Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File dns-brute

Script types: prerule, hostrule
Categories: intrusive, discovery
Download: http://nmap.org/svn/scripts/dns-brute.nse

User Summary

Attempts to enumerate DNS hostnames by brute force guessing of common subdomains. With the dns-brute.srv argument, dns-brute will also try to enumerate common DNS SRV records.

Script Arguments

dns-brute.threads

Thread to use (default 5).

dns-brute.srvlist

The filename of a list of SRV records to try. Defaults to "nselib/data/dns-srv-names"

dns-brute.hostlist

The filename of a list of host strings to try. Defaults to "nselib/data/vhosts-default.lst"

dns-brute.srv

Perform lookup for SRV records

dns-brute.domain

Domain name to brute force if no host is specified

max-newtargets, newtargets

See the documentation for the target library.

unittest.run

See the documentation for the unittest library.

Example Usage

nmap --script dns-brute --script-args dns-brute.domain=foo.com,dns-brute.threads=6,dns-brute.hostlist=./hostfile.txt,newtargets -sS -p 80
nmap --script dns-brute www.foo.com

Script Output

Pre-scan script results:
| dns-brute:
|   DNS Brute-force hostnames
|     www.foo.com - 127.0.0.1
|     mail.foo.com - 127.0.0.2
|     blog.foo.com - 127.0.1.3
|     ns1.foo.com - 127.0.0.4
|_    admin.foo.com - 127.0.0.5

Requires


Author: Cirrus

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]