summaryrefslogtreecommitdiffstats
path: root/scripts/resolveall.nse
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--scripts/resolveall.nse170
1 files changed, 170 insertions, 0 deletions
diff --git a/scripts/resolveall.nse b/scripts/resolveall.nse
new file mode 100644
index 0000000..5e0fe7b
--- /dev/null
+++ b/scripts/resolveall.nse
@@ -0,0 +1,170 @@
+local nmap = require "nmap"
+local stdnse = require "stdnse"
+local string = require "string"
+local table = require "table"
+local target = require "target"
+local ipOps = require "ipOps"
+
+description = [[
+NOTE: This script has been replaced by the <code>--resolve-all</code>
+command-line option in Nmap 7.70
+
+Resolves hostnames and adds every address (IPv4 or IPv6, depending on
+Nmap mode) to Nmap's target list. This differs from Nmap's normal
+host resolution process, which only scans the first address (A or AAAA
+record) returned for each host name.
+
+The script will run on any target provided by hostname. It can also be fed
+hostnames via the <code>resolveall.hosts</code> argument. Because it adds new
+targets by IP address it will not run recursively, since those new targets were
+not provided by hostname. It will also not add the same IP that was initially
+chosen for scanning by Nmap.
+]]
+
+---
+-- @usage
+-- nmap --script=resolveall --script-args=newtargets,resolveall.hosts={<host1>, ...} ...
+-- nmap --script=resolveall manyaddresses.example.com
+-- @args resolveall.hosts Table of hostnames to resolve
+-- @output
+-- Pre-scan script results:
+-- | resolveall:
+-- | Host 'google.com' resolves to:
+-- | 74.125.39.106
+-- | 74.125.39.147
+-- | 74.125.39.99
+-- | 74.125.39.103
+-- | 74.125.39.105
+-- | 74.125.39.104
+-- |_ Successfully added 6 new targets
+-- Host script results:
+-- | resolveall:
+-- | Host 'chat.freenode.net' also resolves to:
+-- | 94.125.182.252
+-- | 185.30.166.37
+-- | 162.213.39.42
+-- | 193.10.255.100
+-- | 139.162.227.51
+-- | 195.154.200.232
+-- | 164.132.77.237
+-- | 185.30.166.38
+-- | 130.185.232.126
+-- | 38.229.70.22
+-- |_ Successfully added 10 new targets
+-- @xmloutput
+-- <elem key="newtargets">4</elem>
+-- <table key="hosts">
+-- <table key="google.com">
+-- <elem>74.125.39.106</elem>
+-- <elem>74.125.39.147</elem>
+-- <elem>74.125.39.99</elem>
+-- <elem>74.125.39.103</elem>
+-- </table>
+-- </table>
+
+author = "Kris Katterjohn"
+
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+
+categories = {"safe", "discovery"}
+
+
+prerule = function()
+ return stdnse.get_script_args("resolveall.hosts")
+end
+
+hostrule = function(host)
+ return host.targetname
+end
+
+local addtargets = function(list)
+ local sum = 0
+
+ for _, t in ipairs(list) do
+ local st, err = target.add(t)
+ if st then
+ sum = sum + 1
+ else
+ stdnse.debug1("Couldn't add target %s: %s", t, err)
+ end
+ end
+
+ return sum
+end
+
+preaction = function()
+ local hosts = stdnse.get_script_args("resolveall.hosts")
+
+ if type(hosts) ~= "table" then
+ hosts = {hosts}
+ end
+
+ local sum = 0
+ local output = {}
+ local xmloutput = {}
+ for _, host in ipairs(hosts) do
+ local status, list = nmap.resolve(host, nmap.address_family())
+ if status and #list > 0 then
+ if target.ALLOW_NEW_TARGETS then
+ sum = sum + addtargets(list)
+ end
+ xmloutput[host] = list
+ table.insert(output, string.format("Host '%s' resolves to:", host))
+ table.insert(output, list)
+ end
+ end
+
+ xmloutput = {
+ hosts = xmloutput,
+ newtargets = sum or 0,
+ }
+ if sum > 0 then
+ table.insert(output, string.format("Successfully added %d new targets", sum))
+ else
+ table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
+ end
+ table.insert(output, "Use the --resolve-all option to scan all resolved addresses without using this script.")
+ return xmloutput, stdnse.format_output(true, output)
+end
+
+hostaction = function(host)
+ local sum = 0
+ local output = {}
+ local status, list = nmap.resolve(host.targetname, nmap.address_family())
+ if not status or #list <= 0 then
+ return nil
+ end
+ -- Don't re-add this same IP!
+ for i = #list, 1, -1 do
+ if ipOps.compare_ip(list[i], "eq", host.ip) then
+ table.remove(list, i)
+ end
+ end
+ if target.ALLOW_NEW_TARGETS then
+ sum = sum + addtargets(list)
+ end
+ table.insert(output, string.format("Host '%s' also resolves to:", host.targetname))
+ table.insert(output, list)
+
+ local xmloutput = {
+ addresses = list,
+ newtargets = sum or 0,
+ }
+ if sum > 0 then
+ table.insert(output, string.format("Successfully added %d new targets", sum))
+ else
+ table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
+ end
+ table.insert(output, ("Use the --resolve-all option to scan all resolved addresses without using this script."):format(host.targetname))
+ return xmloutput, stdnse.format_output(true, output)
+end
+
+local ActionsTable = {
+ -- prerule: resolve via script-args
+ prerule = preaction,
+ -- hostrule: resolve via scanned host
+ hostrule = hostaction
+}
+
+-- execute the action function corresponding to the current rule
+action = function(...) return ActionsTable[SCRIPT_TYPE](...) end