mdaxfr

- Mass DNS AXFR
git clone git://git.acid.vegas/mdaxfr.git
daxfr (2350B)
      1 #!/bin/sh
      2 # Domain AXFR - developed by acidvegas (https://git.acid.vegas/mdaxfr)
      3 # This one will take a domain as an argument and attempt to perform an AXFR against all of the nameservers for that domain.
      4 # You can also pass an AXFR output file as an argument to attempt AXFR against all of the unique domains found in the file.
      5 
      6 # Colors
      7 BLUE="\033[1;34m"
      8 CYAN="\033[1;36m"
      9 GREEN="\033[1;32m"
     10 GREY="\033[1;90m"
     11 PURPLE='\033[0;35m'
     12 RED="\033[1;31m"
     13 YELLOW="\033[1;33m"
     14 RESET="\033[0m"
     15 
     16 # Globals
     17 output_dir="daxfrout"
     18 
     19 perform_axfr() {
     20     domain=$1
     21     ns=$2
     22     ip=$3
     23 
     24     echo "${YELLOW}Attempting AXFR for ${CYAN}${domain}${YELLOW} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}"
     25 
     26     axfr_output=$(dig +retry=3 +time=10 @$ip AXFR $domain)
     27     axfr_status=$?
     28 
     29     if [ $axfr_status -eq 0 ] && echo "$axfr_output" | grep -q "XFR size: "; then
     30         echo "$axfr_output" > "${output+dir}/axfr-${domain}_${ns}_${ip}.txt"
     31         size=$(echo "$axfr_output" | awk '/XFR size:/ {print $4}')
     32         echo "${GREEN}Successful AXFR for ${CYAN}${domain}${GREEN} from ${PURPLE}${ns} ${GREY}(${ip}) ${BLUE}[${size} records]${RESET}"
     33     else
     34         echo "${RED}    Failed AXFR for ${CYAN}${domain}${RED} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}"
     35     fi
     36 }
     37 
     38 process_domain() {
     39     domain=$1
     40     nameservers=$(dig +short +retry=3 +time=10 $domain NS)
     41 
     42     [ -z "$nameservers" ] && echo "${GREY}No nameservers found for ${CYAN}${domain}{$RESET}" && return
     43 
     44     for ns in $nameservers; do
     45         ns=$(echo "$ns" | sed 's/\.$//')
     46         ns_ip=$(host $ns | awk '/has (IPv6 )?address/ { print $NF }')
     47 
     48         [ -z "$ns_ip" ] && echo "${GREY}No IP addresses found for nameserver ${PURPLE}${ns}${GREY} under ${CYAN}${domain}{RESET}" && continue
     49 
     50         for ip in $ns_ip; do
     51             perform_axfr "$domain" "$ns" "$ip"
     52         done
     53     done
     54 }
     55 
     56 [ $# -eq 0 ] && echo "Usage: $0 <domain> or <path_to_axfr_output>" && exit 1
     57 
     58 mkdir -p $output_dir
     59 
     60 if [ -f "$1" ]; then
     61     root=$(grep -m1 '^; <<>> DiG' $1 | awk '{print $(NF-1)}') # Get the root domain from the dig output
     62     domains=$(grep -a $'\t'IN$'\t'NS$'\t' "$1" | awk '{print $1}' | sort -u | sed 's/\.$//' | grep -v "^$root\.$") # Get the unique domains from the dig output (excluding the root domain)
     63     
     64     for domain in $domains; do
     65         process_domain $domain
     66     done
     67 else
     68     process_domain $1
     69 fi