2023-10-28 21:55:58 +00:00
|
|
|
#!/usr/bin/env python
|
|
|
|
# Mass DNS AXFR - developed by acidvegas in python (https://git.acid.vegas/mdaxfr)
|
|
|
|
|
2023-10-29 04:45:10 +00:00
|
|
|
import logging
|
2023-10-29 01:40:06 +00:00
|
|
|
import os
|
2023-10-29 04:45:10 +00:00
|
|
|
import random
|
2023-10-28 21:55:58 +00:00
|
|
|
import urllib.request
|
|
|
|
|
|
|
|
try:
|
2023-11-01 21:02:39 +00:00
|
|
|
import dns.rdatatype
|
|
|
|
import dns.query
|
|
|
|
import dns.zone
|
|
|
|
import dns.resolver
|
2023-10-28 21:55:58 +00:00
|
|
|
except ImportError:
|
2023-11-01 21:02:39 +00:00
|
|
|
raise SystemExit('missing required \'dnspython\' module (pip install dnspython)')
|
2023-10-28 21:55:58 +00:00
|
|
|
|
2023-10-29 16:02:48 +00:00
|
|
|
|
2023-10-29 01:40:06 +00:00
|
|
|
def attempt_axfr(tld: str, nameserver: str, filename: str):
|
2023-11-01 21:02:39 +00:00
|
|
|
'''
|
|
|
|
Perform a DNS zone transfer on a target domain.
|
|
|
|
|
|
|
|
:param target: The target domain to perform the zone transfer on.
|
|
|
|
:param nameserver: The nameserver to perform the zone transfer on.
|
|
|
|
:param filename: The filename to store the zone transfer results in.
|
|
|
|
'''
|
|
|
|
temp_file = filename + '.temp'
|
|
|
|
if not (nameserver := resolve_nameserver(nameserver)):
|
|
|
|
logging.error(f'Failed to resolve nameserver {nameserver}: {ex}')
|
|
|
|
else:
|
|
|
|
for ns in nameserver: # Let's try all the IP addresses for the nameserver
|
|
|
|
try:
|
2023-11-23 19:16:35 +00:00
|
|
|
xfr = dns.query.xfr(ns, tld+'.', lifetime=300)
|
|
|
|
if xfr:
|
|
|
|
with open(temp_file, 'w') as file:
|
|
|
|
for msg in xfr:
|
|
|
|
for rrset in msg.answer:
|
|
|
|
for rdata in rrset:
|
|
|
|
file.write(f'{rrset.name}.{tld} {rrset.ttl} {rdata}\n')
|
|
|
|
os.rename(temp_file, filename)
|
|
|
|
break
|
2023-11-01 21:02:39 +00:00
|
|
|
except Exception as ex:
|
2023-11-23 20:31:46 +00:00
|
|
|
# Most zone transfers are blocked, so we don't want to log them
|
|
|
|
#logging.error(f'Failed to perform zone transfer from {nameserver} ({ns}) for {tld}: {ex}')
|
2023-11-01 21:02:39 +00:00
|
|
|
if os.path.exists(temp_file):
|
|
|
|
os.remove(temp_file)
|
2023-10-29 16:02:48 +00:00
|
|
|
|
2023-10-28 21:55:58 +00:00
|
|
|
|
2023-11-04 05:54:58 +00:00
|
|
|
def get_nameservers(target: str) -> list:
|
|
|
|
'''
|
|
|
|
Generate a list of the root nameservers.
|
2023-11-26 01:38:07 +00:00
|
|
|
|
2023-11-04 05:54:58 +00:00
|
|
|
:param target: The target domain to get the nameservers for.
|
|
|
|
'''
|
|
|
|
try:
|
|
|
|
ns_records = dns.resolver.resolve(target+'.', 'NS', lifetime=60)
|
|
|
|
nameservers = [str(rr.target)[:-1] for rr in ns_records]
|
|
|
|
return nameservers
|
|
|
|
except dns.exception.Timeout:
|
|
|
|
logging.warning(f'Timeout fetching nameservers for {target}')
|
|
|
|
except dns.resolver.NoNameservers:
|
|
|
|
logging.warning(f'No nameservers found for {target}')
|
|
|
|
return []
|
2023-10-28 21:55:58 +00:00
|
|
|
|
2023-10-29 16:02:48 +00:00
|
|
|
|
2023-11-26 01:38:07 +00:00
|
|
|
def get_root_tlds(output_dir: str) -> list:
|
|
|
|
'''
|
|
|
|
Get the root TLDs from a root nameservers.
|
|
|
|
|
|
|
|
:param output_dir: The output directory to use.
|
|
|
|
'''
|
|
|
|
root_dir = os.path.join(output_dir, 'root')
|
|
|
|
rndroot = [root for root in os.listdir(root_dir) if root.endswith('.root-servers.net.txt')]
|
2023-11-07 02:09:15 +00:00
|
|
|
if rndroot:
|
2023-11-26 01:38:07 +00:00
|
|
|
rndroot_file = rndroot[0] # Take the first file from the list
|
|
|
|
tlds = sorted(set([item.split()[0][:-1] for item in open(os.path.join(root_dir, rndroot_file)).read().split('\n') if item and 'IN' in item and 'NS' in item]))
|
2023-11-07 02:09:15 +00:00
|
|
|
else:
|
2023-11-23 20:31:46 +00:00
|
|
|
logging.warning('Failed to find root nameserver list...fallback to using IANA list')
|
2023-11-07 02:09:15 +00:00
|
|
|
tlds = urllib.request.urlopen('https://data.iana.org/TLD/tlds-alpha-by-domain.txt').read().decode('utf-8').lower().split('\n')[1:]
|
2023-11-01 21:02:39 +00:00
|
|
|
random.shuffle(tlds)
|
|
|
|
return tlds
|
2023-10-28 21:55:58 +00:00
|
|
|
|
2023-10-29 16:02:48 +00:00
|
|
|
|
2023-10-31 00:30:44 +00:00
|
|
|
def get_psl_tlds() -> list:
|
2023-11-01 21:02:39 +00:00
|
|
|
'''Download the Public Suffix List and return its contents.'''
|
|
|
|
data = urllib.request.urlopen('https://publicsuffix.org/list/public_suffix_list.dat').read().decode()
|
|
|
|
domains = []
|
|
|
|
for line in data.split('\n'):
|
|
|
|
if line.startswith('//') or not line:
|
|
|
|
continue
|
|
|
|
if '*' in line or '!' in line:
|
|
|
|
continue
|
|
|
|
if '.' not in line:
|
|
|
|
continue
|
|
|
|
domains.append(line)
|
|
|
|
return domains
|
2023-10-31 00:30:44 +00:00
|
|
|
|
|
|
|
|
2023-11-04 05:54:58 +00:00
|
|
|
def resolve_nameserver(nameserver: str) -> list:
|
2023-11-01 21:02:39 +00:00
|
|
|
'''
|
|
|
|
Resolve a nameserver to its IP address.
|
|
|
|
|
|
|
|
:param nameserver: The nameserver to resolve.
|
|
|
|
'''
|
|
|
|
data = []
|
|
|
|
for version in ('A', 'AAAA'):
|
|
|
|
try:
|
|
|
|
data += [ip.address for ip in dns.resolver.resolve(nameserver, version, lifetime=60)]
|
|
|
|
except:
|
|
|
|
pass
|
|
|
|
return data
|
2023-10-29 16:02:48 +00:00
|
|
|
|
2023-10-28 21:55:58 +00:00
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
2023-11-01 21:02:39 +00:00
|
|
|
import argparse
|
|
|
|
import concurrent.futures
|
|
|
|
|
|
|
|
parser = argparse.ArgumentParser(description='Mass DNS AXFR')
|
|
|
|
parser.add_argument('-c', '--concurrency', type=int, default=30, help='maximum concurrent tasks')
|
|
|
|
parser.add_argument('-o', '--output', default='axfrout', help='output directory')
|
2023-11-23 19:16:35 +00:00
|
|
|
parser.add_argument('-t', '--timeout', type=int, default=15, help='DNS timeout (default: 15)')
|
2023-11-01 21:02:39 +00:00
|
|
|
args = parser.parse_args()
|
|
|
|
|
2023-11-23 20:31:46 +00:00
|
|
|
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
|
|
|
|
|
2023-11-01 21:02:39 +00:00
|
|
|
os.makedirs(args.output, exist_ok=True)
|
|
|
|
dns.resolver._DEFAULT_TIMEOUT = args.timeout
|
|
|
|
|
2023-11-23 20:31:46 +00:00
|
|
|
logging.info('Fetching root nameservers...')
|
2023-11-26 01:38:07 +00:00
|
|
|
root_dir = os.path.join(args.output, 'root')
|
|
|
|
os.makedirs(root_dir, exist_ok=True)
|
2023-11-01 21:02:39 +00:00
|
|
|
with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor:
|
2023-11-26 01:38:07 +00:00
|
|
|
futures = [executor.submit(attempt_axfr, tld, ns, os.path.join(args.output, tld + '.txt')) for tld in get_root_tlds(root_dir) for ns in get_nameservers(tld) if ns]
|
2023-11-01 21:02:39 +00:00
|
|
|
for future in concurrent.futures.as_completed(futures):
|
|
|
|
try:
|
|
|
|
future.result()
|
|
|
|
except Exception as e:
|
2023-11-26 01:38:07 +00:00
|
|
|
logging.error(f'Error in TLD task: {e}')
|
2023-11-01 21:02:39 +00:00
|
|
|
|
2023-11-23 20:31:46 +00:00
|
|
|
logging.info('Fetching root TLDs...')
|
2023-11-01 21:02:39 +00:00
|
|
|
with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor:
|
2023-11-04 05:54:58 +00:00
|
|
|
futures = [executor.submit(attempt_axfr, tld, ns, os.path.join(args.output, tld + '.txt')) for tld in get_root_tlds() for ns in get_nameservers(tld) if ns]
|
2023-11-01 21:02:39 +00:00
|
|
|
for future in concurrent.futures.as_completed(futures):
|
|
|
|
try:
|
|
|
|
future.result()
|
|
|
|
except Exception as e:
|
|
|
|
logging.error(f'Error in TLD task: {e}')
|
|
|
|
|
2023-11-23 20:31:46 +00:00
|
|
|
logging.info('Fetching PSL TLDs...')
|
2023-11-04 05:54:58 +00:00
|
|
|
os.makedirs(os.path.join(args.output, 'psl'), exist_ok=True)
|
2023-11-01 21:02:39 +00:00
|
|
|
with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor:
|
2023-11-04 05:54:58 +00:00
|
|
|
futures = [executor.submit(attempt_axfr, tld, ns, os.path.join(args.output, f'psl/{tld}.txt')) for tld in get_psl_tlds() for ns in get_nameservers(tld) if ns]
|
2023-11-01 21:02:39 +00:00
|
|
|
for future in concurrent.futures.as_completed(futures):
|
|
|
|
try:
|
|
|
|
future.result()
|
|
|
|
except Exception as e:
|
|
|
|
logging.error(f'Error in TLD task: {e}')
|