Nmap dns-nsec-enum NSE Script
This page contains detailed information about how to use the dns-nsec-enum NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/dns-nsec-enum.nse
Script categories: discovery, intrusive
Target service / protocol: dns, udp, tcp
Target network port(s): 53
List of CVEs: -
Script Description
The dns-nsec-enum.nse script enumerates DNS names using the DNSSEC NSEC-walking technique.
Output is arranged by domain. Within a domain, subzones are shown with increased indentation.
The NSEC response record in DNSSEC is used to give negative answers to
queries, but it has the side effect of allowing enumeration of all
names, much like a zone transfer. This script doesn't work against
servers that use NSEC3 rather than NSEC; for that, see
dns-nsec3-enum
.
Dns-nsec-enum NSE Script Arguments
This is a full list of arguments supported by the dns-nsec-enum.nse script:
dns-nsec-enum.domainsThe domain or list of domains to enumerate. If not provided, the script will make a guess based on the name of the target.
- - -
To use this script argument, add it to Nmap command line like in this example:
nmap --script=dns-nsec-enum --script-args dns-nsec-enum.domains=value <target>
Dns-nsec-enum NSE Script Example Usage
Here's an example of how to use the dns-nsec-enum.nse script:
nmap -sSU -p 53 --script dns-nsec-enum --script-args dns-nsec-enum.domains=example.com <target>
Dns-nsec-enum NSE Script Example Output
Here's a sample output from the dns-nsec-enum.nse script:
53/udp open domain udp-response
| dns-nsec-enum:
| example.com
| bulbasaur.example.com
| charmander.example.com
| dugtrio.example.com
| www.dugtrio.example.com
| gyarados.example.com
| johto.example.com
| blue.johto.example.com
| green.johto.example.com
| ns.johto.example.com
| red.johto.example.com
| ns.example.com
| snorlax.example.com
|_ vulpix.example.com
Dns-nsec-enum NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file>
option, Nmap will produce a XML output and save it in the file.xml
file.
Author
- John R. Bond
References
- https://nmap.org/nsedoc/scripts/dns-nsec-enum.html
- https://github.com/nmap/nmap/tree/master/scripts/dns-nsec-enum.nse
- https://nmap.org/svn/docs/licenses/BSD-simplified
See Also
Related NSE scripts to the dns-nsec-enum.nse script:
- dns-blacklist.nse
- dns-brute.nse
- dns-cache-snoop.nse
- dns-check-zone.nse
- dns-client-subnet-scan.nse
- dns-fuzz.nse
- dns-ip6-arpa-scan.nse
- dns-nsec3-enum.nse
- dns-nsid.nse
- dns-random-srcport.nse
- dns-random-txid.nse
- dns-recursion.nse
- dns-service-discovery.nse
- dns-srv-enum.nse
- dns-update.nse
- dns-zeustracker.nse
- dns-zone-transfer.nse
Visit Nmap NSE Library for more scripts.
Version
This page has been created based on Nmap version 7.92.