-
Notifications
You must be signed in to change notification settings - Fork 11
/
http-robtex-reverse-ip.nse
71 lines (63 loc) · 1.66 KB
/
http-robtex-reverse-ip.nse
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
description = [[
This script is inspired from http-reverse-ip to do a reverse ip lookup
using robtex website by parsing http://www.robtex.com/ip/ and return
maximum of 100 domains
]]
---
-- @usage
-- nmap -p80 --script http-robtex-reverse-ip <host>
--
-- @output
-- PORT STATE SERVICE
-- 80/tcp open http
-- | http-robtex-info-ip:
-- | *.insecure.org
-- | *.nmap.com
-- | *.nmap.org
-- | *.seclists.org
-- | insecure.com
-- | insecure.org
-- | lists.insecure.org
-- | nmap.com
-- | nmap.net
-- | nmap.org
-- | seclists.org
-- | sectools.org
-- | web.insecure.org
-- | www.insecure.org
-- | www.nmap.com
-- | www.nmap.org
-- | www.seclists.org
-- | _images.insecure.org
-- @args http-robtex-reverse-ip.host Host to check.
---
author = "riemann"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe", "external"}
require "http"
require "shortport"
portrule = shortport.http
--- get reverse ip informations from robtex website
---() param data
---() return table
function parse_robtex_response(data)
local data = string.gsub(data,"\r?\n","")
local result = {}
for num,href,link in string.gmatch(data,"<span id=\"dns(%d+)\"><a href=\"(.-)\">(.-)</a></span>") do
table.insert(result,link)
end
return result
end
action = function(host, port)
if(stdnse.get_script_args("http-robtex-reverse-ip.host")) then
target = stdnse.get_script_args("http-robtex-reverse-ip.host")
else
target = host.ip
end
local link = "http://www.robtex.com/ip/"..target..".html"
local htmldata = http.get_url(link)
local domains = parse_robtex_response(htmldata.body)
if #domains > 0 then
return "\n" .. stdnse.strjoin("\n", domains)
end
end