D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
usr
/
share
/
nmap
/
scripts
/
Filename :
hostmap-robtex.nse
back
Copy
local http = require "http" local ipOps = require "ipOps" local stdnse = require "stdnse" local string = require "string" local table = require "table" description = [[ Discovers hostnames that resolve to the target's IP address by querying the online Robtex service at http://ip.robtex.com/. ]] --- -- @usage -- nmap --script hostmap-robtex -sn -Pn scanme.nmap.org -- -- @output -- | hostmap-robtex: -- | hosts: -- |_ scanme.nmap.org -- -- @xmloutput -- <table key="hosts"> -- <elem>nmap.org</elem> -- </table> --- author = "Arturo 'Buanzo' Busleiman" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = { "discovery", "safe", "external" } --- Scrape domains sharing target host ip from robtex website -- @param data string containing the retrieved web page -- @return table containing the host names sharing host.ip function parse_robtex_response (data) local result = {} for domain in string.gmatch(data, "<span id=\"dns[0-9]+\"><a href=\"//[a-z]+.robtex.com/([^\"]-)%.html\"") do if not table.contains(result, domain) then table.insert(result, domain) end end return result end hostrule = function (host) return not ipOps.isPrivate(host.ip) end action = function (host) local link = "http://ip.robtex.com/" .. host.ip .. ".html" local htmldata = http.get_url(link) local domains = parse_robtex_response(htmldata.body) local output_tab = stdnse.output_table() if (#domains > 0) then output_tab.hosts = domains end return output_tab end function table.contains (table, element) for _, value in pairs(table) do if value == element then return true end end return false end