search

trustedsec / CS-Situational-Awareness-BOF

Situational Awareness commands implemented using Beacon Object Files
GNU General Public License v2.0
1.28k stars 221 forks source link

Feature Request for nslookup: Support for reverse lookups #31

Closed SoloDefend closed 3 years ago

SoloDefend commented 3 years ago

Looking for reverse lookup support with the nslookup BOF.

If I do nslookup 10.10.10.10 it only returns the A record for the IP but no hostname. If I try the below options I get DNS errors. nslookup 10.10.10.10.in-addr.arpa nslookup 10.10.10.10 PTR

freefirex commented 3 years ago

PTR records are supported, but currently you are targeting an IP that doesn't have a PTR record registered (unless its registered in your testing domain) and you are using the incorrect format.

Please see these tests / examples 10.10.10.10 being invalid Screen Shot 2021-01-22 at 11 54 35 AM A valid PTR lookup Screen Shot 2021-01-22 at 11 55 04 AM How to perform the lookup using our nslookup bof and showing the help for how to format the query Screen Shot 2021-01-22 at 11 55 44 AM

SoloDefend commented 3 years ago

Yeah that's how I had it formatted (omitting the 0) forgot to add PTR to my request here. Was using for internal recon so it looks like the domain doesn't have pointers. Thanks for the clarification.