Nmap NSE net: dns-zone-transfer

2011-06-01T00:00:00
ID OPENVAS:1361412562310104061
Type openvas
Reporter NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH
Modified 2018-10-26T00:00:00

Description

Requests a zone transfer (AXFR) from a DNS server.

The script sends an AXFR query to a DNS server. The domain to query is determined by examining the name given on the command line, the DNS server

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_nmap_dns_zone_transfer_net.nasl 12117 2018-10-26 10:50:36Z cfischer $
#
# Autogenerated NSE wrapper
#
# Authors:
# NSE-Script: Eddie Bell
# NASL-Wrapper: autogenerated
#
# Copyright:
# NSE-Script: The Nmap Security Scanner (http://nmap.org)
# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.104061");
  script_version("$Revision: 12117 $");
  script_tag(name:"last_modification", value:"$Date: 2018-10-26 12:50:36 +0200 (Fri, 26 Oct 2018) $");
  script_tag(name:"creation_date", value:"2011-06-01 16:32:46 +0200 (Wed, 01 Jun 2011)");
  script_tag(name:"cvss_base", value:"0.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
  script_name("Nmap NSE net: dns-zone-transfer");
  script_category(ACT_INIT);
  script_tag(name:"qod_type", value:"remote_analysis");
  script_copyright("NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH");
  script_family("Nmap NSE net");
  script_dependencies("nmap_nse_net.nasl");
  script_mandatory_keys("Tools/Launch/nmap_nse_net");

  script_add_preference(name:"dns-zone-transfer.server", value:"", type:"entry");
  script_add_preference(name:"dns-zone-transfer.addall", value:"", type:"entry");
  script_add_preference(name:"dns-zone-transfer.port", value:"", type:"entry");
  script_add_preference(name:"dns-zone-transfer.domain", value:"", type:"entry");

  script_xref(name:"URL", value:"http://www.zytrax.com/books/dns/");
  script_xref(name:"URL", value:"http://cr.yp.to/djbdns/axfr-notes.html");

  script_tag(name:"summary", value:"Requests a zone transfer (AXFR) from a DNS server.

The script sends an AXFR query to a DNS server. The domain to query is determined by examining the
name given on the command line, the DNS server's hostname, or it can be specified with the <code
>dns-zone-transfer.domain' script argument. If the query is successful all domains and domain
types are returned along with common type specific data (SOA/MX/NS/PTR/A).

This script can run at different phases of an Nmap scan: * Script Pre-scanning: in this phase the
script will run before any Nmap scan and use the defined DNS server in the arguments. The script
arguments in this phase are:'dns-zone-transfer.server' the DNS server to use, can be a
hostname or an IP address and must be specified. The 'dns-zone-transfer.port' argument is
optional and can be used to specify the DNS server port. * Script scanning: in this phase the script
will run after the other Nmap phases and against an Nmap discovered DNS server. If we don't have the
'true' hostname for the DNS server we cannot determine a likely zone to perform the transfer on.

SYNTAX:

dns-zone-transfer.server:  DNS server. If set, this argument will
enable the script for the 'Script Pre-scanning phase'.

dns-zone-transfer.addall:   If specified, adds all IP addresses
including private ones onto Nmap scanning queue when the
script argument 'newtargets' is given. The default
behavior is to skip private IPs (non-routable).

dns-zone-transfer.port:  DNS server port, this argument concerns
the 'Script Pre-scanning phase' and it's optional, the default
value is '53'.

dns-zone-transfer.domain:  Domain to transfer.");

  exit(0);
}

include("nmap.inc");

# The corresponding NSE script doesn't belong to the 'safe' category
if (safe_checks()) exit(0);

phase = 0;
if (defined_func("scan_phase")) {
  phase = scan_phase();
}

if (phase == 1) {
    argv = make_array();

    pref = script_get_preference("dns-zone-transfer.server");
    if (!isnull(pref) && pref != "") {
        argv["dns-zone-transfer.server"] = string('"', pref, '"');
    }
    pref = script_get_preference("dns-zone-transfer.addall");
    if (!isnull(pref) && pref != "") {
        argv["dns-zone-transfer.addall"] = string('"', pref, '"');
    }
    pref = script_get_preference("dns-zone-transfer.port");
    if (!isnull(pref) && pref != "") {
        argv["dns-zone-transfer.port"] = string('"', pref, '"');
    }
    pref = script_get_preference("dns-zone-transfer.domain");
    if (!isnull(pref) && pref != "") {
        argv["dns-zone-transfer.domain"] = string('"', pref, '"');
    }
    nmap_nse_register(script:"dns-zone-transfer", args:argv);
} else if (phase == 2) {
    res = nmap_nse_get_results(script:"dns-zone-transfer");
    foreach portspec (keys(res)) {
        output_banner = 'Result found by Nmap Security Scanner (dns-zone-transfer.nse) http://nmap.org:\n\n';
        if (portspec == "0") {
            log_message(data:output_banner + res[portspec], port:0);
        } else {
            v = split(portspec, sep:"/", keep:0);
            proto = v[0];
            port = v[1];
            log_message(data:output_banner + res[portspec], port:port, protocol:proto);
        }
    }
}