Script dns-srv-enum
Script types:
prerule
Categories:
discovery, safe
Download: https://svn.nmap.org/nmap/scripts/dns-srv-enum.nse
Script Summary
Enumerates various common service (SRV) records for a given domain name. The service records contain the hostname, port and priority of servers for a given service. The following services are enumerated by the script: - Active Directory Global Catalog - Exchange Autodiscovery - Kerberos KDC Service - Kerberos Passwd Change Service - LDAP Servers - SIP Servers - XMPP S2S - XMPP C2S
Script Arguments
- dns-srv-enum.domain
string containing the domain to query
- dns-srv-enum.filter
string containing the service to query (default: all)
- max-newtargets, newtargets
See the documentation for the target library.
Example Usage
nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='example.com'"
Script Output
| dns-srv-enum: | Active Directory Global Catalog | service prio weight host | 3268/tcp 0 100 stodc01.example.com | Kerberos KDC Service | service prio weight host | 88/tcp 0 100 stodc01.example.com | 88/udp 0 100 stodc01.example.com | Kerberos Password Change Service | service prio weight host | 464/tcp 0 100 stodc01.example.com | 464/udp 0 100 stodc01.example.com | LDAP | service prio weight host | 389/tcp 0 100 stodc01.example.com | SIP | service prio weight host | 5060/udp 10 50 vclux2.example.com | 5070/udp 10 50 vcbxl2.example.com | 5060/tcp 10 50 vclux2.example.com | 5060/tcp 10 50 vcbxl2.example.com | XMPP server-to-server | service prio weight host | 5269/tcp 5 0 xmpp-server.l.example.com | 5269/tcp 20 0 alt2.xmpp-server.l.example.com | 5269/tcp 20 0 alt4.xmpp-server.l.example.com | 5269/tcp 20 0 alt3.xmpp-server.l.example.com |_ 5269/tcp 20 0 alt1.xmpp-server.l.example.com
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html