CHips L MINI SHELL

CHips L pro

Current Path : /proc/2/root/usr/local/ssl/share/nmap/scripts/
Upload File :
Current File : //proc/2/root/usr/local/ssl/share/nmap/scripts/hostmap.nse

description = [[
Tries to find hostnames that resolve to the target's IP address by querying the online database at http://www.bfk.de/bfk_dnslogger.html.

The script is in the "external" category because it sends target IPs to a third party in order to query their database.
]]

---
-- @args hostmap.prefix If set, saves the output for each host in a file
-- called "<prefix><target>". The file contains one entry per line.
-- @args newtargets If set, add the new hostnames to the scanning queue.
-- This the names presumably resolve to the same IP address as the
-- original target, this is only useful for services such as HTTP that
-- can change their behavior based on hostname.
--
-- @usage
-- nmap --script hostmap --script-args hostmap.prefix=hostmap- <targets>
--
-- @output
-- Host script results:
-- | hostmap: Saved to hostmap-nmap.org
-- | insecure.org
-- | 74.207.254.18
-- | web.insecure.org
-- | download.insecure.org
-- | images.insecure.org
-- | www.insecure.org
-- | nmap.org
-- | www.nmap.org
-- | sectools.org
-- | mirror.sectools.org
-- | www.sectools.org
-- |_seclists.org

author = "Ange Gutek"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"external", "discovery", "intrusive"}

require "dns"
require "ipOps"
require "http"
require "stdnse"
require "target"

local HOSTMAP_SERVER = "www.bfk.de"

local filename_escape, write_file

hostrule = function(host)
  return not ipOps.isPrivate(host.ip)
end

action = function(host)
  local query = "/bfk_dnslogger.html?query=" .. host.ip
  local response

  response = http.get(HOSTMAP_SERVER, 80, query)
  if not response.status then
    return string.format("Error: could not GET http://%s%s", HOSTMAP_SERVER, query)
  end

  local hostnames = {}
  for entry in string.gmatch(response.body, "#result\">([^<]-)</a>") do
    if not hostnames[entry] then
      if target.ALLOW_NEW_TARGETS then
        local status, err = target.add(entry)
      end
      hostnames[entry] = true
      if string.match(entry, "%d+%.%d+%.%d+%.%d+") or dns.query(entry) then
        hostnames[#hostnames + 1] = entry
      else
        hostnames[#hostnames + 1] = entry .. " (cannot resolve)"
      end
    end
  end

  if #hostnames == 0 then
    if not string.find(response.body, "<p>The server returned no hits.</p>") then
      return "Error: found no hostnames but not the marker for \"no hostnames found\" (pattern error?)"
    end
    return
  end

  local hostnames_str = stdnse.strjoin("\n", hostnames)
  local output_str

  local filename_prefix = stdnse.get_script_args("hostmap.prefix")
  if filename_prefix then
    local filename = filename_prefix .. filename_escape(host.targetname or host.ip)
    local status, err = write_file(filename, hostnames_str .. "\n")
    if status then
      output_str = string.format("Saved to %s\n", filename)
    else
      output_str = string.format("Error saving to %s: %s\n", filename, err)
    end
  else
    output_str = "\n"
  end
  output_str = output_str .. stdnse.strjoin("\n", hostnames)

  return output_str
end

-- Escape some potentially unsafe characters in a string meant to be a filename.
function filename_escape(s)
  return string.gsub(s, "[%z/=]", function(c)
    return string.format("=%02X", string.byte(c))
  end)
end

function write_file(filename, contents)
  local f, err = io.open(filename, "w")
  if not f then
    return f, err
  end
  f:write(contents)
  f:close()
  return true
end

Copyright 2K16 - 2K18 Indonesian Hacker Rulez