2024-03-06 21:49:33 +00:00
#!/bin/sh
# Domain AXFR - developed by acidvegas (https://git.acid.vegas/mdaxfr)
# This one will take a domain as an argument and attempt to perform an AXFR against all of the nameservers for that domain.
2024-03-09 20:05:52 +00:00
# You can also pass an AXFR output file as an argument to attempt AXFR against all of the unique domains found in the file.
2024-03-06 21:49:33 +00:00
# Colors
2024-03-09 20:05:52 +00:00
BLUE="\033[1;34m"
2024-03-06 21:49:33 +00:00
CYAN="\033[1;36m"
GREEN="\033[1;32m"
GREY="\033[1;90m"
2024-03-09 20:05:52 +00:00
PURPLE='\033[0;35m'
RED="\033[1;31m"
YELLOW="\033[1;33m"
RESET="\033[0m"
2024-03-06 21:49:33 +00:00
2024-03-09 20:05:52 +00:00
# Globals
output_dir="daxfrout"
2024-03-06 21:49:33 +00:00
2024-03-09 20:05:52 +00:00
perform_axfr() {
domain=$1
ns=$2
ip=$3
2024-03-06 21:49:33 +00:00
2024-03-09 20:05:52 +00:00
echo "${YELLOW}Attempting AXFR for ${CYAN}${domain}${YELLOW} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}"
2024-03-06 21:49:33 +00:00
2024-03-09 20:05:52 +00:00
axfr_output=$(dig +retry=3 +time=10 @$ip AXFR $domain)
axfr_status=$?
2024-03-06 21:49:33 +00:00
2024-03-09 20:05:52 +00:00
if [ $axfr_status -eq 0 ] && echo "$axfr_output" | grep -q "XFR size: "; then
echo "$axfr_output" > "${output+dir}/axfr-${domain}_${ns}_${ip}.txt"
size=$(echo "$axfr_output" | awk '/XFR size:/ {print $4}')
echo "${GREEN}Successful AXFR for ${CYAN}${domain}${GREEN} from ${PURPLE}${ns} ${GREY}(${ip}) ${BLUE}[${size} records]${RESET}"
else
echo "${RED} Failed AXFR for ${CYAN}${domain}${RED} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}"
fi
}
process_domain() {
domain=$1
nameservers=$(dig +short +retry=3 +time=10 $domain NS)
[ -z "$nameservers" ] && echo "${GREY}No nameservers found for ${CYAN}${domain}{$RESET}" && return
for ns in $nameservers; do
ns=$(echo "$ns" | sed 's/\.$//')
ns_ip=$(host $ns | awk '/has (IPv6 )?address/ { print $NF }')
[ -z "$ns_ip" ] && echo "${GREY}No IP addresses found for nameserver ${PURPLE}${ns}${GREY} under ${CYAN}${domain}{RESET}" && continue
for ip in $ns_ip; do
perform_axfr "$domain" "$ns" "$ip"
done
done
}
2024-03-06 21:49:33 +00:00
2024-03-09 20:05:52 +00:00
[ $# -eq 0 ] && echo "Usage: $0 <domain> or <path_to_axfr_output>" && exit 1
2024-03-06 21:49:33 +00:00
2024-03-09 20:05:52 +00:00
mkdir -p $output_dir
2024-03-06 21:49:33 +00:00
2024-03-09 20:05:52 +00:00
if [ -f "$1" ]; then
root=$(grep -m1 '^; <<>> DiG' $1 | awk '{print $(NF-1)}') # Get the root domain from the dig output
domains=$(grep -a $'\t'IN$'\t'NS$'\t' "$1" | awk '{print $1}' | sort -u | sed 's/\.$//' | grep -v "^$root\.$") # Get the unique domains from the dig output (excluding the root domain)
for domain in $domains; do
process_domain $domain
2024-03-06 21:49:33 +00:00
done
2024-03-09 20:05:52 +00:00
else
process_domain $1
fi