Script dns-blacklist

Script types: prerule, hostrule
Categories: external, safe
Download: https://svn.nmap.org/nmap/scripts/dns-blacklist.nse

Script Summary

Checks target IP addresses against multiple DNS anti-spam and open proxy blacklists and returns a list of services for which an IP has been flagged. Checks may be limited by service category (eg: SPAM, PROXY) or to a specific service name.

Script Arguments

dns-blacklist.services

string containing a comma-separated list of services to query. (default: all)

dns-blacklist.ip

string containing the IP to check only needed if running the script as a prerule.

dns-blacklist.list

lists all services that are available for a certain category.

dns-blacklist.category

string containing the service category to query eg. spam or proxy (default: all)

dns-blacklist.mode

string containing either "short" or "long" long mode can sometimes provide additional information to why an IP has been blacklisted. (default: long)

Example Usage

nmap --script dns-blacklist --script-args='dns-blacklist.ip=<ip>'
or
nmap -sn <ip> --script dns-blacklist

Script Output

Pre-scan script results:
| dns-blacklist:
| 1.2.3.4
|   PROXY
|     dnsbl.tornevall.org - PROXY
|       IP marked as "abusive host".
|       Proxy is working
|       Proxy has been scanned
|   SPAM
|     dnsbl.inps.de - SPAM
|       Spam Received See: http://www.sorbs.net/lookup.shtml?1.2.3.4
|     l2.apews.org - SPAM
|     list.quorum.to - SPAM
|     bl.spamcop.net - SPAM
|_    spam.dnsbl.sorbs.net - SPAM

Supported blacklist list mode (--script-args dns-blacklist.list):
| dns-blacklist:
|   PROXY
|     socks.dnsbl.sorbs.net
|     http.dnsbl.sorbs.net
|     misc.dnsbl.sorbs.net
|     dnsbl.tornevall.org
|   SPAM
|     dnsbl.inps.de
|     bl.nszones.com
|     l2.apews.org
|     list.quorum.to
|     all.spamrats.com
|     bl.spamcop.net
|     spam.dnsbl.sorbs.net
|_    sbl.spamhaus.org

Requires


Author:

  • Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html