local http = require "http" local ipOps = require "ipOps" local stdnse = require "stdnse" local string = require "string" local slaxml = require "slaxml" local table = require "table" description = [[ Discovers hostnames that resolve to the target's IP address by querying the online Robtex service at http://ip.robtex.com/. ]] --- -- @usage -- nmap --script hostmap-robtex -sn -Pn scanme.nmap.org -- -- @output -- | hostmap-robtex: -- | hosts: -- |_ scanme.nmap.org -- -- @xmloutput -- -- nmap.org --
--- author = "Arturo 'Buanzo' Busleiman" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = { "discovery", "safe", "external" } --- Scrape domains sharing target host ip from robtex website -- -- //section[@id="x_shared"]//li//text() -- @param data string containing the retrieved web page -- @return table containing the host names sharing host.ip function parse_robtex_response (data) local in_li = false local result = {} local parser = slaxml.parser:new({ startElement = function(name, nsURI, nsPrefix) in_li = in_li or name == "li" end, closeElement = function(name, nsURI, nsPrefix) if name == "li" then in_li = false end end, text = function(text) if in_li then result[#result+1] = text end end, }) parser:parseSAX(data:match(']-id="x_shared".-')) return result end hostrule = function (host) return not ipOps.isPrivate(host.ip) end action = function (host) local link = "https://www.robtex.com/en/advisory/ip/" .. host.ip:gsub("%.", "/") .. "/" local htmldata = http.get_url(link) local domains = parse_robtex_response(htmldata.body) local output_tab = stdnse.output_table() if (#domains > 0) then output_tab.hosts = domains end return output_tab end