:00
72 lines
1.6 KiB
Lua
72 lines
1.6 KiB
Lua
local http = require "http"
|
|
local ipOps = require "ipOps"
|
|
local stdnse = require "stdnse"
|
|
local string = require "string"
|
|
local table = require "table"
|
|
|
|
description = [[
|
|
Discovers hostnames that resolve to the target's IP address by querying the online Robtex service at http://ip.robtex.com/.
|
|
]]
|
|
|
|
---
|
|
-- @usage
|
|
-- nmap --script hostmap-robtex -sn -Pn scanme.nmap.org
|
|
--
|
|
-- @output
|
|
-- | hostmap-robtex:
|
|
-- | hosts:
|
|
-- |_ scanme.nmap.org
|
|
--
|
|
-- @xmloutput
|
|
-- <table key="hosts">
|
|
-- <elem>nmap.org</elem>
|
|
-- </table>
|
|
---
|
|
|
|
author = "Arturo 'Buanzo' Busleiman"
|
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
|
categories = {
|
|
"discovery",
|
|
"safe",
|
|
"external"
|
|
}
|
|
|
|
|
|
--- Scrape domains sharing target host ip from robtex website
|
|
-- @param data string containing the retrieved web page
|
|
-- @return table containing the host names sharing host.ip
|
|
function parse_robtex_response (data)
|
|
local result = {}
|
|
|
|
for domain in string.gmatch(data, "<span id=\"dns[0-9]+\"><a href=\"//[a-z]+.robtex.com/([^\"]-)%.html\"") do
|
|
if not table.contains(result, domain) then
|
|
table.insert(result, domain)
|
|
end
|
|
end
|
|
return result
|
|
end
|
|
|
|
hostrule = function (host)
|
|
return not ipOps.isPrivate(host.ip)
|
|
end
|
|
|
|
action = function (host)
|
|
local link = "http://ip.robtex.com/" .. host.ip .. ".html"
|
|
local htmldata = http.get_url(link)
|
|
local domains = parse_robtex_response(htmldata.body)
|
|
local output_tab = stdnse.output_table()
|
|
if (#domains > 0) then
|
|
output_tab.hosts = domains
|
|
end
|
|
return output_tab
|
|
end
|
|
|
|
function table.contains (table, element)
|
|
for _, value in pairs(table) do
|
|
if value == element then
|
|
return true
|
|
end
|
|
end
|
|
return false
|
|
end
|