mdaxfr- Mass DNS AXFR |
| git clone git://git.acid.vegas/mdaxfr.git |
| Log | Files | Refs | Archive | README | LICENSE |
mdaxfr (3443B)
1 #!/bin/sh 2 # Mass DNS AXFR (POSIX version) - developed by acidvegas (https://git.acid.vegas/mdaxfr) 3 4 # Usage: 5 # AXFR on a single domain: 6 # ./mdaxfr <domain> 7 # AXFR on a list of domains: 8 # cat domain_list.txt | ./mdaxfr 9 # AXFR on a list of domains using parallel: 10 # parallel -a domain_list.txt -j 10 ./mdaxfr 11 # AXFR on all domains in an AXFR output file: 12 # domain="in-addr.arpa" cat axfrout/in-addr.arpa.txt | grep -aE "\s+IN\s+NS\s+" | grep -avE "^${domain}\.\s+" | awk '{print $1}' | sort -u | sed 's/\.$//' | ./mdaxfr 13 # AXFR on all TLDs: 14 # curl -s 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt' | tail -n +2 | tr '[:upper:]' '[:lower:]' | ./mdaxfr 15 # AXFR on all PSL TLDs: 16 # curl -s https://publicsuffix.org/list/public_suffix_list.dat | grep -vE '^(//|.*[*!])' | grep '\.' | awk '{print $1}' | ./mdaxfr 17 # AXFR one-liner to rule them all: 18 # curl -s https://www.internic.net/domain/root.zone | awk '$4=="A" || $4=="AAAA" {print substr($1, 3) " " $5}' | sed 's/\.$//' | xargs -n2 sh -c 'dig AXFR "$0" "@$1"' 19 20 # Colors 21 BLUE="\033[1;34m" 22 CYAN="\033[1;36m" 23 GREEN="\033[1;32m" 24 GREY="\033[1;90m" 25 PINK="\033[1;95m" 26 PURPLE="\033[0;35m" 27 RED="\033[1;31m" 28 YELLOW="\033[1;33m" 29 RESET="\033[0m" 30 31 # Set output directory 32 output_dir="axfrout" 33 mkdir -p $output_dir 34 35 axfr() { 36 domain=$1 37 ns=$2 38 ip=$3 39 40 echo " ${YELLOW}Attempting AXFR for ${CYAN}${domain}${YELLOW} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}" 41 42 axfr_output=$(dig +retry=3 +time=10 @$ip AXFR $domain) 43 axfr_status=$? 44 45 if [ $axfr_status -eq 0 ] && echo "$axfr_output" | grep -q "XFR size: "; then 46 echo "$axfr_output" > "${output_dir}/axfr-${domain}_${ns}_${ip}.txt" 47 size=$(echo "$axfr_output" | awk '/XFR size:/ {print $4}') 48 echo " ${GREEN}Successful AXFR for ${CYAN}${domain}${GREEN} from ${PURPLE}${ns} ${GREY}(${ip}) ${GREEN}found ${size} records${RESET}" 49 else 50 echo " ${RED} Failed AXFR for ${CYAN}${domain}${RED} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}" 51 fi 52 } 53 54 process_domain() { 55 domain=$1 56 57 domain=$(echo "$domain" | sed -e 's|^\(https\?://\)\?||' -e 's|^www\.||' -e 's|/.*||') 58 59 echo "${PINK}Looking up nameservers for ${CYAN}${domain}${RESET}" 60 61 nameservers=$(dig +short +retry=3 +time=10 $domain NS | sed 's/\.$//') 62 63 [ -z "$nameservers" ] && echo " ${GREY}No nameservers found for ${CYAN}${domain}${RESET}" && return 64 65 total_nameservers=$(echo "$nameservers" | wc -l) 66 echo " ${BLUE}Found ${total_nameservers} nameservers for ${CYAN}${domain}${RESET}" 67 68 for ns in $nameservers; do 69 echo " ${PINK}Looking up IP addresses for ${PURPLE}${ns}${RESET}" 70 71 ns_ip=$(dig +short +retry=3 +time=10 $ns A && dig +short +retry=3 +time=10 $ns AAAA) 72 73 [ -z "$ns_ip" ] && echo " ${GREY}No IP addresses found on ${PURPLE}${ns}${GREY} for ${CYAN}${domain}${RESET}" && continue 74 75 total_ip=$(echo "$ns_ip" | wc -l) 76 echo " ${BLUE}Found ${total_ip} IP addresses on ${PURPLE}${ns}${BLUE} for ${CYAN}${domain}${RESET}" 77 78 for ip in $ns_ip; do 79 axfr "$domain" "$ns" "$ip" 80 done 81 82 done 83 } 84 85 if [ -t 0 ]; then 86 [ $# -ne 1 ] && echo "Usage: $0 <domain> or cat domain_list.txt | $0" && exit 1 87 process_domain $1 88 else 89 while IFS= read -r line; do 90 process_domain $line 91 done 92 fi