Checks target IP addresses against multiple DNS anti-spam and open proxy blacklists and returns a list of services for which an IP has been flagged. Checks may be limited by service category (eg: SPAM, PROXY) or to a specific service name.
string containing a comma-separated list of services to query. (default: all)
string containing the IP to check only needed if running the script as a prerule.
lists all services that are available for a certain category.
string containing the service category to query eg. spam or proxy (default: all)
string containing either "short" or "long" long mode can sometimes provide additional information to why an IP has been blacklisted. (default: long)
nmap --script dns-blacklist --script-args='dns-blacklist.ip=<ip>' or nmap -sn <ip> --script dns-blacklist
Pre-scan script results: | dns-blacklist: | 188.8.131.52 | PROXY | dnsbl.tornevall.org - PROXY | IP marked as "abusive host". | Proxy is working | Proxy has been scanned | SPAM | dnsbl.inps.de - SPAM | Spam Received See: http://www.sorbs.net/lookup.shtml?184.108.40.206 | l2.apews.org - SPAM | list.quorum.to - SPAM | bl.spamcop.net - SPAM |_ spam.dnsbl.sorbs.net - SPAM Supported blacklist list mode (--script-args dns-blacklist.list): | dns-blacklist: | PROXY | socks.dnsbl.sorbs.net | http.dnsbl.sorbs.net | misc.dnsbl.sorbs.net | dnsbl.tornevall.org | SPAM | dnsbl.inps.de | bl.nszones.com | l2.apews.org | list.quorum.to | all.spamrats.com | bl.spamcop.net | spam.dnsbl.sorbs.net |_ sbl.spamhaus.org
Author: Patrik Karlsson
License: Same as Nmap--See https://nmap.org/book/man-legal.html