NSEDoc

• Index
• NSE Documentation

Categories

• auth
• default
• discovery
• dos
• exploit
• external
• fuzzer
• intrusive
• malware
• safe
• version
• vuln

Scripts (show 134)(134)Scripts (134)

• afp-brute
• afp-path-vuln
• afp-serverinfo
• afp-showmount
• asn-query
• auth-owners
• auth-spoof
• banner
• citrix-brute-xml
• citrix-enum-apps
• citrix-enum-apps-xml
• citrix-enum-servers
• citrix-enum-servers-xml
• couchdb-databases
• couchdb-stats
• daap-get-library
• daytime
• db2-das-info
• dhcp-discover
• dns-cache-snoop
• dns-fuzz
• dns-random-srcport
• dns-random-txid
• dns-recursion
• dns-service-discovery
• dns-zone-transfer
• drda-brute
• drda-info
• finger
• ftp-anon
• ftp-bounce
• ftp-brute
• ftp-libopie
• html-title
• http-auth
• http-date
• http-enum
• http-favicon
• http-headers
• http-iis-webdav-vuln
• http-malware-host
• http-methods
• http-open-proxy
• http-passwd
• http-php-version
• http-trace
• http-userdir-enum
• http-vmware-path-vuln
• iax2-version
• imap-capabilities
• ipidseq
• irc-info
• irc-unrealircd-backdoor
• jdwp-version
• ldap-brute
• ldap-rootdse
• ldap-search
• lexmark-config
• mongodb-databases
• mongodb-info
• ms-sql-brute
• ms-sql-config
• ms-sql-empty-password
• ms-sql-hasdbaccess
• ms-sql-info
• ms-sql-query
• ms-sql-tables
• ms-sql-xp-cmdshell
• mysql-brute
• mysql-databases
• mysql-empty-password
• mysql-info
• mysql-users
• mysql-variables
• nbstat
• nfs-ls
• nfs-showmount
• nfs-statfs
• ntp-info
• ntp-monlist
• oracle-sid-brute
• p2p-conficker
• pgsql-brute
• pjl-ready-message
• pop3-brute
• pop3-capabilities
• pptp-version
• qscan
• realvnc-auth-bypass
• robots.txt
• rpcinfo
• skypev2-version
• smb-brute
• smb-check-vulns
• smb-enum-domains
• smb-enum-groups
• smb-enum-processes
• smb-enum-sessions
• smb-enum-shares
• smb-enum-users
• smb-os-discovery
• smb-psexec
• smb-security-mode
• smb-server-stats
• smb-system-info
• smbv2-enabled
• smtp-commands
• smtp-enum-users
• smtp-open-relay
• smtp-strangeport
• sniffer-detect
• snmp-brute
• snmp-interfaces
• snmp-netstat
• snmp-processes
• snmp-sysdescr
• snmp-win32-services
• snmp-win32-shares
• snmp-win32-software
• snmp-win32-users
• socks-open-proxy
• sql-injection
• ssh-hostkey
• sshv1
• ssl-cert
• ssl-enum-ciphers
• sslv2
• telnet-brute
• upnp-info
• vnc-brute
• vnc-info
• wdb-version
• whois
• x11-access

Libraries (show 47)(47)Libraries (47)

• afp
• asn1
• base64
• bin
• bit
• brute
• citrixxml
• comm
• datafiles
• dns
• drda
• http
• imap
• ipOps
• json
• ldap
• listop
• match
• mongodb
• msrpc
• msrpcperformance
• msrpctypes
• mssql
• mysql
• netbios
• nmap
• nsedebug
• openssl
• packet
• pcre
• pgsql
• pop3
• proxy
• rpc
• shortport
• smb
• smbauth
• snmp
• ssh1
• ssh2
• stdnse
• strbuf
• strict
• tab
• unpwdb
• url
• vnc

Library dns

Simple DNS library supporting packet creation, encoding, decoding, and querying.

Copyright© Same as Nmap--See http://nmap.org/book/man-legal.html

Source: http://nmap.org/svn/nselib/dns.lua

Functions

additionalFetcher[types.A] (dec, retAll)	Additional fetcher for A records
additionalFetcher[types.AAAA] (dec, retAll)	Additional fetcher for AAAA records.
additionalFetcher[types.TXT] (dec, retAll)	Additional fetcher for TXT records.
addQuestion (pkt, dname, dtype)	Adds a question to a DNS packet table.
answerFetcher[types.A] (dec, retAll)	Answer fetcher for A records
answerFetcher[types.AAAA] (dec, retAll)	Answer fetcher for AAAA records.
answerFetcher[types.CNAME] (dec, retAll)	Answer fetcher for CNAME records.
answerFetcher[types.NS] (dec)	Answer fetcher for NS records.
answerFetcher[types.PTR] (dec, retAll)	Answer fetcher for PTR records.
answerFetcher[types.TXT] (dec, retAll)	Answer fetcher for TXT records.
decDomain (entry, data, pos)	Decodes records that consist only of one domain, for example CNAME, NS, PTR. Puts result in entry.domain.
decode (data)	Decodes a DNS packet.
decodeFlags (flgStr)	Decodes DNS flags.
decodeQuestions (data, count, pos)	Decodes questions in a DNS packet.
decoder[types.A] (entry)	Decodes IP of A record, puts it in entry.ip.
decoder[types.AAAA] (entry)	Decodes IP of AAAA record, puts it in entry.ipv6.
decoder[types.CNAME] (entry, data, pos)	Decodes CNAME records. Puts result in entry.domain.
decoder[types.NS] (entry, data, pos)	Decodes NS records. Puts result in entry.domain.
decoder[types.PTR] (entry, data, pos)	Decodes PTR records. Puts result in entry.domain.
decoder[types.SOA] (entry, data, pos)	Decodes SOA record, puts it in entry.SOA.
decoder[types.SSHFP] (entry)	Decodes SSH fingerprint record, puts it in entry.SSHFP as defined in RFC 4255.
decoder[types.TXT] (entry, data, pos)	Decodes TXT records. Puts result in entry.domain.
decodeRR (data, count, pos)	Decodes returned resource records (answer, authority, or additional part).
decStr (data, pos)	Decodes a domain in a DNS packet. Handles "compressed" data too.
encode (pkt)	Encode a DNS packet.
encodeFlags (flags)	Encodes DNS flags to a binary digit string.
encodeQuestions (questions)	Encodes the question part of a DNS request.
findNiceAdditional (dtype, dec, retAll)	Calls the answer fetcher for dtype or returns an error code in case of a "no such name" error.
findNiceAnswer (dtype, dec, retAll)	Calls the answer fetcher for dtype or returns an error code in case of a "no such name" error.
getAuthDns (rPkt)	Tries to find the next nameserver with authority to get a result for query.
gotAnswer (rPkt)	Checks if a DNS response packet contains a useful answer.
newPacket ()	Creates a new table representing a DNS packet.
query (dname, options)	Query DNS servers for a DNS record.
reverse (ip)	Formats an IP address for reverse lookup.
sendPackets (data, host, port, timeout, cnt)	Repeatedly sends UDP packets to host, waiting for an answer.
str2tbl (str)	Splits a string up into a table of single characters.

Tables

types

Table of DNS resource types.

Functions

additionalFetcher[types.A] (dec, retAll)

Additional fetcher for A records

Parameters

• dec: Decoded DNS response.
• retAll: If true, return all entries, not just the first.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. String first dns A record or Table of A records or String Error message.

additionalFetcher[types.AAAA] (dec, retAll)

Additional fetcher for AAAA records.

Parameters

• dec: Decoded DNS response.
• retAll: If true, return all entries, not just the first.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. String first dns AAAA record or Table of AAAA records or String Error message.

additionalFetcher[types.TXT] (dec, retAll)

Additional fetcher for TXT records.

Parameters

• dec: Decoded DNS response.
• retAll: If true, return all entries, not just the first.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. String first dns TXT record or Table of TXT records or String Error message.

addQuestion (pkt, dname, dtype)

Adds a question to a DNS packet table.

Parameters

• pkt: Table representing DNS packet.
• dname: Domain name to be asked.
• dtype: RR to be asked.

answerFetcher[types.A] (dec, retAll)

Answer fetcher for A records

Parameters

• dec: Decoded DNS response.
• retAll: If true, return all entries, not just the first.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. String first dns A record or Table of A records or String Error message.

answerFetcher[types.AAAA] (dec, retAll)

Answer fetcher for AAAA records.

Parameters

• dec: Decoded DNS response.
• retAll: If true, return all entries, not just the first.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. String first dns AAAA record or Table of AAAA records or String Error message.

answerFetcher[types.CNAME] (dec, retAll)

Answer fetcher for CNAME records.

Parameters

• dec: Decoded DNS response.
• retAll: If true, return all entries, not just the first.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. String first Domain entry or Table of domain entries or String Error message.

answerFetcher[types.NS] (dec)

Answer fetcher for NS records.

Parameters

• dec: Decoded DNS response.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. String first Domain entry or Table of domain entries or String Error message.

answerFetcher[types.PTR] (dec, retAll)

Answer fetcher for PTR records.

Parameters

• dec: Decoded DNS response.
• retAll: If true, return all entries, not just the first.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. String first Domain entry or Table of domain entries or String Error message.

answerFetcher[types.TXT] (dec, retAll)

Answer fetcher for TXT records.

Parameters

• dec: Decoded DNS response.
• retAll: If true, return all entries, not just the first.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. String first dns TXT record or Table of TXT records or String Error message.

decDomain (entry, data, pos)

Decodes records that consist only of one domain, for example CNAME, NS, PTR. Puts result in entry.domain.

Parameters

• entry: RR in packet.
• data: Complete encoded DNS packet.
• pos: Position in packet after RR.

decode (data)

Decodes a DNS packet.

Parameters

• data: Encoded DNS packet.

Return value:

Table representing DNS packet.

decodeFlags (flgStr)

Decodes DNS flags.

Parameters

• flgStr: Flags as a binary digit string.

Return value:

Table representing flags.

decodeQuestions (data, count, pos)

Decodes questions in a DNS packet.

Parameters

• data: Complete DNS packet.
• count: Value of question counter in header.
• pos: Starting position in packet.

Return values:

1. Position after decoding.
2. Table of decoded questions.

decoder[types.A] (entry)

Decodes IP of A record, puts it in entry.ip.

Parameters

• entry: RR in packet.

decoder[types.AAAA] (entry)

Decodes IP of AAAA record, puts it in entry.ipv6.

Parameters

• entry: RR in packet.

decoder[types.CNAME] (entry, data, pos)

Decodes CNAME records. Puts result in entry.domain.

Parameters

• entry: RR in packet.
• data: Complete encoded DNS packet.
• pos: Position in packet after RR.

decoder[types.NS] (entry, data, pos)

Decodes NS records. Puts result in entry.domain.

Parameters

• entry: RR in packet.
• data: Complete encoded DNS packet.
• pos: Position in packet after RR.

decoder[types.PTR] (entry, data, pos)

Decodes PTR records. Puts result in entry.domain.

Parameters

• entry: RR in packet.
• data: Complete encoded DNS packet.
• pos: Position in packet after RR.

decoder[types.SOA] (entry, data, pos)

Decodes SOA record, puts it in entry.SOA.

entry.SOA has the fields mname, rname, serial, refresh, retry, expire, and minimum.

Parameters

• entry: RR in packet.
• data: Complete encoded DNS packet.
• pos: Position in packet after RR.

decoder[types.SSHFP] (entry)

Decodes SSH fingerprint record, puts it in entry.SSHFP as defined in RFC 4255.

entry.SSHFP has the fields algorithm, fptype, and fingerprint.

Parameters

• entry: RR in packet.

decoder[types.TXT] (entry, data, pos)

Decodes TXT records. Puts result in entry.domain.

Parameters

• entry: RR in packet.
• data: Complete encoded DNS packet.
• pos: Position in packet after RR.

decodeRR (data, count, pos)

Decodes returned resource records (answer, authority, or additional part).

Parameters

• data: Complete encoded DNS packet.
• count: Value of according counter in header.
• pos: Starting position in packet.

Return value:

Table of RRs.

decStr (data, pos)

Decodes a domain in a DNS packet. Handles "compressed" data too.

Parameters

• data: Complete DNS packet.
• pos: Starting position in packet.

Return values:

1. Position after decoding.
2. Decoded domain, or nil on error.

encode (pkt)

Encode a DNS packet.

Caution: doesn't encode answer, authority and additional part.

Parameters

• pkt: Table representing DNS packet, initialized by newPacket.

Return value:

Encoded DNS packet.

encodeFlags (flags)

Encodes DNS flags to a binary digit string.

Parameters

• flags: Flag table, each entry representing a flag (QR, OCx, AA, TC, RD, RA, RCx).

Return value:

Binary digit string representing flags.

encodeQuestions (questions)

Encodes the question part of a DNS request.

Parameters

• questions: Table of questions.

Return value:

Encoded question string.

findNiceAdditional (dtype, dec, retAll)

Calls the answer fetcher for dtype or returns an error code in case of a "no such name" error.

Parameters

• dtype: DNS resource record type.
• dec: Decoded DNS response.
• retAll: If true, return all entries, not just the first.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. Answer according to the answer fetcher for dtype or an Error message.

findNiceAnswer (dtype, dec, retAll)

Calls the answer fetcher for dtype or returns an error code in case of a "no such name" error.

Parameters

• dtype: DNS resource record type.
• dec: Decoded DNS response.
• retAll: If true, return all entries, not just the first.

Return values:

1. True if one or more answers of the required type were found - otherwise false.
2. Answer according to the answer fetcher for dtype or an Error message.

getAuthDns (rPkt)

Tries to find the next nameserver with authority to get a result for query.

Parameters

• rPkt: Decoded DNS response packet

Return value:

String or table of next server(s) to query, or false.

gotAnswer (rPkt)

Checks if a DNS response packet contains a useful answer.

Parameters

• rPkt: Decoded DNS response packet.

Return value:

True if useful, false if not.

newPacket ()

Creates a new table representing a DNS packet.

Return value:

Table representing a DNS packet.

query (dname, options)

Query DNS servers for a DNS record.

Parameters

• dname: Desired domain name entry.
• options: A table containing any of the following fields:
  • dtype: Desired DNS record type (default: "A").
  • host: DNS server to be queried (default: DNS servers known to Nmap).
  • port: Port of DNS server to connect to (default: 53).
  • tries: How often should query try to contact another server (for non-recursive queries).
  • retAll: Return all answers, not just the first.
  • retPkt: Return the packet instead of using the answer-fetching mechanism.
  • norecurse If true, do not set the recursion (RD) flag.

Return values:

1. True if a dns response was received and contained an answer of the requested type, or the decoded dns response was requested (retPkt) and is being returned - or False otherwise.
2. String answer of the requested type, Table of answers or a String error message of one of the following: "No Such Name", "No Servers", "No Answers", "Unable to handle response"

reverse (ip)

Formats an IP address for reverse lookup.

Parameters

• ip: IP address string.

Return value:

"Domain"-style representation of IP as subdomain of in-addr.arpa or ip6.arpa.

sendPackets (data, host, port, timeout, cnt)

Repeatedly sends UDP packets to host, waiting for an answer.

Parameters

• data: Data to be sent.
• host: Host to connect to.
• port: Port to connect to.
• timeout: Number of ms to wait for a response.
• cnt: Number of tries.

Return values:

1. Status (true or false).
2. Response (if status is true).

str2tbl (str)

Splits a string up into a table of single characters.

Parameters

• str: String to be split up.

Return value:

Table of characters.

Tables

types

Table of DNS resource types.