Script dns-srv-enum

Script types: prerule
Categories: discovery, safe
Download: https://svn.nmap.org/nmap/scripts/dns-srv-enum.nse

Script Summary

Enumerates various common service (SRV) records for a given domain name. The service records contain the hostname, port and priority of servers for a given service. The following services are enumerated by the script: - Active Directory Global Catalog - Exchange Autodiscovery - Kerberos KDC Service - Kerberos Passwd Change Service - LDAP Servers - SIP Servers - XMPP S2S - XMPP C2S

Script Arguments

dns-srv-enum.domain

string containing the domain to query

dns-srv-enum.filter

string containing the service to query (default: all)

max-newtargets, newtargets

See the documentation for the target library.

Example Usage

nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='example.com'"

Script Output

| dns-srv-enum:
|   Active Directory Global Catalog
|     service   prio  weight  host
|     3268/tcp  0     100     stodc01.example.com
|   Kerberos KDC Service
|     service  prio  weight  host
|     88/tcp   0     100     stodc01.example.com
|     88/udp   0     100     stodc01.example.com
|   Kerberos Password Change Service
|     service  prio  weight  host
|     464/tcp  0     100     stodc01.example.com
|     464/udp  0     100     stodc01.example.com
|   LDAP
|     service  prio  weight  host
|     389/tcp  0     100     stodc01.example.com
|   SIP
|     service   prio  weight  host
|     5060/udp  10    50      vclux2.example.com
|     5070/udp  10    50      vcbxl2.example.com
|     5060/tcp  10    50      vclux2.example.com
|     5060/tcp  10    50      vcbxl2.example.com
|   XMPP server-to-server
|     service   prio  weight  host
|     5269/tcp  5     0       xmpp-server.l.example.com
|     5269/tcp  20    0       alt2.xmpp-server.l.example.com
|     5269/tcp  20    0       alt4.xmpp-server.l.example.com
|     5269/tcp  20    0       alt3.xmpp-server.l.example.com
|_    5269/tcp  20    0       alt1.xmpp-server.l.example.com

Requires


Author:

  • Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html