Nmap??????DNS??????

???????????? ???????[ 2015/7/20 9:42:38 ] ??????????????????

????Nmap DNS??????
????DNS??Domain Name System?????????????????????????????????IP???????????????????????????????????.????????.????????.???????????DNS????????????????????????????????????н????????????????????????′η????DNS????????????????????????????檔?????DNS????????????裬?????????Щ???????????汾??????????????????????????????????DNS??????跽????
????Nmap???DNS???
???????????DNS????????ID?????????ID????????DNS??????????????????Nmap?У?dns-nsid???????????????ID??????????DNS?????????????У?????NSID??ID??????汾??dns-nsid???????????????????
????nmap -sSU -p 53 --script dns-nsid [???]
???????????е?“-sSU”?????????UDP??TCP SYN??衣
?????????1-4????????????RHEL 6.4??DNS?????????????????????
????root@localhost:~# nmap -sSU -p 53 --script dns-nsid 192.168.1.104
????Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-28 16:04 CST
????Nmap scan report for localhost (192.168.1.104)
????Host is up (0.00033s latency).
????PORT   STATE SERVICE
????53/tcp open domain
????53/udp open domain
????| dns-nsid:
????|_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6                                    #?汾
????MAC Address: 00:0C:29:2A:69:34 (VMware)
????Nmap done: 1 IP address (1 host up) scanned in 0.54 seconds
?????????????????У??????????????????????DNS?????汾????9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6??
????Nmap DNS??????Э??
????DNS??????Э???????????????????????б?????????DNS-SD????????????????????л????????????б????Nmap?У?broadcast-dns-service-discovery??????????DNS-SD????????????????????б?????У???????????????
????nmap --script=broadcast-dns-service-discovery
?????????1-5?????broadcast-dns-service-discovery???????DNS-SD??????????????????????
????root@localhost:~# nmap --script=broadcast-dns-service-discovery
????Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-21 13:56 CST
????Pre-scan script results:
????| broadcast-dns-service-discovery:
????|   192.168.1.101
????|     47989/tcp nvstream                                                                                    #nvstream???????
????|_      Address=192.168.1.101 fe80:0:0:0:744c:a0ee:dbfd:769     #nvstream??????
????WARNING: No targets were specified?? so 0 hosts scanned.
????Nmap done: 0 IP addresses (0 hosts up) scanned in 7.06 seconds
?????????????????У??????????????????192.168.1.101??????????????????????У???????????????192.168.1.101??????????DNS??????Э?????????У??????????nvstream???????47989??Э???TCP??????????192.168.1.101??
????Nmap ??????????????DNS?????
????DNS??????????????????????????????DNS????????????????????????????????????????У??????????????????????Nmap?У?dns-recursion???????????????????????????DNS??????????У???????????????
????nmap -sU -p 53 --script=dns-recursion [???]
?????????1-6????????????RHEL 6.4???????DNS???????????????????????
????root@localhost:~# nmap -sU -p 53 --script=dns-recursion 192.168.1.104
????Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-28 16:10 CST
????Nmap scan report for localhost (192.168.1.104)
????Host is up (0.00030s latency).
????PORT   STATE SERVICE
????53/udp open domain
????|_dns-recursion: Recursion appears to be enabled                                        #???????????
????MAC Address: 00:0C:29:2A:69:34 (VMware)
????Nmap done: 1 IP address (1 host up) scanned in 2.58 seconds
?????????????????????????????????DNS???????????
????Nmap???DNS??????????????
??????????????????????????????????????????????????????????????????????????????????????????DNS??????????????????Nmap?У?dns-brute??????????DNS???????????????????У???????????????
????nmap --script dns-brute --script-args dns-brute.domain=[????]??dns-brute.threads=[number]??dns-brute.hostlist=[???????б?]??newtargets -sS -p 80 [????]
????????????“dns-brute.domain” ?????????????????????????baidu.com??“dns-brute.threads”?????????????????????????????5??“dns-brute.hostlist”???????????????????????б???????????dns-brute????????????????????????????б??????/usr/share/nmap/nselib/data/vhosts-default.lst????????????????????????????
?????????1-7?????DNS??????benet.com??????????????????????????
root@localhost:~# nmap --script dns-brute mail.benet.com
Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-01 16:47 CST
Nmap scan report for mail.benet.com (69.172.201.208)
Host is up (0.26s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp open http
443/tcp open https
Host script results:                                                                      #????????
| dns-brute:
|   DNS Brute-force hostnames:                                          #????????????????
|     admin.benet.com - 69.172.201.208
|     stats.benet.com - 69.172.201.208
|     devel.benet.com - 69.172.201.208
|     host.benet.com - 69.172.201.208
|     mx.benet.com - 69.172.201.208
|     development.benet.com - 69.172.201.208
|     administration.benet.com - 69.172.201.208
|     http.benet.com - 69.172.201.208
|     mx0.benet.com - 69.172.201.208
|     devsql.benet.com - 69.172.201.208
|     ads.benet.com - 69.172.201.208
|     mx1.benet.com - 69.172.201.208
|     devtest.benet.com - 69.172.201.208
......
|     mobile.benet.com - 69.172.201.208
|     helpdesk.benet.com - 69.172.201.208
|     monitor.benet.com - 69.172.201.208
|     home.benet.com - 69.172.201.208
|     mssql.benet.com - 69.172.201.208
|_    mta.benet.com - 69.172.201.208
Nmap done: 1 IP address (1 host up) scanned in 60.25 seconds
?????????????????У??????????????DNS??????benet.com???????????????????IP????????磬???????admin.benet.com??IP?????69.172.201.208??