Vulners
Lucene search
whois-domain NSE Script
| Reporter | Title | Published | Views | Family All 998 |
|---|---|---|---|---|
 | Exploit for Code Injection in Samba | 2 Dec 202509:55 | – | githubexploit |
| Exploit for Code Injection in Samba | 25 May 201713:20 | – | githubexploit |
| Exploit for Code Injection in Samba | 15 May 202106:52 | – | githubexploit |
| Exploit for Code Injection in Samba | 30 May 201715:08 | – | githubexploit |
| Exploit for Code Injection in Samba | 25 May 201713:20 | – | githubexploit |
| Exploit for CVE-2017-0143 | 16 May 201719:34 | – | githubexploit |
| Exploit for Code Injection in Samba | 9 May 202102:32 | – | githubexploit |
| Exploit for Code Injection in Samba | 5 Jun 201716:25 | – | githubexploit |
| Exploit for Code Injection in Samba | 26 May 201700:58 | – | githubexploit |
| Exploit for Code Injection in Samba | 1 Nov 202223:17 | – | githubexploit |
10
description = [[
Attempts to retrieve information about the domain name of the target
]]
---
-- @see whois-ip.nse
--
-- @usage nmap --script whois-domain.nse <target>
--
-- This script starts by querying the whois.iana.org (which is the root of the
-- whois servers). Using some patterns the script can determine if the response
-- represents a referral to a record hosted elsewhere. If that's the case it will
-- query that referral. The script keeps repeating this until the response don't
-- match with any of the patterns, meaning that there are no other referrals and
-- prints the output.
--
-- @output
-- PORT STATE SERVICE REASON
-- 80/tcp open http syn-ack
-- | whois-domain:
-- | whois3: Record found at whois.arin.net
-- | netrange: 199.19.112.0 - 199.19.119.255
-- | netname: WEBRULON-NETWORK
-- | orgname: webRulon, LLC
-- | orgid: WL-1
-- | country: US stateprov: NY
-- |
-- | orgtechname: webRulon Support
-- | orgtechemail: [email protected]
-- |
-- | Domain name record found at whois.enom.com
-- |
-- | Registration Service Provided By: Namecheap.com
-- | Contact: [email protected]
-- | Visit: http://namecheap.com
-- | Registered through: eNom, Inc.
-- |
-- | Domain name: random-foo-example.com
-- |
-- | Registrant Contact:
-- | Example
-- | John Foo ()
-- |
-- | Fax:
-- | Dimosthenous 215
-- | Athens, Attiki 17673
-- | GR
-- |
-- | Administrative Contact:
-- | Example
-- | John Foo ([email protected])
-- | +30.69425555555
-- | Fax: +1.5555555555
-- | Dimosthenous 215
-- | Athens, Attiki 17673
-- | GR
-- |
-- | Technical Contact:
-- | Example
-- | John Foo ([email protected])
-- | +30.69425555555
-- | Fax: +1.5555555555
-- | Dimosthenous 215
-- | Athens, Attiki 17673
-- | GR
-- |
-- | Status: Active
-- |
-- | Name Servers:
-- | dns1.registrar-servers.com
-- | dns2.registrar-servers.com
-- | dns3.registrar-servers.com
-- | dns4.registrar-servers.com
-- | dns5.registrar-servers.com
-- |
-- | Creation date: 14 Oct 2011 13:41:00
-- | Expiration date: 14 Oct 2013 05:41:00
---
author = "George Chatzisofroniou"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "external", "safe"}
local ipOps = require "ipOps"
local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
hostrule = function( host )
local is_private, err = ipOps.isPrivate( host.ip )
if is_private == nil then
stdnse.debug1("Error in Hostrule: %s.", err )
return false
end
return not is_private
end
action = function( host )
local mutexes = {}
-- If the user has provided a domain name.
if host.targetname then
local referral_patterns = {"refer:%s*(.-)\n", "Whois%sServer:%s*(.-)\n"}
-- Remove www prefix and add a newline.
local query_data = string.gsub(host.targetname, "^www%.", "") .. "\n"
local result
-- First server to query is iana's.
local referral = "whois.iana.org"
while referral do
if not mutexes[referral] then
mutexes[referral] = nmap.mutex(referral)
end
mutexes[referral] "lock"
result = {}
local socket = nmap.new_socket()
local catch = function()
stdnse.debug1( "fail")
socket:close()
end
local status, line = {}
local try = nmap.new_try( catch )
socket:set_timeout( 50000 )
try( socket:connect(referral, 43 ) )
try( socket:send( query_data ) )
while true do
local status, lines = socket:receive_lines(1)
if not status then
break
else
result[#result+1] = lines
end
end
socket:close()
mutexes[referral] "done"
if #result == 0 then
return nil
end
table.insert(result, 1, "\n\nDomain name record found at " .. referral .. "\n")
-- Do we have a referral?
referral = false
for _, p in ipairs(referral_patterns) do
referral = referral or string.match(table.concat(result), p)
end
end
result = table.concat( result )
return result
end
return "You should provide a domain name."
end
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Aug 2020 15:19Current
9.2High risk
Vulners AI Score9.2
EPSS0.94176