Script dns-blacklist
Script types:
prerule, hostrule
Categories:
external, safe
Download: https://svn.nmap.org/nmap/scripts/dns-blacklist.nse
Script Summary
Checks target IP addresses against multiple DNS anti-spam and open proxy blacklists and returns a list of services for which an IP has been flagged. Checks may be limited by service category (eg: SPAM, PROXY) or to a specific service name.
Script Arguments
- dns-blacklist.services
string containing a comma-separated list of services to query. (default: all)
- dns-blacklist.ip
string containing the IP to check only needed if running the script as a prerule.
- dns-blacklist.list
lists all services that are available for a certain category.
- dns-blacklist.category
string containing the service category to query eg. spam or proxy (default: all)
- dns-blacklist.mode
string containing either "short" or "long" long mode can sometimes provide additional information to why an IP has been blacklisted. (default: long)
Example Usage
nmap --script dns-blacklist --script-args='dns-blacklist.ip=<ip>' or nmap -sn <ip> --script dns-blacklist
Script Output
Pre-scan script results: | dns-blacklist: | 1.2.3.4 | PROXY | dnsbl.tornevall.org - PROXY | IP marked as "abusive host". | Proxy is working | Proxy has been scanned | SPAM | dnsbl.inps.de - SPAM | Spam Received See: http://www.sorbs.net/lookup.shtml?1.2.3.4 | l2.apews.org - SPAM | list.quorum.to - SPAM | bl.spamcop.net - SPAM |_ spam.dnsbl.sorbs.net - SPAM Supported blacklist list mode (--script-args dns-blacklist.list): | dns-blacklist: | PROXY | socks.dnsbl.sorbs.net | http.dnsbl.sorbs.net | misc.dnsbl.sorbs.net | dnsbl.tornevall.org | SPAM | dnsbl.inps.de | bl.nszones.com | l2.apews.org | list.quorum.to | all.spamrats.com | bl.spamcop.net | spam.dnsbl.sorbs.net |_ sbl.spamhaus.org
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html