nsecx

- NSEC[3] Walking for DNSSEC
git clone git://git.acid.vegas/nsecx.git
tldsec (2721B)
      1 #!/bin/sh
      2 # NSEC walk script for DNSSEC - developed by acidvegas (https://git.acid.vegas/nsecx)
      3 # tldsec
      4 
      5 # This script will check the DNSSEC status of all TLDs and output the results separated by NSEC, NSEC3, and NODNSSEC.
      6 # NSEC3 records will also include the NSEC3PARAM parameters for the zone as well for cracking in Hashcat.
      7 
      8 # ANSI color codes
      9 RED='\033[0;31m'
     10 GREEN='\033[0;32m'
     11 YELLOW='\033[0;33m'
     12 CYAN='\033[0;36m'
     13 PURPLE='\033[0;35m'
     14 GRAY='\033[1;30m'
     15 NC='\033[0m'
     16 
     17 # Create the output directory if it doesn't exist
     18 mkdir -p output
     19 
     20 # Parse the tld list from a root nameserver (todo: randomize the root nameserver)
     21 tld_list=$(dig AXFR . @g.root-servers.net | grep -E 'IN\s+NS' | awk '{print $1}' | sed 's/\.$//' | sort -u)
     22 if [ -z $tld_list ]; then
     23 	tld_list=$(curl -s 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt' | tail -n +2 | tr '[:upper:]' '[:lower:]')
     24 fi
     25 
     26 # Check if the list was retrieved successfully
     27 if [ -z "$tld_list" ]; then
     28     printf "${RED}Failed to fetch the list of TLDs.${NC}\n"
     29     exit 1
     30 fi
     31 
     32 # Get the total number of TLDs, excluding comments and empty lines
     33 total_tlds=$(echo "$tld_list" | grep -v '^#' | grep -v '^$' | wc -l | tr -d ' ')
     34 
     35 # Initialize TLD count
     36 current_tld=0
     37 nsec_total=0
     38 nsec3_total=0
     39 nodnssec_total=0
     40 
     41 # Read through each TLD in the list
     42 echo "$tld_list" | while read -r tld; do
     43 
     44     # Increase TLD count
     45     current_tld=$((current_tld + 1))
     46 
     47     # Convert TLD to lowercase using tr
     48     tld=$(printf "%s" "$tld" | tr '[:upper:]' '[:lower:]')
     49 
     50     # Check for DNSSEC records
     51     output=$(dig +short ${tld}. DNSKEY)
     52 
     53     if [ -z "$output" ]; then
     54         nodnssec_total=$((nodnssec_total + 1))
     55         echo "$tld" >> output/nodnssec.txt
     56     else
     57         nsec_output=$(dig +short ${tld}. NSEC)
     58         nsec3_output=$(dig +short ${tld}. NSEC3PARAM)
     59         if [ -n "$nsec_output" ]; then
     60             nsec_total=$((nsec_total + 1))
     61             echo "$tld" >> output/nsec.txt
     62         elif [ -n "$nsec3_output" ]; then
     63             nsec3_total=$((nsec3_total + 1))
     64             nsec3_params=$(echo "$nsec3_output" | awk '{print $1,$2,$3,$4}')
     65             echo "${tld}:${nsec3_params}" >> output/nsec3.txt
     66         else
     67             nodnssec_total=$((nodnssec_total + 1))
     68             echo "$tld" >> output/nodnssec.txt
     69         fi
     70     fi
     71 
     72     # Output the summarized status line with color
     73     printf "\r${CYAN}%s/%s${NC} ${GRAY}|${NC} ${GREEN}NSEC: ${NC}%s ${GRAY}|${NC} ${YELLOW}NSEC3: ${NC}%s ${GRAY}|${NC} ${RED}NODNSSEC: ${NC}%s ${GRAY}|${NC} Checking ${PURPLE}%s${NC}...                    " \
     74            "$current_tld" "$total_tlds" \
     75            "$nsec_total" "$nsec3_total" "$nodnssec_total" "$tld"
     76 done
     77 
     78 echo "\nCheck completed! Data written to the output directory."