Nmap dns-blacklist NSE Script
This page contains detailed information about how to use the dns-blacklist NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/dns-blacklist.nse
Script categories: external, safe
Target service / protocol: -
Target network port(s): -
List of CVEs: -
Script Description
The dns-blacklist.nse script checks target IP addresses against multiple DNS anti-spam and open proxy blacklists and returns a list of services for which an IP has been flagged. Checks may be limited by service category (eg: SPAM, PROXY) or to a specific service name.
Dns-blacklist NSE Script Arguments
This is a full list of arguments supported by the dns-blacklist.nse script:
dns-blacklist.categoryString containing the service category to query eg. spam or proxy (default: all)
dns-blacklist.ipString containing the IP to check only needed if running the script as a prerule.
dns-blacklist.listLists all services that are available for a certain category.
dns-blacklist.modeString containing either "short" or "long" long mode can sometimes provide additional information to why an IP has been blacklisted. (default: long)
dns-blacklist.servicesString containing a comma-separated list of services to query. (default: all)
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=dns-blacklist --script-args dns-blacklist.category=value,dns-blacklist.ip=value <target>Dns-blacklist NSE Script Example Usage
Here's an example of how to use the dns-blacklist.nse script:
nmap --script dns-blacklist --script-args='dns-blacklist.ip=<ip>'
or
nmap -sn <ip> --script dns-blacklist
Dns-blacklist NSE Script Example Output
Here's a sample output from the dns-blacklist.nse script:
Pre-scan script results:
| dns-blacklist:
| 1.2.3.4
| PROXY
| dnsbl.tornevall.org - PROXY
| IP marked as "abusive host".
| Proxy is working
| Proxy has been scanned
| SPAM
| dnsbl.inps.de - SPAM
| Spam Received See: http://www.sorbs.net/lookup.shtml?1.2.3.4
| l2.apews.org - SPAM
| list.quorum.to - SPAM
| bl.spamcop.net - SPAM
|_ spam.dnsbl.sorbs.net - SPAM
Supported blacklist list mode (--script-args dns-blacklist.list):
| dns-blacklist:
| PROXY
| socks.dnsbl.sorbs.net
| http.dnsbl.sorbs.net
| misc.dnsbl.sorbs.net
| dnsbl.tornevall.org
| SPAM
| dnsbl.inps.de
| bl.nszones.com
| l2.apews.org
| list.quorum.to
| all.spamrats.com
| bl.spamcop.net
| spam.dnsbl.sorbs.net
|_ sbl.spamhaus.org
Dns-blacklist NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Patrik Karlsson
References
- https://nmap.org/nsedoc/scripts/dns-blacklist.html
- https://github.com/nmap/nmap/tree/master/scripts/dns-blacklist.nse
- http://www.sorbs.net/lookup.shtml?1.2.3.4
See Also
Related NSE scripts to the dns-blacklist.nse script:
- dns-brute.nse
- dns-cache-snoop.nse
- dns-check-zone.nse
- dns-client-subnet-scan.nse
- dns-fuzz.nse
- dns-ip6-arpa-scan.nse
- dns-nsec3-enum.nse
- dns-nsec-enum.nse
- dns-nsid.nse
- dns-random-srcport.nse
- dns-random-txid.nse
- dns-recursion.nse
- dns-service-discovery.nse
- dns-srv-enum.nse
- dns-update.nse
- dns-zeustracker.nse
- dns-zone-transfer.nse
Visit Nmap NSE Library for more scripts.
The dns-blacklist.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
A service filter can't be used without a specific category
Here is a relevant code snippet related to the "A service filter can't be used without a specific category" error message:
113:
114: dnsblAction = function(host)
115:
116: local helper
117: if ( arg_services and ( not(arg_category) or "all" == arg_category:lower() ) ) then
118: return fail("A service filter can't be used without a specific category")
119: elseif( "all" ~= arg_category ) then
120: helper = dnsbl.Helper:new(arg_category, arg_mode)
121: helper:setFilter(arg_services)
122: local status, err = helper:validateFilter()
123: if ( not(status) ) then
Invalid argument supplied, mode should be either 'short' or 'long'
Here is a relevant code snippet related to the "Invalid argument supplied, mode should be either 'short' or 'long'" error message:
153:
154: -- execute the action function corresponding to the current rule
155: action = function(...)
156:
157: if ( arg_mode ~= "short" and arg_mode ~= "long" ) then
158: return fail("Invalid argument supplied, mode should be either 'short' or 'long'")
159: end
160:
161: if ( arg_IP and not(ipOps.todword(arg_IP)) ) then
162: return fail("Invalid IP address was supplied")
163: end
Invalid IP address was supplied
Here is a relevant code snippet related to the "Invalid IP address was supplied" error message:
157: if ( arg_mode ~= "short" and arg_mode ~= "long" ) then
158: return fail("Invalid argument supplied, mode should be either 'short' or 'long'")
159: end
160:
161: if ( arg_IP and not(ipOps.todword(arg_IP)) ) then
162: return fail("Invalid IP address was supplied")
163: end
164:
165: -- if the list argument was given, just list the services and abort
166: if ( arg_list ) then
167: return listServices()
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
