Script hostmap-bfk

Script types: hostrule
Categories: external, discovery
Download: https://svn.nmap.org/nmap/scripts/hostmap-bfk.nse

Script Summary

Discovers hostnames that resolve to the target's IP address by querying the online database at http://www.bfk.de/bfk_dnslogger.html.

The script is in the "external" category because it sends target IPs to a third party in order to query their database.

This script was formerly (until April 2012) known as hostmap.nse.

Script Arguments

hostmap-bfk.prefix

If set, saves the output for each host in a file called "<prefix><target>". The file contains one entry per line.

newtargets

If set, add the new hostnames to the scanning queue. This the names presumably resolve to the same IP address as the original target, this is only useful for services such as HTTP that can change their behavior based on hostname.

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

max-newtargets

See the documentation for the target library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script hostmap-bfk --script-args hostmap-bfk.prefix=hostmap- <targets>

Script Output

Host script results:
| hostmap-bfk:
|   hosts:
|     insecure.org
|     173.255.243.189
|     images.insecure.org
|     www.insecure.org
|     nmap.org
|     189.243.255.173.in-addr.arpa
|     mail.nmap.org
|     svn.nmap.org
|     www.nmap.org
|     sectools.org
|     seclists.org
|_    li253-189.members.linode.com

Requires

• http
• io
• ipOps
• stdnse
• string
• stringaux
• table
• target

---

Author:

• Ange Gutek

License: Same as Nmap--See https://nmap.org/book/man-legal.html