9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
NOTE: This script has been replaced by the --resolve-all
command-line option in Nmap 7.70
Resolves hostnames and adds every address (IPv4 or IPv6, depending on Nmap mode) to Nmap’s target list. This differs from Nmap’s normal host resolution process, which only scans the first address (A or AAAA record) returned for each host name.
The script will run on any target provided by hostname. It can also be fed hostnames via the resolveall.hosts
argument. Because it adds new targets by IP address it will not run recursively, since those new targets were not provided by hostname. It will also not add the same IP that was initially chosen for scanning by Nmap.
Table of hostnames to resolve
See the documentation for the target library.
nmap --script=resolveall --script-args=newtargets,resolveall.hosts={<host1>, ...} ...
nmap --script=resolveall manyaddresses.example.com
Pre-scan script results:
| resolveall:
| Host 'google.com' resolves to:
| 74.125.39.106
| 74.125.39.147
| 74.125.39.99
| 74.125.39.103
| 74.125.39.105
| 74.125.39.104
|_ Successfully added 6 new targets
Host script results:
| resolveall:
| Host 'chat.freenode.net' also resolves to:
| 94.125.182.252
| 185.30.166.37
| 162.213.39.42
| 193.10.255.100
| 139.162.227.51
| 195.154.200.232
| 164.132.77.237
| 185.30.166.38
| 130.185.232.126
| 38.229.70.22
|_ Successfully added 10 new targets
local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
local target = require "target"
local ipOps = require "ipOps"
description = [[
NOTE: This script has been replaced by the <code>--resolve-all</code>
command-line option in Nmap 7.70
Resolves hostnames and adds every address (IPv4 or IPv6, depending on
Nmap mode) to Nmap's target list. This differs from Nmap's normal
host resolution process, which only scans the first address (A or AAAA
record) returned for each host name.
The script will run on any target provided by hostname. It can also be fed
hostnames via the <code>resolveall.hosts</code> argument. Because it adds new
targets by IP address it will not run recursively, since those new targets were
not provided by hostname. It will also not add the same IP that was initially
chosen for scanning by Nmap.
]]
---
-- @usage
-- nmap --script=resolveall --script-args=newtargets,resolveall.hosts={<host1>, ...} ...
-- nmap --script=resolveall manyaddresses.example.com
-- @args resolveall.hosts Table of hostnames to resolve
-- @output
-- Pre-scan script results:
-- | resolveall:
-- | Host 'google.com' resolves to:
-- | 74.125.39.106
-- | 74.125.39.147
-- | 74.125.39.99
-- | 74.125.39.103
-- | 74.125.39.105
-- | 74.125.39.104
-- |_ Successfully added 6 new targets
-- Host script results:
-- | resolveall:
-- | Host 'chat.freenode.net' also resolves to:
-- | 94.125.182.252
-- | 185.30.166.37
-- | 162.213.39.42
-- | 193.10.255.100
-- | 139.162.227.51
-- | 195.154.200.232
-- | 164.132.77.237
-- | 185.30.166.38
-- | 130.185.232.126
-- | 38.229.70.22
-- |_ Successfully added 10 new targets
-- @xmloutput
-- <elem key="newtargets">4</elem>
-- <table key="hosts">
-- <table key="google.com">
-- <elem>74.125.39.106</elem>
-- <elem>74.125.39.147</elem>
-- <elem>74.125.39.99</elem>
-- <elem>74.125.39.103</elem>
-- </table>
-- </table>
author = "Kris Katterjohn"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"safe", "discovery"}
prerule = function()
return stdnse.get_script_args("resolveall.hosts")
end
hostrule = function(host)
return host.targetname
end
local addtargets = function(list)
local sum = 0
for _, t in ipairs(list) do
local st, err = target.add(t)
if st then
sum = sum + 1
else
stdnse.debug1("Couldn't add target %s: %s", t, err)
end
end
return sum
end
preaction = function()
local hosts = stdnse.get_script_args("resolveall.hosts")
if type(hosts) ~= "table" then
hosts = {hosts}
end
local sum = 0
local output = {}
local xmloutput = {}
for _, host in ipairs(hosts) do
local status, list = nmap.resolve(host, nmap.address_family())
if status and #list > 0 then
if target.ALLOW_NEW_TARGETS then
sum = sum + addtargets(list)
end
xmloutput[host] = list
table.insert(output, string.format("Host '%s' resolves to:", host))
table.insert(output, list)
end
end
xmloutput = {
hosts = xmloutput,
newtargets = sum or 0,
}
if sum > 0 then
table.insert(output, string.format("Successfully added %d new targets", sum))
else
table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
end
table.insert(output, "Use the --resolve-all option to scan all resolved addresses without using this script.")
return xmloutput, stdnse.format_output(true, output)
end
hostaction = function(host)
local sum = 0
local output = {}
local status, list = nmap.resolve(host.targetname, nmap.address_family())
if not status or #list <= 0 then
return nil
end
-- Don't re-add this same IP!
for i = #list, 1, -1 do
if ipOps.compare_ip(list[i], "eq", host.ip) then
table.remove(list, i)
end
end
if target.ALLOW_NEW_TARGETS then
sum = sum + addtargets(list)
end
table.insert(output, string.format("Host '%s' also resolves to:", host.targetname))
table.insert(output, list)
local xmloutput = {
addresses = list,
newtargets = sum or 0,
}
if sum > 0 then
table.insert(output, string.format("Successfully added %d new targets", sum))
else
table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
end
table.insert(output, ("Use the --resolve-all option to scan all resolved addresses without using this script."):format(host.targetname))
return xmloutput, stdnse.format_output(true, output)
end
local ActionsTable = {
-- prerule: resolve via script-args
prerule = preaction,
-- hostrule: resolve via scanned host
hostrule = hostaction
}
-- execute the action function corresponding to the current rule
action = function(...) return ActionsTable[SCRIPT_TYPE](...) end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%