From ad6febaf7e56a1ba70e8e5966f9cee1846d769c1 Mon Sep 17 00:00:00 2001
From: acidvegas <acid.vegas@acid.vegas>
Date: Sun, 26 Nov 2023 02:25:01 -0500
Subject: [PATCH] experiments in ARPA zones...

---
 arpa-stream.py | 108 +++++++++++++++++++++++++++++++++++++++++++++++++
 mad            |  35 ----------------
 madness        |  21 ++++++++--
 3 files changed, 126 insertions(+), 38 deletions(-)
 create mode 100644 arpa-stream.py
 delete mode 100755 mad

diff --git a/arpa-stream.py b/arpa-stream.py
new file mode 100644
index 0000000..9c5627e
--- /dev/null
+++ b/arpa-stream.py
@@ -0,0 +1,108 @@
+#/usr/bin/env python
+# arpa stream - developed by acidvegas in python (https://git.acid.vegas/ptrstream)
+
+'''
+I have no idea where we are going with this, but I'm sure it'll be fun...
+'''
+
+import argparse
+import concurrent.futures
+import random
+
+try:
+    import dns.resolver
+except ImportError:
+    raise ImportError('missing required \'dnspython\' library (pip install dnspython)')
+
+
+class colors:
+    axfr     = '\033[34m'
+    error    = '\033[31m'
+    success  = '\033[32m'
+    ns_query = '\033[33m'
+    ns_zone  = '\033[36m'
+    reset    = '\033[0m'
+
+
+def genip() -> str:
+    '''Generate a random IP address with 1 to 4 octets.'''
+    num_octets = random.randint(1, 4)
+    ip_parts = [str(random.randint(0, 255)) for _ in range(num_octets)]
+    return '.'.join(ip_parts)
+
+
+def query_ns_records(ip: str) -> list:
+    '''
+    Query NS records for a given IP.
+    
+    :param ip: The IP address to query NS records for.
+    '''
+    try:
+        ns_records = [str(record.target)[:-1] for record in dns.resolver.resolve(f'{ip}.in-addr.arpa', 'NS')]
+        if ns_records:
+            print(f'{colors.ns_zone}Queried NS records for {ip}: {ns_records}{colors.reset}')
+        return ns_records
+    except Exception as e:
+        print(f'{colors.error}Error querying NS records for {ip}: {e}{colors.reset}')
+        return []
+
+
+def resolve_ns_to_ip(ns_hostname: str) -> list:
+    '''
+    Resolve NS hostname to IP.
+    
+    :param ns_hostname: The NS hostname to resolve.
+    '''
+    try:
+        ns_ips = [ip.address for ip in dns.resolver.resolve(ns_hostname, 'A')]
+        if ns_ips:
+            print(f'{colors.ns_query}Resolved NS hostname {ns_hostname} to IPs: {ns_ips}{colors.reset}')
+        return ns_ips
+    except Exception as e:
+        print(f'{colors.error}Error resolving NS {ns_hostname}: {e}{colors.reset}')
+        return []
+
+
+def axfr_check(ip: str, ns_ip: str):
+    '''
+    Perform AXFR check on a specific nameserver IP.
+    
+    :param ip: The IP address to perform the AXFR check on.
+    :param ns_ip: The nameserver IP to perform the AXFR check on.
+    '''
+    resolver = dns.resolver.Resolver()
+    resolver.nameservers = [ns_ip]
+    try:
+        if resolver.resolve(f'{ip}.in-addr.arpa', 'AXFR'):
+            print(f'{colors.success}[SUCCESS]{colors.reset} AXFR on {ns_ip} for {ip}.in-addr.arpa')
+            return True
+    except Exception as e:
+        print(f'{colors.error}[FAIL]{colors.reset} AXFR on {ns_ip} for {ip}.in-addr.arpa - Error: {e}')
+        return False
+
+
+def process_ip(ip: str):
+    '''
+    Process each IP: Fetch NS records and perform AXFR check.
+    
+    :param ip: The IP address to process.
+    '''
+    for ns_hostname in query_ns_records(ip):
+        for ns_ip in resolve_ns_to_ip(ns_hostname):
+            if axfr_check(ip, ns_ip):
+                return
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='DNS AXFR Check Script')
+    parser.add_argument('--concurrency', type=int, default=100, help='Number of concurrent workers')
+    args = parser.parse_args()
+
+    with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor:
+        futures = {executor.submit(process_ip, genip()): ip for ip in range(args.concurrency)}
+        while True:
+            done, _ = concurrent.futures.wait(futures, return_when=concurrent.futures.FIRST_COMPLETED)
+            for future in done:
+                future.result()  # We don't need to store the result as it's already printed
+                futures[executor.submit(process_ip, genip())] = genip()
+            futures = {future: ip for future, ip in futures.items() if future not in done}
\ No newline at end of file
diff --git a/mad b/mad
deleted file mode 100755
index 011325f..0000000
--- a/mad
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/bash
-
-TIMEOUT=2
-
-genip() {
-    num_octets=$((RANDOM % 4 + 1))
-    ip=""
-    for i in $(seq 1 $num_octets); do
-        if [ $i -ne 1 ]; then
-            ip+="."
-        fi
-        ip+=$((RANDOM % 256))
-    done
-    echo $ip
-}
-
-TEMP=$(mktemp -d)
-while true; do
-    ip=$(genip)
-    ns_records=$(dig +time=$TIMEOUT +short $ip.in-addr.arpa NS)
-    for ns in $ns_records; do
-        ns_ips=$(dig +time=$TIMEOUT +short $ns A $ns AAAA)
-        for ns_ip in $ns_ips; do
-            #echo -e "AXFR on \033[36m${ns%.}\033[0m \033[90m($ns_ip)\033[0m for \033[33m$ip.in-addr.arpa\033[0m"
-            dig AXFR @$ns_ip $ip.in-addr.arpa > $TEMP/$ip.in-addr.arpa.txt
-            if [ ! -s "$zone_file" ] || grep -qE "Transfer failed|connection reset|connection refused" "$zone_file"; then
-                echo -e "\033[31m[FAIL]\033[0m AXFR on \033[36m${ns%.}\033[0m \033[90m($ns_ip)\033[0m for \033[33m$ip.in-addr.arpa\033[0m"
-                rm -f "$zone_file"
-            else
-                echo -e "\033[32m[SUCCESS]\033[0m AXFR on \033[36m${ns%.}\033[0m \033[90m($ns_ip)\033[0m for \033[33m$ip.in-addr.arpa\033[0m"
-                break
-            fi
-        done
-    done
-done
diff --git a/madness b/madness
index 9c370a5..011325f 100755
--- a/madness
+++ b/madness
@@ -1,5 +1,6 @@
 #!/bin/bash
-# maDNeSs with DNS - devloped by acidvegas (https://git.acid.vegas/ptrstream)
+
+TIMEOUT=2
 
 genip() {
     num_octets=$((RANDOM % 4 + 1))
@@ -13,8 +14,22 @@ genip() {
     echo $ip
 }
 
+TEMP=$(mktemp -d)
 while true; do
     ip=$(genip)
-    dig +time=1 +noall +authority $ip.in-addr.arpa NS
-#| grep 'IN\sSOA' | sed "s/^/\x1B[35m$ip.in-addr.arpa\x1B[90m -> \x1B[1;33m/" | sed "s/$/\x1B[0m/"
+    ns_records=$(dig +time=$TIMEOUT +short $ip.in-addr.arpa NS)
+    for ns in $ns_records; do
+        ns_ips=$(dig +time=$TIMEOUT +short $ns A $ns AAAA)
+        for ns_ip in $ns_ips; do
+            #echo -e "AXFR on \033[36m${ns%.}\033[0m \033[90m($ns_ip)\033[0m for \033[33m$ip.in-addr.arpa\033[0m"
+            dig AXFR @$ns_ip $ip.in-addr.arpa > $TEMP/$ip.in-addr.arpa.txt
+            if [ ! -s "$zone_file" ] || grep -qE "Transfer failed|connection reset|connection refused" "$zone_file"; then
+                echo -e "\033[31m[FAIL]\033[0m AXFR on \033[36m${ns%.}\033[0m \033[90m($ns_ip)\033[0m for \033[33m$ip.in-addr.arpa\033[0m"
+                rm -f "$zone_file"
+            else
+                echo -e "\033[32m[SUCCESS]\033[0m AXFR on \033[36m${ns%.}\033[0m \033[90m($ns_ip)\033[0m for \033[33m$ip.in-addr.arpa\033[0m"
+                break
+            fi
+        done
+    done
 done