Nmap dns-srv-enum NSE Script
This page contains detailed information about how to use the dns-srv-enum NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/dns-srv-enum.nse
Script categories: discovery, safe
Target service / protocol: -
Target network port(s): -
List of CVEs: -
Script Description
The dns-srv-enum.nse script enumerates various common service (SRV) records for a given domain name. The service records contain the hostname, port and priority of servers for a given service. The following services are enumerated by the script:
- Active Directory Global Catalog
- Exchange Autodiscovery
- Kerberos KDC Service
- Kerberos Passwd Change Service
- LDAP Servers
- SIP Servers
- XMPP S2S
- XMPP C2S
Dns-srv-enum NSE Script Arguments
This is a full list of arguments supported by the dns-srv-enum.nse script:
dns-srv-enum.domainString containing the domain to query
dns-srv-enum.filterString containing the service to query (default: all)
max-newtargetsSets the number of the maximum allowed new targets. If set to 0 or less then there is no limit. The default value is 0.
newtargetsIf specified, lets NSE scripts add new targets.
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=dns-srv-enum --script-args dns-srv-enum.domain=value,dns-srv-enum.filter=value <target>Dns-srv-enum NSE Script Example Usage
Here's an example of how to use the dns-srv-enum.nse script:
nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='example.com'"
Dns-srv-enum NSE Script Example Output
Here's a sample output from the dns-srv-enum.nse script:
| dns-srv-enum:
| Active Directory Global Catalog
| service prio weight host
| 3268/tcp 0 100 stodc01.example.com
| Kerberos KDC Service
| service prio weight host
| 88/tcp 0 100 stodc01.example.com
| 88/udp 0 100 stodc01.example.com
| Kerberos Password Change Service
| service prio weight host
| 464/tcp 0 100 stodc01.example.com
| 464/udp 0 100 stodc01.example.com
| LDAP
| service prio weight host
| 389/tcp 0 100 stodc01.example.com
| SIP
| service prio weight host
| 5060/udp 10 50 vclux2.example.com
| 5070/udp 10 50 vcbxl2.example.com
| 5060/tcp 10 50 vclux2.example.com
| 5060/tcp 10 50 vcbxl2.example.com
| XMPP server-to-server
| service prio weight host
| 5269/tcp 5 0 xmpp-server.l.example.com
| 5269/tcp 20 0 alt2.xmpp-server.l.example.com
| 5269/tcp 20 0 alt4.xmpp-server.l.example.com
| 5269/tcp 20 0 alt3.xmpp-server.l.example.com
|_ 5269/tcp 20 0 alt1.xmpp-server.l.example.com
Dns-srv-enum NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Patrik Karlsson
References
- https://nmap.org/nsedoc/scripts/dns-srv-enum.html
- https://github.com/nmap/nmap/tree/master/scripts/dns-srv-enum.nse
See Also
Related NSE scripts to the dns-srv-enum.nse script:
- dns-blacklist.nse
- dns-brute.nse
- dns-cache-snoop.nse
- dns-check-zone.nse
- dns-client-subnet-scan.nse
- dns-fuzz.nse
- dns-ip6-arpa-scan.nse
- dns-nsec3-enum.nse
- dns-nsec-enum.nse
- dns-nsid.nse
- dns-random-srcport.nse
- dns-random-txid.nse
- dns-recursion.nse
- dns-service-discovery.nse
- dns-update.nse
- dns-zeustracker.nse
- dns-zone-transfer.nse
Visit Nmap NSE Library for more scripts.
The dns-srv-enum.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Invalid filter (%s) was supplied
Here is a relevant code snippet related to the "Invalid filter (%s) was supplied" error message:
149: { name = "XMPP server-to-server", query = {"_xmpp-server._tcp"} },
150: { name = "XMPP client-to-server", query = {"_xmpp-client._tcp"} },
151: }
152:
153: if ( not(checkFilter(services)) ) then
154: return stdnse.format_output(false, ("Invalid filter (%s) was supplied"):format(arg_filter))
155: end
156:
157: local threads, result = {}, {}
158: for name, queries in parseSvcList(services) do
159: if ( not(arg_filter) or 0 == #arg_filter or
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
