Server IP : 80.87.202.40 / Your IP : 216.73.216.169 Web Server : Apache System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64 User : bitrix ( 600) PHP Version : 8.2.27 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /usr/share/nmap/scripts/ |
Upload File : |
local http = require "http" local stdnse = require "stdnse" local string = require "string" local table = require "table" description = [[ Finds up to 100 domain names which use the same name server as the target by querying the Robtex service at http://www.robtex.com/dns/. The target must be specified by DNS name, not IP address. *TEMPORARILY DISABLED* due to changes in Robtex's API. See https://www.robtex.com/api/ ]] --- -- @usage -- nmap --script http-robtex-shared-ns -- -- @outt -- Host script results: -- | http-robtex-shared-ns: -- | example.edu -- | example.net -- | example.edu -- |_ example.net -- (some results omitted for brevity) -- -- TODO: -- * Add list of nameservers, or group output accordingly -- author = "Arturo 'Buanzo' Busleiman" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = {"discovery", "safe", "external"} prerule = function() return true end action = function() return "*TEMPORARILY DISABLED* due to changes in Robtex's API. See https://www.robtex.com/api/" end --[[ local function unescape(s) return string.gsub(s, "\\x(%x%x)", function(hex) return string.char(tonumber(hex, 16)) end) end --- Scrape domains sharing name servers from robtex website -- @param data string containing the retrieved web page -- @return table containing the resolved host names function parse_robtex_response(data) local result = {} if ( not(data) ) then return end -- cut out the section we're interested in data = data:match('<span id="shared[^"]*_pn_mn">.-<ol.->(.-)</ol>') -- process each html list item if data then for domain in data:gmatch("<li[^>]*>(.-)</li>") do domain = domain:gsub("<[^>]+>","") if ( domain ) then table.insert(result, domain) end end end return result end local function lookup_dns_server(data) return data:match("The primary name server is <a.->(.-)</a>.") end local function fetch_robtex_data(url) local htmldata = http.get("www.robtex.net", 443, url, {any_af=true}) if ( not(htmldata) or not(htmldata.body) ) then return end -- fixup hex encodings return unescape(htmldata.body) end hostrule = function (host) return host.targetname end action = function(host) local base_url = "/?dns=" .. host.targetname local data = fetch_robtex_data(base_url) local domains = parse_robtex_response(data) if ( not(domains) ) then local server = lookup_dns_server(data) if ( not(server) ) then return end local url = base_url:format(server) stdnse.debug2("Querying URL: %s", url) data = fetch_robtex_data(url) domains = parse_robtex_response(data) end if (domains and #domains > 0) then return stdnse.format_output(true, domains) end end ]]--