- Nmap 6:Network exploration and security auditing Cookbook
- Paulino Calderon Pale
- 476字
- 2021-08-05 18:31:06
Forcing DNS resolution
DNS names reveal valuable information very often because system administrators name their hosts according to their functions, such as firewall or mail.domain.com. Nmap, by default, does not perform DNS resolution if a host is offline. By forcing DNS resolution, we can gather extra information about the network even if the host seemed to be offline.
This recipe describes how to force DNS resolution for offline hosts during Nmap scans.
How to do it...
Open your terminal and enter the following command:
# nmap -sS -PS -F -R XX.XXX.XXX.220-230
This command will force DNS resolution for offline hosts in the range XX.XXX.XXX.220-230.
Consider using a list scan, which will also perform DNS resolution, respectively –sL.
Yes, a list scan will do that. What I'm trying to convey here is that you can include DNS information of hosts that are down during a port scan or when running an NSE script.
How it works...
The arguments -sS -PS -F -R tell Nmap to perform a TCP SYN Stealth (-sS), SYN ping (-PS), fast port scan (-F), and always perform DNS resolution (-R).
Let's say we want to scan the two IPs surrounding the domain 0xdeadbeefcafe.com with IP XX.XXX.XXX.223, the following command can be used:
# nmap -sS -PS -F -R XX.XXX.XXX.222-224 Nmap scan report for liXX-XXX.members.linode.com (XX.XXX.XXX.222) Host is up (0.11s latency). All 100 scanned ports on liXX-XXX.members.linode.com (XX.XXX.XXX.222) are filtered Nmap scan report for 0xdeadbeefcafe.com (XX.XXX.XXX.223) Host is up (0.11s latency). Not shown: 96 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp Nmap scan report for mail.0xdeadbeefcafe.com (XX.XXX.XXX.224) Host is up (0.11s latency). Not shown: 96 closed ports PORT STATE SERVICE 25/tcp filtered smtp
In this case, a quick scan has told us that this is probably a VPS hosted by Linode and is the location of their mail server as well.
There's more...
You can also disable DNS resolution completely with the argument -n. This speeds up scans and is very recommended if you don't need to DNS resolve a host.
# nmap -sS -PS -F -n scanme.nmap.org
See also
- The Hiding our traffic with additional random data recipe
- The Scanning using specific port ranges recipe in Chapter 1, Nmap Fundamentals
- The Spoofing the origin IP of a port scan recipe in Chapter 3, Gathering Additional Host Information
- The Excluding hosts from yours scans recipe
- The Scanning IPv6 addresses recipe
- The Skipping tests to speed up long scans recipe in Chapter 7, Scanning Large Networks
- The Adjusting timing parameters recipe in Chapter 7, Scanning Large Networks
- The Selecting the correct timing template recipe in Chapter 7, Scanning Large Networks
- Securing Blockchain Networks like Ethereum and Hyperledger Fabric
- 為你護航:網(wǎng)絡(luò)空間安全科普讀本(第2版)
- CSO進階之路:從安全工程師到首席安全官
- 網(wǎng)絡(luò)安全意識導(dǎo)論
- INSTANT Metasploit Starter
- INSTANT Burp Suite Starter
- 開發(fā)者的Web安全戒律:真實威脅與防御實踐
- 數(shù)字安全藍皮書:本質(zhì)屬性與重要特征
- 計算機病毒原理與防范(第2版)
- 防火墻技術(shù)與應(yīng)用(第2版)
- Spring Security(Third Edition)
- 可信計算3.0工程初步(第二版)
- 解密數(shù)據(jù)恢復(fù)
- 網(wǎng)絡(luò)關(guān)鍵設(shè)備安全檢測實施指南
- 信息系統(tǒng)安全等級化保護原理與實踐