nsecx- NSEC[3] Walking for DNSSEC |
| git clone git://git.acid.vegas/nsecx.git |
| Log | Files | Refs | Archive | README | LICENSE |
nsec (1949B)
1 #!/bin/sh 2 # NSEC walk script for DNSSEC - developed by acidvegas (https://git.acid.vegas/nsecx) 3 # nsec 4 5 # This script will walk through a DNS zone using NSEC records. 6 7 # You can wall all the zones outputted from tldsec using the following command: 8 # cat output/nsec.txt | while read line; do ./nsec "$line"; done 9 10 dns_servers=$(curl -s https://public-dns.info/nameservers.txt | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b') 11 nameserver=$(echo "$dns_servers" | shuf -n 1) 12 13 # Loop to walk through the zone using NSEC records 14 while IFS= read -r line; do 15 tld="$line" 16 17 current_domain="$tld" 18 retry=0 19 breaker=0 20 while true; do 21 # Perform the dig command to get the NSEC record for the current domain 22 output="$(dig @${nameserver} +trace +time=10 +tries=3 $current_domain NSEC)" 23 24 # Use grep to find the line with the current domain and then use awk to extract the next domain 25 next_domain=$(echo "$output" | grep -F "$current_domain" | awk '$4 == "NSEC" { print $5 }') 26 27 if [ -z "$next_domain" ] || [ -n "$(printf '%s' "$next_domain" | tr -cd '\000')" ] || [ "$next_domain" = "$current_domain" ]; then 28 next_domain="$current_domain" 29 retry=$((retry + 1)) 30 elif [ "$next_domain" = "nic.$tld" ]; then 31 echo "Found NIC!" 32 next_domain= 33 else 34 echo "Found NSEC record: $next_domain" 35 echo "$next_domain" >> output/nsec/$tld.txt 36 retry=0 37 breaker=0 38 fi 39 40 if [ $retry -eq 3 ]; then 41 nameserver=$(echo "$dns_servers" | shuf -n 1) 42 retry=0 43 breaker=$((breaker + 1)) 44 if [ $breaker -eq 3 ]; then 45 echo "Failed to get NSEC record for $current_domain" 46 break 47 fi 48 fi 49 50 # Update the current domain to the next one for the following iteration 51 current_domain=$next_domain 52 53 done 54 done < nsec.txt