From 445bf2435e4d8eff8dc58c9c3785f89c5be6d524 Mon Sep 17 00:00:00 2001
From: acidvegas <acid.vegas@acid.vegas>
Date: Sat, 28 Oct 2023 17:55:58 -0400
Subject: [PATCH] Initial commit

---
 LICENSE   | 15 +++++++++++++
 README.md | 19 ++++++++++++++++
 axfr.py   | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 axfr.sh   | 16 ++++++++++++++
 4 files changed, 116 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 axfr.py
 create mode 100644 axfr.sh

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..016e197
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,15 @@
+ISC License
+
+Copyright (c) 2023, acidvegas <acid.vegas@acid.vegas>
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e782480
--- /dev/null
+++ b/README.md
@@ -0,0 +1,19 @@
+# Mass DNS AXFR (Zone Transfer)
+
+# STILL FINISHING THIS - JUST UPLOADING PROGRESS
+
+## Requirements
+- [dnspython](https://pypi.org/project/dnspython/)
+
+## Information
+This script will attempt a [Zone Transfer](https://en.wikipedia.org/wiki/DNS_zone_transfer) on all of the [Root Nameservers](https://en.wikipedia.org/wiki/Root_name_server) and [Top-level Domains](https://en.wikipedia.org/wiki/Top-level_domain) *(TLDs)*.
+
+Really, I only wrote this to shit on **[this idiot](https://github.com/flotwig/TLDR-2/tree/main)** who took a dead project & brought it back to life by making it even worse. Rather than making a pull request to give this bloke more credit in his "tenure" as a developer, I decided to just rewrite it all from scratch so people can fork off of *clean* code instead.
+
+## Notice
+Do not expect insane results. For the most part, AXFR's are not very commonly allowed on nameservers anymore, by you will always catch a few that are not configured to block AXFR requests...
+
+___
+
+###### Mirrors
+[acid.vegas](https://git.acid.vegas/mdaxfr) • [GitHub](https://github.com/acidvegas/mdaxfr) • [GitLab](https://gitlab.com/acidvegas/mdaxfr) • [SuperNETs](https://git.supernets.org/acidvegas/mdaxfr)
diff --git a/axfr.py b/axfr.py
new file mode 100644
index 0000000..4ab7820
--- /dev/null
+++ b/axfr.py
@@ -0,0 +1,66 @@
+#!/usr/bin/env python
+# Mass DNS AXFR - developed by acidvegas in python (https://git.acid.vegas/mdaxfr)
+
+import urllib.request
+
+try:
+    import dns.rdatatype
+    import dns.query
+    import dns.zone
+    import dns.resolver
+except ImportError:
+    raise SystemExit('missing required \'dnspython\' module (pip install dnspython)')
+
+def tld_axfr(tld: str, nameserver: str):
+    '''
+    Perform a DNS zone transfer on a target domain.
+    
+    :param target: The target domain to perform the zone transfer on.
+    :param nameserver: The nameserver to perform the zone transfer on.
+    '''
+    xfr = dns.query.xfr(nameserver, tld+'.', timeout=15)
+    for msg in xfr:
+        for rrset in msg.answer:
+            for rdata in rrset:
+                print(f'{rrset.name}.{tld} {rrset.ttl} {rdata}')
+
+def get_root_nameservers() -> list: # https://www.internic.net/domain/named.root
+    '''Generate a list of the root nameservers.'''
+    return [f'{root}.rootservers.net' for root in ('abcdefghijklm')]
+
+def get_root_tlds() -> list:
+    '''Get the root TLDs from IANA.'''
+    return urllib.request.urlopen('https://data.iana.org/TLD/tlds-alpha-by-domain.txt').read().decode('utf-8').lower().split('\n')[1:]
+
+def get_tld_nameservers(tld: str) -> list: # https://www.internic.net/domain/root.zone
+    '''Get the nameservers for a TLD.'''    
+    return [nameserver for nameserver in dns.resolver.query(tld+'.', 'NS' )]
+
+def resolve_nameserver(nameserver: str):
+    '''
+    Resolve a nameserver to its IP address.
+    
+    :param nameserver: The nameserver to resolve.
+    '''
+    try:
+        ip_addresses = dns.resolver.resolve(nameserver, 'A', lifetime=15)
+    except:
+        ip_addresses = dns.resolver.resolve(nameserver, 'AAAA', lifetime=15)
+
+    return ip_addresses[0].address
+    
+
+if __name__ == '__main__':
+
+    for root in get_root_nameservers():
+        try:
+            xfr = tld_axfr('', root+'.root-servers.net')
+        except Exception as e:
+            print(f"Failed to perform zone transfer from the {root} root server: {e}")
+
+    for tld in get_root_tlds():
+        try:
+            for ns in get_tld_nameservers(tld):
+                xfr = tld_axfr(tld, resolve_nameserver(str(ns)))
+        except Exception as e:
+            print(f"Failed to resolve {tld}: {e}")
\ No newline at end of file
diff --git a/axfr.sh b/axfr.sh
new file mode 100644
index 0000000..5775f9c
--- /dev/null
+++ b/axfr.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+letters="abcdefghijklm"
+
+for letter in $(echo -n "$letters" | grep -o .); do
+    dig AXFR . @$letter.root-servers.net. +nocomments +nocmd +noquestion +nostats +time=15
+done
+
+tlds=$(curl -s https://data.iana.org/TLD/tlds-alpha-by-domain.txt | tail -n +2 | tr 'A-Z' 'a-z')
+
+for tld in $tlds; do
+    namesevers=$(dig +short ns ${tld}.)
+    for nameserver in $namesevers; do
+        dig AXFR ${tld}. @$nameserver +nocomments +nocmd +noquestion +nostats +time=15
+    done
+done
\ No newline at end of file