Wednesday, March 15, 2006

Perl Script that Does Bulk Reverse-DNS Lookups

Speaking of security and pen-testing, below is a Perl script I wrote and use to do bulk reverse-DNS (PTR) lookups on a specified network, during the discovery phase of a network assessment. Just cut-n-paste it into a text editor and save; instructions are in the header comments (Update: You can also download the script here) #!/usr/bin/perl # # Simple script to do bulk PTR lookups on a network of IP's # # Requires Net::DNS, NetAddr::IP # # perl -MCPAN -e 'install Net::DNS; install NetAddr::IP' should do the # trick on any Unix OS. On Debian/Ubuntu, do 'apt-get install # libnet-dns-perl libnetaddr-ip-perl' # # Usage: Takes an IP network or single IP (as per the NetAddr::IP docs # at Output # is a comma-delimited list of the IP addresses and the hostname they # resolved to, or NXDOMAIN if no PTR record exists, or if the IP # address is not well-formed, or error text if there is some other # error with the DNS query. # # Examples: # # ./ > ptr-list.csv # ./ # # Copyright (c) 2006, Doug Maxwell <> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 # USA # use strict; use warnings; use Net::DNS; use NetAddr::IP; my $ip = new NetAddr::IP (shift) || die "Unable to create NetAddr::IP object\n"; my $res = Net::DNS::Resolver->new; my $num = $ip->num(); for (my $i=0; $i<=$num; ++$i) { my $ip_address = $ip->addr(); if ($ip_address) { my $query = $res->search("$ip_address"); if ($query) { foreach my $rr ($query->answer) { next unless $rr->type eq "PTR"; print "$ip_address,",$rr->ptrdname, "\n"; } } else { print "$ip_address,",$res->errorstring,"\n"; } } ++$ip; } Technorati Tags: , ,


Anonymous said...

Wow! I've been seeking a script like this for several years. This will quickly become a key element of my security toolbox. VKB

Len Umina said...

See the documentation for Net::DNS::Resolver as this script will not work as shown.

The default nameserver in the module is broken, so you need to supply one in your code. Also the output isn't as documented here.


Doug said...

Can you be more specific? The script works fine for me on Linux - has for some time. The docs specifically say "Returns a resolver object. If given no arguments, new() returns an object configured to your system's defaults. On UNIX systems the defaults are read from the following files, in the order indicated:


So it uses your system resolvers. The output is a comma-delimited list of hostname-ip mappings, I suppose I could be clearer that there are newlines separating the host-ip pairs.

Anonymous said...

I have no result for

Doug said...

"I have no result for"

That's because there is no PTR record for that IP.

Anonymous said...

can you help me I have a list of @IP which no PTR record of this IP and I need to find urls of this IP .

my skype is lassaad.mathlouthi

Ralph said...

WOW! Very clean and straight!

Anonymous said...

no solutions ?

Anonymous said...

Super, works for me, TNX