Nmap??????DNS??????
???????????? ???????[ 2015/7/20 9:42:38 ] ??????????????????
????Nmap DNS??????
????DNS??Domain Name System?????????????????????????????????IP???????????????????????????????????.????????.????????.???????????DNS????????????????????????????????????н????????????????????????′η????DNS????????????????????????????檔?????DNS????????????裬?????????Щ???????????汾??????????????????????????????????DNS??????跽????
????Nmap???DNS???
???????????DNS????????ID?????????ID????????DNS??????????????????Nmap?У?dns-nsid???????????????ID??????????DNS?????????????У?????NSID??ID??????汾??dns-nsid???????????????????
????nmap -sSU -p 53 --script dns-nsid [???]
???????????е?“-sSU”?????????UDP??TCP SYN??衣
?????????1-4????????????RHEL 6.4??DNS?????????????????????
????root@localhost:~# nmap -sSU -p 53 --script dns-nsid 192.168.1.104
????Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-28 16:04 CST
????Nmap scan report for localhost (192.168.1.104)
????Host is up (0.00033s latency).
????PORT STATE SERVICE
????53/tcp open domain
????53/udp open domain
????| dns-nsid:
????|_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 #?汾
????MAC Address: 00:0C:29:2A:69:34 (VMware)
????Nmap done: 1 IP address (1 host up) scanned in 0.54 seconds
?????????????????У??????????????????????DNS?????汾????9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6??
????Nmap DNS??????Э??
????DNS??????Э???????????????????????б?????????DNS-SD????????????????????л????????????б????Nmap?У?broadcast-dns-service-discovery??????????DNS-SD????????????????????б?????У???????????????
????nmap --script=broadcast-dns-service-discovery
?????????1-5?????broadcast-dns-service-discovery???????DNS-SD??????????????????????
????root@localhost:~# nmap --script=broadcast-dns-service-discovery
????Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-21 13:56 CST
????Pre-scan script results:
????| broadcast-dns-service-discovery:
????| 192.168.1.101
????| 47989/tcp nvstream #nvstream???????
????|_ Address=192.168.1.101 fe80:0:0:0:744c:a0ee:dbfd:769 #nvstream??????
????WARNING: No targets were specified?? so 0 hosts scanned.
????Nmap done: 0 IP addresses (0 hosts up) scanned in 7.06 seconds
?????????????????У??????????????????192.168.1.101??????????????????????У???????????????192.168.1.101??????????DNS??????Э?????????У??????????nvstream???????47989??Э???TCP??????????192.168.1.101??
????Nmap ??????????????DNS?????
????DNS??????????????????????????????DNS????????????????????????????????????????У??????????????????????Nmap?У?dns-recursion???????????????????????????DNS??????????У???????????????
????nmap -sU -p 53 --script=dns-recursion [???]
?????????1-6????????????RHEL 6.4???????DNS???????????????????????
????root@localhost:~# nmap -sU -p 53 --script=dns-recursion 192.168.1.104
????Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-28 16:10 CST
????Nmap scan report for localhost (192.168.1.104)
????Host is up (0.00030s latency).
????PORT STATE SERVICE
????53/udp open domain
????|_dns-recursion: Recursion appears to be enabled #???????????
????MAC Address: 00:0C:29:2A:69:34 (VMware)
????Nmap done: 1 IP address (1 host up) scanned in 2.58 seconds
?????????????????????????????????DNS???????????
????Nmap???DNS??????????????
??????????????????????????????????????????????????????????????????????????????????????????DNS??????????????????Nmap?У?dns-brute??????????DNS???????????????????У???????????????
????nmap --script dns-brute --script-args dns-brute.domain=[????]??dns-brute.threads=[number]??dns-brute.hostlist=[???????б?]??newtargets -sS -p 80 [????]
????????????“dns-brute.domain” ?????????????????????????baidu.com??“dns-brute.threads”?????????????????????????????5??“dns-brute.hostlist”???????????????????????б???????????dns-brute????????????????????????????б??????/usr/share/nmap/nselib/data/vhosts-default.lst????????????????????????????
?????????1-7?????DNS??????benet.com??????????????????????????
root@localhost:~# nmap --script dns-brute mail.benet.com
Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-01 16:47 CST
Nmap scan report for mail.benet.com (69.172.201.208)
Host is up (0.26s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Host script results: #????????
| dns-brute:
| DNS Brute-force hostnames: #????????????????
| admin.benet.com - 69.172.201.208
| stats.benet.com - 69.172.201.208
| devel.benet.com - 69.172.201.208
| host.benet.com - 69.172.201.208
| mx.benet.com - 69.172.201.208
| development.benet.com - 69.172.201.208
| administration.benet.com - 69.172.201.208
| http.benet.com - 69.172.201.208
| mx0.benet.com - 69.172.201.208
| devsql.benet.com - 69.172.201.208
| ads.benet.com - 69.172.201.208
| mx1.benet.com - 69.172.201.208
| devtest.benet.com - 69.172.201.208
......
| mobile.benet.com - 69.172.201.208
| helpdesk.benet.com - 69.172.201.208
| monitor.benet.com - 69.172.201.208
| home.benet.com - 69.172.201.208
| mssql.benet.com - 69.172.201.208
|_ mta.benet.com - 69.172.201.208
Nmap done: 1 IP address (1 host up) scanned in 60.25 seconds
?????????????????У??????????????DNS??????benet.com???????????????????IP????????磬???????admin.benet.com??IP?????69.172.201.208??
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11