dAXFR script now can read AXFR output logs and perform an AXFR on all unique domains found. Added a weird ICANN AXFR script.
This commit is contained in:
parent
8d0b01e7aa
commit
4c8ac71c62
75
extras/daxfr
Normal file → Executable file
75
extras/daxfr
Normal file → Executable file
@ -1,40 +1,69 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# Domain AXFR - developed by acidvegas (https://git.acid.vegas/mdaxfr)
|
# Domain AXFR - developed by acidvegas (https://git.acid.vegas/mdaxfr)
|
||||||
# This one will take a domain as an argument and attempt to perform an AXFR against all of the nameservers for that domain.
|
# This one will take a domain as an argument and attempt to perform an AXFR against all of the nameservers for that domain.
|
||||||
|
# You can also pass an AXFR output file as an argument to attempt AXFR against all of the unique domains found in the file.
|
||||||
|
|
||||||
# Colors
|
# Colors
|
||||||
|
BLUE="\033[1;34m"
|
||||||
CYAN="\033[1;36m"
|
CYAN="\033[1;36m"
|
||||||
YELLOW="\033[1;33m"
|
|
||||||
RED="\033[1;31m"
|
|
||||||
GREEN="\033[1;32m"
|
GREEN="\033[1;32m"
|
||||||
RESET="\033[0m"
|
|
||||||
GREY="\033[1;90m"
|
GREY="\033[1;90m"
|
||||||
|
PURPLE='\033[0;35m'
|
||||||
|
RED="\033[1;31m"
|
||||||
|
YELLOW="\033[1;33m"
|
||||||
|
RESET="\033[0m"
|
||||||
|
|
||||||
domain="$1" # base domain only, no http, https, or www (can have a subdomain though)
|
# Globals
|
||||||
|
output_dir="daxfrout"
|
||||||
|
|
||||||
[ -z "$domain" ] && echo "Invalid URL. Exiting." && exit 1
|
perform_axfr() {
|
||||||
|
domain=$1
|
||||||
|
ns=$2
|
||||||
|
ip=$3
|
||||||
|
|
||||||
echo "${YELLOW}Attempting AXFR against ${domain}...${RESET}"
|
echo "${YELLOW}Attempting AXFR for ${CYAN}${domain}${YELLOW} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}"
|
||||||
|
|
||||||
nameservers=$(dig NS +short "$domain")
|
axfr_output=$(dig +retry=3 +time=10 @$ip AXFR $domain)
|
||||||
|
axfr_status=$?
|
||||||
|
|
||||||
[ -z "$nameservers" ] && echo "${GREY}No nameservers found for ${domain}${RESET}" && exit 1
|
if [ $axfr_status -eq 0 ] && echo "$axfr_output" | grep -q "XFR size: "; then
|
||||||
|
echo "$axfr_output" > "${output+dir}/axfr-${domain}_${ns}_${ip}.txt"
|
||||||
|
size=$(echo "$axfr_output" | awk '/XFR size:/ {print $4}')
|
||||||
|
echo "${GREEN}Successful AXFR for ${CYAN}${domain}${GREEN} from ${PURPLE}${ns} ${GREY}(${ip}) ${BLUE}[${size} records]${RESET}"
|
||||||
|
else
|
||||||
|
echo "${RED} Failed AXFR for ${CYAN}${domain}${RED} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
echo "$nameservers" | while read -r ns; do
|
process_domain() {
|
||||||
ns=$(echo "$ns" | sed 's/\.$//')
|
domain=$1
|
||||||
ips=$(host "$ns" | awk '/has address/ { print $4 }')
|
nameservers=$(dig +short +retry=3 +time=10 $domain NS)
|
||||||
|
|
||||||
[ -z "$ips" ] && echo "${GREY}No IP addresses found for nameserver $ns under ${domain}. Skipping...${RESET}" && continue
|
[ -z "$nameservers" ] && echo "${GREY}No nameservers found for ${CYAN}${domain}{$RESET}" && return
|
||||||
|
|
||||||
echo "$ips" | while read -r ip; do
|
for ns in $nameservers; do
|
||||||
axfr_output=$(dig @$ip AXFR "$domain")
|
ns=$(echo "$ns" | sed 's/\.$//')
|
||||||
if echo "$axfr_output" | grep -q "Transfer failed."; then
|
ns_ip=$(host $ns | awk '/has (IPv6 )?address/ { print $NF }')
|
||||||
echo "${RED}AXFR attempt from $ip ($ns) on ${domain} was not successful.${RESET}"
|
|
||||||
elif echo "$axfr_output" | grep -q "IN"; then
|
[ -z "$ns_ip" ] && echo "${GREY}No IP addresses found for nameserver ${PURPLE}${ns}${GREY} under ${CYAN}${domain}{RESET}" && continue
|
||||||
echo "${GREEN}Successful AXFR from $ip ($ns) on on ${domain}:${RESET}"
|
|
||||||
echo "${CYAN}$axfr_output${RESET}"
|
for ip in $ns_ip; do
|
||||||
else
|
perform_axfr "$domain" "$ns" "$ip"
|
||||||
echo "${RED}AXFR attempt from $ip ($ns) on on ${domain} was not successful.${RESET}"
|
done
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
done
|
}
|
||||||
|
|
||||||
|
[ $# -eq 0 ] && echo "Usage: $0 <domain> or <path_to_axfr_output>" && exit 1
|
||||||
|
|
||||||
|
mkdir -p $output_dir
|
||||||
|
|
||||||
|
if [ -f "$1" ]; then
|
||||||
|
root=$(grep -m1 '^; <<>> DiG' $1 | awk '{print $(NF-1)}') # Get the root domain from the dig output
|
||||||
|
domains=$(grep -a $'\t'IN$'\t'NS$'\t' "$1" | awk '{print $1}' | sort -u | sed 's/\.$//' | grep -v "^$root\.$") # Get the unique domains from the dig output (excluding the root domain)
|
||||||
|
|
||||||
|
for domain in $domains; do
|
||||||
|
process_domain $domain
|
||||||
|
done
|
||||||
|
else
|
||||||
|
process_domain $1
|
||||||
|
fi
|
30
extras/icann_axfr
Executable file
30
extras/icann_axfr
Executable file
@ -0,0 +1,30 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# ICANN AXFR - developed by acidvegas (https://git.acid.vegas/mdaxfr)
|
||||||
|
|
||||||
|
# Notes: None of these nameservers show in an NS lookup for the zone, but they do respond to AXFR (https://www.dns.icann.org/services/axfr/)
|
||||||
|
nameservers="lax.xfr.dns.icann.org iad.xfr.dns.icann.org"
|
||||||
|
zones_served=". in-addr.arpa. arpa. root-servers.net. ipv4only.arpa. ip6.arpa. ip6-servers.arpa. mcast.net."
|
||||||
|
|
||||||
|
output_dir="output/icann_axfr"
|
||||||
|
|
||||||
|
mkdir -p $output_dir
|
||||||
|
|
||||||
|
for zone in $zones_served; do
|
||||||
|
for ns in $nameservers; do
|
||||||
|
ips=$(host $ns | awk '/has (IPv6 )?address/ { print $NF }')
|
||||||
|
for ip in $ips; do
|
||||||
|
echo "Attempting AXFR for $zone from $ns ($ip)"
|
||||||
|
dig @$ip $zone AXFR > $output_dir/$zone.$ns.$ip.txt
|
||||||
|
done
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
for i in seq 224 239; do
|
||||||
|
for ns in $nameservers; do
|
||||||
|
ips=$(host $ns | awk '/has (IPv6 )?address/ { print $NF }')
|
||||||
|
for ip in $ips; do
|
||||||
|
echo "Attempting AXFR for $zone from $ns ($ip)"
|
||||||
|
dig @$ip $i.in-addr.arpa. AXFR > $output_dir/$i.in-addr.arpa.$ns.$ip.txt
|
||||||
|
done
|
||||||
|
done
|
||||||
|
done
|
Loading…
Reference in New Issue
Block a user