dns-srv-enum NSE script — Nmap Scripting Engine documentation (original) (raw)

Script Arguments Example Usage Script Output

Script types: prerule
Categories:discovery, safe
Download: https://svn.nmap.org/nmap/scripts/dns-srv-enum.nse

Script Summary

Enumerates various common service (SRV) records for a given domain name. The service records contain the hostname, port and priority of servers for a given service. The following services are enumerated by the script: - Active Directory Global Catalog - Exchange Autodiscovery - Kerberos KDC Service - Kerberos Passwd Change Service - LDAP Servers - SIP Servers - XMPP S2S - XMPP C2S

Script Arguments

dns-srv-enum.domain

string containing the domain to query

dns-srv-enum.filter

string containing the service to query (default: all)

max-newtargets, newtargets

See the documentation for the target library.

Example Usage

nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='example.com'"

Script Output

| dns-srv-enum: | Active Directory Global Catalog | service prio weight host | 3268/tcp 0 100 stodc01.example.com | Kerberos KDC Service | service prio weight host | 88/tcp 0 100 stodc01.example.com | 88/udp 0 100 stodc01.example.com | Kerberos Password Change Service | service prio weight host | 464/tcp 0 100 stodc01.example.com | 464/udp 0 100 stodc01.example.com | LDAP | service prio weight host | 389/tcp 0 100 stodc01.example.com | SIP | service prio weight host | 5060/udp 10 50 vclux2.example.com | 5070/udp 10 50 vcbxl2.example.com | 5060/tcp 10 50 vclux2.example.com | 5060/tcp 10 50 vcbxl2.example.com | XMPP server-to-server | service prio weight host | 5269/tcp 5 0 xmpp-server.l.example.com | 5269/tcp 20 0 alt2.xmpp-server.l.example.com | 5269/tcp 20 0 alt4.xmpp-server.l.example.com | 5269/tcp 20 0 alt3.xmpp-server.l.example.com |_ 5269/tcp 20 0 alt1.xmpp-server.l.example.com

Requires

• coroutine
• dns
• nmap
• stdnse
• tab
• table
• target

Author:

License: Same as Nmap--See https://nmap.org/book/man-legal.html