Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapKris KatterjohnNMAP:RESOLVEALL.NSE
HistorySep 28, 2010 - 2:04 a.m.

resolveall NSE Script

2010-09-2802:04:20
Kris Katterjohn
nmap.org
89

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

NOTE: This script has been replaced by the --resolve-all command-line option in Nmap 7.70

Resolves hostnames and adds every address (IPv4 or IPv6, depending on Nmap mode) to Nmap’s target list. This differs from Nmap’s normal host resolution process, which only scans the first address (A or AAAA record) returned for each host name.

The script will run on any target provided by hostname. It can also be fed hostnames via the resolveall.hosts argument. Because it adds new targets by IP address it will not run recursively, since those new targets were not provided by hostname. It will also not add the same IP that was initially chosen for scanning by Nmap.

Script Arguments

resolveall.hosts

Table of hostnames to resolve

max-newtargets, newtargets

See the documentation for the target library.

Example Usage

nmap --script=resolveall --script-args=newtargets,resolveall.hosts={<host1>, ...} ...
nmap --script=resolveall manyaddresses.example.com

Script Output

Pre-scan script results:
| resolveall:
|   Host 'google.com' resolves to:
|     74.125.39.106
|     74.125.39.147
|     74.125.39.99
|     74.125.39.103
|     74.125.39.105
|     74.125.39.104
|_  Successfully added 6 new targets
Host script results:
| resolveall:
|   Host 'chat.freenode.net' also resolves to:
|     94.125.182.252
|     185.30.166.37
|     162.213.39.42
|     193.10.255.100
|     139.162.227.51
|     195.154.200.232
|     164.132.77.237
|     185.30.166.38
|     130.185.232.126
|     38.229.70.22
|_  Successfully added 10 new targets

Requires

local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
local target = require "target"
local ipOps = require "ipOps"

description = [[
NOTE: This script has been replaced by the <code>--resolve-all</code>
command-line option in Nmap 7.70

Resolves hostnames and adds every address (IPv4 or IPv6, depending on
Nmap mode) to Nmap's target list.  This differs from Nmap's normal
host resolution process, which only scans the first address (A or AAAA
record) returned for each host name.

The script will run on any target provided by hostname. It can also be fed
hostnames via the <code>resolveall.hosts</code> argument. Because it adds new
targets by IP address it will not run recursively, since those new targets were
not provided by hostname. It will also not add the same IP that was initially
chosen for scanning by Nmap.
]]

---
-- @usage
-- nmap --script=resolveall --script-args=newtargets,resolveall.hosts={<host1>, ...} ...
-- nmap --script=resolveall manyaddresses.example.com
-- @args resolveall.hosts Table of hostnames to resolve
-- @output
-- Pre-scan script results:
-- | resolveall:
-- |   Host 'google.com' resolves to:
-- |     74.125.39.106
-- |     74.125.39.147
-- |     74.125.39.99
-- |     74.125.39.103
-- |     74.125.39.105
-- |     74.125.39.104
-- |_  Successfully added 6 new targets
-- Host script results:
-- | resolveall:
-- |   Host 'chat.freenode.net' also resolves to:
-- |     94.125.182.252
-- |     185.30.166.37
-- |     162.213.39.42
-- |     193.10.255.100
-- |     139.162.227.51
-- |     195.154.200.232
-- |     164.132.77.237
-- |     185.30.166.38
-- |     130.185.232.126
-- |     38.229.70.22
-- |_  Successfully added 10 new targets
-- @xmloutput
-- <elem key="newtargets">4</elem>
-- <table key="hosts">
--   <table key="google.com">
--     <elem>74.125.39.106</elem>
--     <elem>74.125.39.147</elem>
--     <elem>74.125.39.99</elem>
--     <elem>74.125.39.103</elem>
--   </table>
-- </table>

author = "Kris Katterjohn"

license = "Same as Nmap--See https://nmap.org/book/man-legal.html"

categories = {"safe", "discovery"}


prerule = function()
  return stdnse.get_script_args("resolveall.hosts")
end

hostrule = function(host)
  return host.targetname
end

local addtargets = function(list)
  local sum = 0

  for _, t in ipairs(list) do
    local st, err = target.add(t)
    if st then
      sum = sum + 1
    else
      stdnse.debug1("Couldn't add target %s: %s", t, err)
    end
  end

  return sum
end

preaction = function()
  local hosts = stdnse.get_script_args("resolveall.hosts")

  if type(hosts) ~= "table" then
    hosts = {hosts}
  end

  local sum = 0
  local output = {}
  local xmloutput = {}
  for _, host in ipairs(hosts) do
    local status, list = nmap.resolve(host, nmap.address_family())
    if status and #list > 0 then
      if target.ALLOW_NEW_TARGETS then
        sum = sum + addtargets(list)
      end
      xmloutput[host] = list
      table.insert(output, string.format("Host '%s' resolves to:", host))
      table.insert(output, list)
    end
  end

  xmloutput = {
    hosts = xmloutput,
    newtargets = sum or 0,
  }
  if sum > 0 then
    table.insert(output, string.format("Successfully added %d new targets", sum))
  else
    table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
  end
  table.insert(output, "Use the --resolve-all option to scan all resolved addresses without using this script.")
  return xmloutput, stdnse.format_output(true, output)
end

hostaction = function(host)
  local sum = 0
  local output = {}
  local status, list = nmap.resolve(host.targetname, nmap.address_family())
  if not status or #list <= 0 then
    return nil
  end
  -- Don't re-add this same IP!
  for i = #list, 1, -1 do
    if ipOps.compare_ip(list[i], "eq", host.ip) then
      table.remove(list, i)
    end
  end
  if target.ALLOW_NEW_TARGETS then
    sum = sum + addtargets(list)
  end
  table.insert(output, string.format("Host '%s' also resolves to:", host.targetname))
  table.insert(output, list)

  local xmloutput = {
    addresses = list,
    newtargets = sum or 0,
  }
  if sum > 0 then
    table.insert(output, string.format("Successfully added %d new targets", sum))
  else
    table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
  end
  table.insert(output, ("Use the --resolve-all option to scan all resolved addresses without using this script."):format(host.targetname))
  return xmloutput, stdnse.format_output(true, output)
end

local ActionsTable = {
  -- prerule: resolve via script-args
  prerule = preaction,
  -- hostrule: resolve via scanned host
  hostrule = hostaction
}

-- execute the action function corresponding to the current rule
action = function(...) return ActionsTable[SCRIPT_TYPE](...) end

Related

nmap 200
nmap
nmap
ms-sql-empty-password NSE Script
2010-04-04 10:11:54
nat-pmp-info NSE Script
2010-09-28 19:43:06
stuxnet-detect NSE Script
2010-12-12 22:40:42

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for NMAP:RESOLVEALL.NSE
nmap200