403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/share/nmap/scripts/http-robtex-shared-ns.nse
local http = require "http"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"

description = [[
Finds up to 100 domain names which use the same name server as the target by querying the Robtex service at http://www.robtex.com/dns/.

The target must be specified by DNS name, not IP address.

*TEMPORARILY DISABLED* due to changes in Robtex's API. See https://www.robtex.com/api/
]]

---
-- @usage
-- nmap --script http-robtex-shared-ns
--
-- @outt
-- Host script results:
-- | http-robtex-shared-ns:
-- |   example.edu
-- |   example.net
-- |   example.edu
-- |_  example.net
-- (some results omitted for brevity)
--
-- TODO:
-- * Add list of nameservers, or group output accordingly
--

author = "Arturo 'Buanzo' Busleiman"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe", "external"}

prerule = function() return true end
action = function()
  return "*TEMPORARILY DISABLED* due to changes in Robtex's API. See https://www.robtex.com/api/"
end

--[[
local function unescape(s)
    return string.gsub(s, "\\x(%x%x)", function(hex)
        return string.char(tonumber(hex, 16))
    end)
end


--- Scrape domains sharing name servers from robtex website
-- @param data string containing the retrieved web page
-- @return table containing the resolved host names
function parse_robtex_response(data)
  local result = {}

  if ( not(data) ) then
    return
  end

  -- cut out the section we're interested in
  data = data:match('<span id="shared[^"]*_pn_mn">.-<ol.->(.-)</ol>')

  -- process each html list item
  if data then
    for domain in data:gmatch("<li[^>]*>(.-)</li>") do
      domain = domain:gsub("<[^>]+>","")
      if ( domain ) then
        table.insert(result, domain)
      end
    end
  end

  return result
end

local function lookup_dns_server(data)
  return data:match("The primary name server is <a.->(.-)</a>.")
end

local function fetch_robtex_data(url)
  local htmldata = http.get("www.robtex.net", 443, url, {any_af=true})
  if ( not(htmldata) or not(htmldata.body) ) then
    return
  end

  -- fixup hex encodings
  return unescape(htmldata.body)
end

hostrule = function (host) return host.targetname end

action = function(host)
  local base_url = "/?dns=" .. host.targetname
  local data = fetch_robtex_data(base_url)
  local domains = parse_robtex_response(data)

  if ( not(domains) ) then
    local server = lookup_dns_server(data)
    if ( not(server) ) then
      return
    end
    local url = base_url:format(server)
    stdnse.debug2("Querying URL: %s", url)
    data = fetch_robtex_data(url)

    domains = parse_robtex_response(data)
  end

  if (domains and #domains > 0) then
    return stdnse.format_output(true, domains)
  end
end
]]--

Youez - 2016 - github.com/yon3zu
LinuXploit