File dns-blacklist
Script types:
prerule, hostrule
Categories:
external, safe
Download: http://nmap.org/svn/scripts/dns-blacklist.nse
User Summary
Checks target IP addresses against multiple DNS anti-spam and open proxy blacklists and returns a list of services for which an IP has been flagged. Checks may be limited by service category (eg: SPAM, PROXY) or to a specific service name.
Script Arguments
dns-blacklist.ip
string containing the IP to check only needed if running the script as a prerule.
Example Usage
nmap --script dns-blacklist --script-args='dns-blacklist.ip=<ip>' or nmap -sn <ip> --script dns-blacklist
Script Output
Pre-scan script results: | dns-blacklist: | 1.2.3.4 | PROXY | dnsbl.ahbl.org - PROXY | dnsbl.tornevall.org - PROXY | IP marked as "abusive host". | Proxy is working | Proxy has been scanned | SPAM | dnsbl.inps.de - SPAM | Spam Received See: http://www.sorbs.net/lookup.shtml?1.2.3.4 | l2.apews.org - SPAM | list.quorum.to - SPAM | bl.spamcop.net - SPAM |_ spam.dnsbl.sorbs.net - SPAM Supported blacklist list mode (--script-arg dns-blacklist.list): | dns-blacklist: | PROXY | dnsbl.ahbl.org | socks.dnsbl.sorbs.net | http.dnsbl.sorbs.net | misc.dnsbl.sorbs.net | dnsbl.tornevall.org | SPAM | dnsbl.ahbl.org | dnsbl.inps.de | bl.nszones.com | l2.apews.org | list.quorum.to | all.spamrats.com | bl.spamcop.net | spam.dnsbl.sorbs.net |_ sbl.spamhaus.org
Requires
Author: Patrik Karlsson
License: Same as Nmap--See http://nmap.org/book/man-legal.html
