9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Checks if a DNS server allows queries for third-party names. It is expected that recursion will be enabled on your own internal nameservers.
nmap -sU -p 53 --script=dns-recursion <target>
PORT STATE SERVICE REASON
53/udp open domain udp-response
|_dns-recursion: Recursion appears to be enabled
local comm = require "comm"
local nmap = require "nmap"
local shortport = require "shortport"
local string = require "string"
description = [[
Checks if a DNS server allows queries for third-party names. It is
expected that recursion will be enabled on your own internal
nameservers.
]]
---
-- @usage
-- nmap -sU -p 53 --script=dns-recursion <target>
-- @output
-- PORT STATE SERVICE REASON
-- 53/udp open domain udp-response
-- |_dns-recursion: Recursion appears to be enabled
author = "Felix Groebert"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "safe"}
portrule = shortport.portnumber(53, "udp")
action = function(host, port)
-- generate dns query
local request = "\xde\xad" -- Transaction-ID 0xdead
.. "\x01\x00" -- flags (recursion desired)
.. "\x00\x01" -- 1 question
.. "\x00\x00" -- 0 answers
.. "\x00\x00" -- 0 authority
.. "\x00\x00" -- 0 additional
.. "\x03www\x09wikipedia\x03org\x00" -- www.wikipedia.org.
.. "\x00\x01" -- type A
.. "\x00\x01" -- class IN
local status, result = comm.exchange(host, port, request, {proto="udp"})
if not status then
return
end
nmap.set_port_state(host, port, "open")
-- parse response for dns flags
if (string.byte(result,3) & 0x80) == 0x80
and (string.byte(result,4) & 0x85) == 0x80
then
return "Recursion appears to be enabled"
end
return
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%