Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File dns-nsec-enum

Script types: portrule
Categories: discovery, intrusive
Download: http://nmap.org/svn/scripts/dns-nsec-enum.nse

User Summary

Enumerates DNS names using the DNSSEC NSEC-walking technique.

Output is arranged by domain. Within a domain, subzones are shown with increased indentation.

The NSEC response record in DNSSEC is used to give negative answers to queries, but it has the side effect of allowing enumeration of all names, much like a zone transfer. This script doesn't work against servers that use NSEC3 rather than NSEC; for that, see dns-nsec3-enum.

Script Arguments

dns-nsec-enum.domains

The domain or list of domains to enumerate. If not provided, the script will make a guess based on the name of the target.

Example Usage

nmap -sSU -p 53 --script dns-nsec-enum --script-args dns-nsec-enum.domains=example.com <target>

Script Output

53/udp open  domain  udp-response
| dns-nsec-enum:
|   example.com
|     bulbasaur.example.com
|     charmander.example.com
|     dugtrio.example.com
|     www.dugtrio.example.com
|     gyarados.example.com
|       johto.example.com
|       blue.johto.example.com
|       green.johto.example.com
|       ns.johto.example.com
|       red.johto.example.com
|     ns.example.com
|     snorlax.example.com
|_    vulpix.example.com

Requires


Author: John R. Bond

License: Simplified (2-clause) BSD license--See http://nmap.org/svn/docs/licenses/BSD-simplified

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault