mdaxfr

- Mass DNS AXFR
git clone git://git.acid.vegas/mdaxfr.git
Log | Files | Refs | Archive | README | LICENSE

commit 8d0b01e7aade347151f2fd3c3bfec3f2a78df987
parent 084bca55d035b4e8ce0c6c96ff271b580a3eb0fb
Author: acidvegas <acid.vegas@acid.vegas>
Date: Wed, 6 Mar 2024 16:49:33 -0500

now storing AXFR responses in a directory containing the date to track changes in which dns servers allow AXFRs over time

Diffstat:
MREADME.md | 2+-
Aextras/daxfr | 41+++++++++++++++++++++++++++++++++++++++++
Ropennic -> extras/opennic | 0
Aextras/ozones | 29+++++++++++++++++++++++++++++
Mmdaxfr | 34++++++++++++++++------------------
Dozones | 26--------------------------

6 files changed, 87 insertions(+), 45 deletions(-)

diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ It is expected to set *realistic* expectations when using this tool. In contempo
 ## Information
 I only wrote this to shit on **[this bozo](https://github.com/flotwig/TLDR-2/)** who took a dead project & brought it back to life by making it even worse. Rather than making a pull request to give this bloke more credit in his "tenure" as a developer, I decided to just rewrite it all from scratch so people can fork off of *clean* code instead.
 
-This repostiory also contains a [pure POSIX version](./mdaxfr) for portability, aswell as a [script](./opennic) to do zone transfers on [OpenNIC TLDs](https://wiki.opennic.org/opennic/dot) and a special [ozones](./ozones) script for fetching a few obscure additional zones.
+This repostiory also contains a [pure POSIX version](./mdaxfr) for portability, aswell as a [script](./extras/opennic) to do zone transfers on [OpenNIC TLDs](https://wiki.opennic.org/opennic/dot), a special [ozones](./extras/ozones) script for fetching a few obscure additional zones, and a [domain axfr script](./extras/daxfr) to target a specific website.
 
 ## Statistics, laughs, & further thinking...
 As of my last scan in 2023, I was only able to AXFR the zones for **8** out of **1,456** root TLDs, with a few of them being zones that were already retrieved by [acidvegas/czds](https://github.com/acidvegas/czds/), & **114** out of **7,977** TLDs in the [Public suffix list](https://publicsuffix.org/). The addition scripts in this repository provide an additional **37** zone files.

diff --git a/extras/daxfr b/extras/daxfr
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Domain AXFR - developed by acidvegas (https://git.acid.vegas/mdaxfr)
+# This one will take a domain as an argument and attempt to perform an AXFR against all of the nameservers for that domain.
+
+# Colors
+CYAN="\033[1;36m"
+YELLOW="\033[1;33m"
+RED="\033[1;31m"
+GREEN="\033[1;32m"
+RESET="\033[0m"
+GREY="\033[1;90m"
+
+domain="$1" # base domain only, no http, https, or www (can have a subdomain though)
+
+[ -z "$domain" ] && echo "Invalid URL. Exiting." && exit 1
+
+echo "${YELLOW}Attempting AXFR against ${domain}...${RESET}"
+
+nameservers=$(dig NS +short "$domain")
+
+[ -z "$nameservers" ] && echo "${GREY}No nameservers found for ${domain}${RESET}" && exit 1
+
+echo "$nameservers" | while read -r ns; do
+    ns=$(echo "$ns" | sed 's/\.$//')
+    ips=$(host "$ns" | awk '/has address/ { print $4 }')
+
+    [ -z "$ips" ] && echo "${GREY}No IP addresses found for nameserver $ns under ${domain}. Skipping...${RESET}" && continue
+
+    echo "$ips" | while read -r ip; do
+        axfr_output=$(dig @$ip AXFR "$domain")
+        if echo "$axfr_output" | grep -q "Transfer failed."; then
+            echo "${RED}AXFR attempt from $ip ($ns) on ${domain} was not successful.${RESET}"
+        elif echo "$axfr_output" | grep -q "IN"; then
+            echo "${GREEN}Successful AXFR from $ip ($ns) on on ${domain}:${RESET}"
+            echo "${CYAN}$axfr_output${RESET}"
+        else
+            echo "${RED}AXFR attempt from $ip ($ns) on on ${domain} was not successful.${RESET}"
+        fi
+    done
+done
+\ No newline at end of file

diff --git a/opennic b/extras/opennic

diff --git a/extras/ozones b/extras/ozones
@@ -0,0 +1,28 @@
+#!/bin/sh
+# Mass DNS AXFR (other zones) - developed by acidvegas (https://git.acid.vegas/mdaxfr)
+
+# https://portal.switch.ch/pub/open-data/#tab-fccd70a3-b98e-11ed-9a74-5254009dc73c-3
+dig @zonedata.switch.ch ch. AXFR -y hmac-sha512:tsig-zonedata-ch-public-21-01:stZwEGApYumtXkh73qMLPqfbIDozWKZLkqRvcjKSpRnsor6A6MxixRL6C2HeSVBQNfMW4wer+qjS0ZSfiWiJ3Q== > ch.txt
+dig @zonedata.switch.ch li. AXFR -y hmac-sha512:tsig-zonedata-li-public-21-01:t8GgeCn+fhPaj+cRy1epox2Vj4hZ45ax6v3rQCkkfIQNg5fsxuU23QM5mzz+BxJ4kgF/jiQyBDBvL+XWPE6oCQ== > li.txt
+
+dig @zonedata.iis.se  se  AXFR > se.txt
+dig @zonedata.iis.se  nu  AXFR > nu.txt
+
+dig @zone.internet.ee ee. AXFR > ee.txt
+
+dig @ns1.gov.ps xn--ygbi2ammx. AXFR > xn--ygbi2ammx.txt
+
+
+
+
+wget -O sk.txt https://sk-nic.sk/subory/domains.txt # not rfc compliant
+
+wget -O gov.txt https://raw.githubusercontent.com/cisagov/dotgov-data/main/gov.txt # czds available also
+
+wget -O nc.txt https://www.domaine.nc/whos?who=A* # Need to crawl the http maybe for this one...
+
+# https://www.afnic.fr/produits-services/services-associes/donnees-partagees/
+
+curl -s -H 'Accept: application/json' 'https://odata.domain.fi/OpenDomainData.svc/Domains?$inlinecount=allpages' # not sure about this one....
+
+wget -O dn42.txt http://ix.ucis.nl/dn42/dnszone2.php? # Darknet
+\ No newline at end of file

diff --git a/mdaxfr b/mdaxfr
@@ -1,22 +1,21 @@
 #!/bin/sh
 # Mass DNS AXFR (POSIX version) - developed by acidvegas (https://git.acid.vegas/mdaxfr)
 
-OUTPUT_DIR="axfrout"
-mkdir -p "$OUTPUT_DIR"
-mkdir -p "$OUTPUT_DIR/root"
-mkdir -p "$OUTPUT_DIR/psl"
+# Define the current date for data organization
+now=$(date +"%Y-%m-%d")
 
-resolve_nameserver() {
-	dig +short AAAA $1 +short -t A $1 2>/dev/null
-}
+# Define the output directory
+output="axfrout/$now"
 
+# Function to attempt an AXFR request on all possible IP addresses for a nameserver
 attempt_axfr() {
     tld=$1
     nameserver=$2
     filename="$3"
+
     temp_file="${filename}.temp"
+    nameserver_ips=$(dig +short A +retry=3 +time=10 $nameserver && dig +short AAAA +retry=3 +time=10 $nameserver)
 
-    nameserver_ips=$(resolve_nameserver "$nameserver")
     if [ -z "$nameserver_ips" ]; then
         echo -e "\e[31m[FAIL]\e[0m AXFR for \e[36m$tld\e[0m on \e[33m$nameserver\e[0m \e[90m(failed to resolve nameserver)\e[0m"
         return
@@ -35,21 +34,20 @@ attempt_axfr() {
     done
 }
 
-echo "[\e[31mWARNING\e[0m] Most nameservers will block AXFR requests \e[90m(It is normal for most of these to fail)\e[0m"
-sleep 3
+# Create the output directories (if they don't exist)
+mkdir -p "$output/root"
+mkdir -p "$output/psl"
 
-# For root IP space zones
-for i in $(seq 0 255); do
-    dig +nocmd +noall +answer +multiline $i.in-addr.arpa NS >> $OUTPUT_DIR/root/in-addr.arpa.txt
-done
+# Give a warning about the current state of AXFR requests
+echo "[\e[31mWARNING\e[0m] Most nameservers will block AXFR requests \e[90m(It is normal for most of these to fail)\e[0m" && sleep 3
 
 # For root nameservers
 for root in $(dig +short . NS | sed 's/\.$//'); do
-	attempt_axfr "." "$root" "$OUTPUT_DIR/root/$root.txt"
+	attempt_axfr "." "$root" "$output/root/$root.txt"
 done
 
 # Parse the tld list from a root nameserver
-rndroot=$(find $OUTPUT_DIR/root/*.root-servers.net.txt -type f | shuf -n 1)
+rndroot=$(find $output/root/*.root-servers.net.txt -type f | shuf -n 1)
 if [ -z $rndroot ]; then
 	echo "Failed to AXFR a root nameserver (using IANA list instead)"
 	tlds=$(curl -s 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt' | tail -n +2 | tr '[:upper:]' '[:lower:]')
@@ -60,13 +58,13 @@ fi
 # For TLD nameservers
 for tld in $tlds; do
 	for ns in $(dig +short "$tld" NS | sed 's/\.$//'); do
-		attempt_axfr "$tld" "$ns" "$OUTPUT_DIR/$tld.txt"
+		attempt_axfr "$tld" "$ns" "$output/$tld.txt"
 	done
 done
 
 # For Public Suffix List TLD nameservers
 for tld in $(curl -s https://publicsuffix.org/list/public_suffix_list.dat | grep -vE '^(//|.*[*!])' | grep '\.' | awk '{print $1}'); do
 	for ns in $(dig +short "$tld" NS | sed 's/\.$//'); do
-		attempt_axfr "$tld" "$ns" "$OUTPUT_DIR/psl/$tld.txt"
+		attempt_axfr "$tld" "$ns" "$output/psl/$tld.txt"
 	done
 done

diff --git a/ozones b/ozones
@@ -1,25 +0,0 @@
-#!/bin/sh
-# Mass DNS AXFR (other zones) - developed by acidvegas (https://git.acid.vegas/mdaxfr)
-
-# https://portal.switch.ch/pub/open-data/#tab-fccd70a3-b98e-11ed-9a74-5254009dc73c-3
-dig @zonedata.switch.ch ch. AXFR -y hmac-sha512:tsig-zonedata-ch-public-21-01:stZwEGApYumtXkh73qMLPqfbIDozWKZLkqRvcjKSpRnsor6A6MxixRL6C2HeSVBQNfMW4wer+qjS0ZSfiWiJ3Q== > ch.txt
-dig @zonedata.switch.ch li. AXFR -y hmac-sha512:tsig-zonedata-li-public-21-01:t8GgeCn+fhPaj+cRy1epox2Vj4hZ45ax6v3rQCkkfIQNg5fsxuU23QM5mzz+BxJ4kgF/jiQyBDBvL+XWPE6oCQ== > li.txt
-
-dig @zonedata.iis.se  se  AXFR > se.txt
-dig @zonedata.iis.se  nu  AXFR > nu.txt
-
-dig @zone.internet.ee ee. AXFR > ee.txt
-
-dig @ns1.gov.ps xn--ygbi2ammx. AXFR > xn--ygbi2ammx.txt
-
-wget -O sk.txt https://sk-nic.sk/subory/domains.txt
-
-wget -O gov.txt https://raw.githubusercontent.com/cisagov/dotgov-data/main/gov.txt
-
-wget -O nc.txt https://www.domaine.nc/whos?who=A*
-
-# https://www.afnic.fr/produits-services/services-associes/donnees-partagees/
-
-curl -s -H 'Accept: application/json' 'https://odata.domain.fi/OpenDomainData.svc/Domains?$inlinecount=allpages' # not sure about this one....
-
-wget -O dn42.txt http://ix.ucis.nl/dn42/dnszone2.php? # Darknet
-\ No newline at end of file