From 4c8ac71c62619d3d7ab276f82b859d5b737a64ea Mon Sep 17 00:00:00 2001 From: acidvegas Date: Sat, 9 Mar 2024 15:05:52 -0500 Subject: [PATCH] dAXFR script now can read AXFR output logs and perform an AXFR on all unique domains found. Added a weird ICANN AXFR script. --- extras/daxfr | 75 ++++++++++++++++++++++++++++++++--------------- extras/icann_axfr | 30 +++++++++++++++++++ 2 files changed, 82 insertions(+), 23 deletions(-) mode change 100644 => 100755 extras/daxfr create mode 100755 extras/icann_axfr diff --git a/extras/daxfr b/extras/daxfr old mode 100644 new mode 100755 index 4056d54..ef89cee --- a/extras/daxfr +++ b/extras/daxfr @@ -1,40 +1,69 @@ #!/bin/sh # Domain AXFR - developed by acidvegas (https://git.acid.vegas/mdaxfr) # This one will take a domain as an argument and attempt to perform an AXFR against all of the nameservers for that domain. +# You can also pass an AXFR output file as an argument to attempt AXFR against all of the unique domains found in the file. # Colors +BLUE="\033[1;34m" CYAN="\033[1;36m" -YELLOW="\033[1;33m" -RED="\033[1;31m" GREEN="\033[1;32m" -RESET="\033[0m" GREY="\033[1;90m" +PURPLE='\033[0;35m' +RED="\033[1;31m" +YELLOW="\033[1;33m" +RESET="\033[0m" -domain="$1" # base domain only, no http, https, or www (can have a subdomain though) +# Globals +output_dir="daxfrout" -[ -z "$domain" ] && echo "Invalid URL. Exiting." && exit 1 +perform_axfr() { + domain=$1 + ns=$2 + ip=$3 -echo "${YELLOW}Attempting AXFR against ${domain}...${RESET}" + echo "${YELLOW}Attempting AXFR for ${CYAN}${domain}${YELLOW} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}" -nameservers=$(dig NS +short "$domain") + axfr_output=$(dig +retry=3 +time=10 @$ip AXFR $domain) + axfr_status=$? -[ -z "$nameservers" ] && echo "${GREY}No nameservers found for ${domain}${RESET}" && exit 1 + if [ $axfr_status -eq 0 ] && echo "$axfr_output" | grep -q "XFR size: "; then + echo "$axfr_output" > "${output+dir}/axfr-${domain}_${ns}_${ip}.txt" + size=$(echo "$axfr_output" | awk '/XFR size:/ {print $4}') + echo "${GREEN}Successful AXFR for ${CYAN}${domain}${GREEN} from ${PURPLE}${ns} ${GREY}(${ip}) ${BLUE}[${size} records]${RESET}" + else + echo "${RED} Failed AXFR for ${CYAN}${domain}${RED} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}" + fi +} -echo "$nameservers" | while read -r ns; do - ns=$(echo "$ns" | sed 's/\.$//') - ips=$(host "$ns" | awk '/has address/ { print $4 }') +process_domain() { + domain=$1 + nameservers=$(dig +short +retry=3 +time=10 $domain NS) - [ -z "$ips" ] && echo "${GREY}No IP addresses found for nameserver $ns under ${domain}. Skipping...${RESET}" && continue + [ -z "$nameservers" ] && echo "${GREY}No nameservers found for ${CYAN}${domain}{$RESET}" && return - echo "$ips" | while read -r ip; do - axfr_output=$(dig @$ip AXFR "$domain") - if echo "$axfr_output" | grep -q "Transfer failed."; then - echo "${RED}AXFR attempt from $ip ($ns) on ${domain} was not successful.${RESET}" - elif echo "$axfr_output" | grep -q "IN"; then - echo "${GREEN}Successful AXFR from $ip ($ns) on on ${domain}:${RESET}" - echo "${CYAN}$axfr_output${RESET}" - else - echo "${RED}AXFR attempt from $ip ($ns) on on ${domain} was not successful.${RESET}" - fi + for ns in $nameservers; do + ns=$(echo "$ns" | sed 's/\.$//') + ns_ip=$(host $ns | awk '/has (IPv6 )?address/ { print $NF }') + + [ -z "$ns_ip" ] && echo "${GREY}No IP addresses found for nameserver ${PURPLE}${ns}${GREY} under ${CYAN}${domain}{RESET}" && continue + + for ip in $ns_ip; do + perform_axfr "$domain" "$ns" "$ip" + done done -done \ No newline at end of file +} + +[ $# -eq 0 ] && echo "Usage: $0 or " && exit 1 + +mkdir -p $output_dir + +if [ -f "$1" ]; then + root=$(grep -m1 '^; <<>> DiG' $1 | awk '{print $(NF-1)}') # Get the root domain from the dig output + domains=$(grep -a $'\t'IN$'\t'NS$'\t' "$1" | awk '{print $1}' | sort -u | sed 's/\.$//' | grep -v "^$root\.$") # Get the unique domains from the dig output (excluding the root domain) + + for domain in $domains; do + process_domain $domain + done +else + process_domain $1 +fi \ No newline at end of file diff --git a/extras/icann_axfr b/extras/icann_axfr new file mode 100755 index 0000000..e291444 --- /dev/null +++ b/extras/icann_axfr @@ -0,0 +1,30 @@ +#!/bin/sh +# ICANN AXFR - developed by acidvegas (https://git.acid.vegas/mdaxfr) + +# Notes: None of these nameservers show in an NS lookup for the zone, but they do respond to AXFR (https://www.dns.icann.org/services/axfr/) +nameservers="lax.xfr.dns.icann.org iad.xfr.dns.icann.org" +zones_served=". in-addr.arpa. arpa. root-servers.net. ipv4only.arpa. ip6.arpa. ip6-servers.arpa. mcast.net." + +output_dir="output/icann_axfr" + +mkdir -p $output_dir + +for zone in $zones_served; do + for ns in $nameservers; do + ips=$(host $ns | awk '/has (IPv6 )?address/ { print $NF }') + for ip in $ips; do + echo "Attempting AXFR for $zone from $ns ($ip)" + dig @$ip $zone AXFR > $output_dir/$zone.$ns.$ip.txt + done + done +done + +for i in seq 224 239; do + for ns in $nameservers; do + ips=$(host $ns | awk '/has (IPv6 )?address/ { print $NF }') + for ip in $ips; do + echo "Attempting AXFR for $zone from $ns ($ip)" + dig @$ip $i.in-addr.arpa. AXFR > $output_dir/$i.in-addr.arpa.$ns.$ip.txt + done + done +done