-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathhostmap-hackertarget.nse
83 lines (71 loc) · 2.05 KB
/
hostmap-hackertarget.nse
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
local http = require "http"
local ipOps = require "ipOps"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
description = [[
Discovers hostnames (DNS A records) that resolve to the target's IP address by querying the online reverse IP lookup at http://hackertarget.com/reverse-ip-lookup/.
Script based on hostmap-robtex.nse by Arturo 'Buanzo' Busleiman.
Nmap 6.47 may error with:
/usr/local/bin/../share/nmap/nselib/shortport.lua:200: attempt to index field 'version' (a nil value)
Fix issue by getting latest shortport.lua from the Nmap svn.
]]
---
-- @usage
-- nmap --script hostmap-hackertarget -p 80 -Pn nmap.org
--
-- @output
-- | hostmap-hackertarget:
-- | hosts:
-- | cgi.insecure.org
-- | download.insecure.org
-- | images.insecure.org
-- | insecure.com
-- | insecure.org
-- | nmap.com
-- | nmap.net
-- | nmap.org
-- | seclists.org
-- | sectools.org
-- | svn.nmap.org
-- | www.insecure.org
-- | www.nmap.org
-- |_ www.sectools.org
--
-- @xmloutput
-- <table key="hosts">
-- <elem>nmap.org</elem>
-- </table>
---
author = "Peter Hill"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {
"discovery",
"safe",
"external"
}
-- Scrape domains sharing target host ip from hackertarget.com website
-- @param data string containing the retrieved web page
-- @return table containing the host names sharing host.ip
function parse_hackertarget_response (data)
local result = {}
for domain in string.gmatch(data, "([0-9a-z-.]+)") do
if not stdnse.contains(result, domain) then
table.insert(result, domain)
end
end
return result
end
hostrule = function (host)
return not ipOps.isPrivate(host.ip)
end
action = function (host)
local link = "http://api.hackertarget.com/reverseiplookup/?q=" .. host.ip
local htmldata = http.get_url(link)
local domains = parse_hackertarget_response(htmldata.body)
local output_tab = stdnse.output_table()
if (#domains > 0) then
output_tab.hosts = domains
end
return output_tab
end