now storing AXFR responses in a directory containing the date to track changes in which dns servers allow AXFRs over time
This commit is contained in:
parent
084bca55d0
commit
8d0b01e7aa
@ -18,7 +18,7 @@ It is expected to set *realistic* expectations when using this tool. In contempo
|
|||||||
## Information
|
## Information
|
||||||
I only wrote this to shit on **[this bozo](https://github.com/flotwig/TLDR-2/)** who took a dead project & brought it back to life by making it even worse. Rather than making a pull request to give this bloke more credit in his "tenure" as a developer, I decided to just rewrite it all from scratch so people can fork off of *clean* code instead.
|
I only wrote this to shit on **[this bozo](https://github.com/flotwig/TLDR-2/)** who took a dead project & brought it back to life by making it even worse. Rather than making a pull request to give this bloke more credit in his "tenure" as a developer, I decided to just rewrite it all from scratch so people can fork off of *clean* code instead.
|
||||||
|
|
||||||
This repostiory also contains a [pure POSIX version](./mdaxfr) for portability, aswell as a [script](./opennic) to do zone transfers on [OpenNIC TLDs](https://wiki.opennic.org/opennic/dot) and a special [ozones](./ozones) script for fetching a few obscure additional zones.
|
This repostiory also contains a [pure POSIX version](./mdaxfr) for portability, aswell as a [script](./extras/opennic) to do zone transfers on [OpenNIC TLDs](https://wiki.opennic.org/opennic/dot), a special [ozones](./extras/ozones) script for fetching a few obscure additional zones, and a [domain axfr script](./extras/daxfr) to target a specific website.
|
||||||
|
|
||||||
## Statistics, laughs, & further thinking...
|
## Statistics, laughs, & further thinking...
|
||||||
As of my last scan in 2023, I was only able to AXFR the zones for **8** out of **1,456** root TLDs, with a few of them being zones that were already retrieved by [acidvegas/czds](https://github.com/acidvegas/czds/), & **114** out of **7,977** TLDs in the [Public suffix list](https://publicsuffix.org/). The addition scripts in this repository provide an additional **37** zone files.
|
As of my last scan in 2023, I was only able to AXFR the zones for **8** out of **1,456** root TLDs, with a few of them being zones that were already retrieved by [acidvegas/czds](https://github.com/acidvegas/czds/), & **114** out of **7,977** TLDs in the [Public suffix list](https://publicsuffix.org/). The addition scripts in this repository provide an additional **37** zone files.
|
||||||
|
40
extras/daxfr
Normal file
40
extras/daxfr
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Domain AXFR - developed by acidvegas (https://git.acid.vegas/mdaxfr)
|
||||||
|
# This one will take a domain as an argument and attempt to perform an AXFR against all of the nameservers for that domain.
|
||||||
|
|
||||||
|
# Colors
|
||||||
|
CYAN="\033[1;36m"
|
||||||
|
YELLOW="\033[1;33m"
|
||||||
|
RED="\033[1;31m"
|
||||||
|
GREEN="\033[1;32m"
|
||||||
|
RESET="\033[0m"
|
||||||
|
GREY="\033[1;90m"
|
||||||
|
|
||||||
|
domain="$1" # base domain only, no http, https, or www (can have a subdomain though)
|
||||||
|
|
||||||
|
[ -z "$domain" ] && echo "Invalid URL. Exiting." && exit 1
|
||||||
|
|
||||||
|
echo "${YELLOW}Attempting AXFR against ${domain}...${RESET}"
|
||||||
|
|
||||||
|
nameservers=$(dig NS +short "$domain")
|
||||||
|
|
||||||
|
[ -z "$nameservers" ] && echo "${GREY}No nameservers found for ${domain}${RESET}" && exit 1
|
||||||
|
|
||||||
|
echo "$nameservers" | while read -r ns; do
|
||||||
|
ns=$(echo "$ns" | sed 's/\.$//')
|
||||||
|
ips=$(host "$ns" | awk '/has address/ { print $4 }')
|
||||||
|
|
||||||
|
[ -z "$ips" ] && echo "${GREY}No IP addresses found for nameserver $ns under ${domain}. Skipping...${RESET}" && continue
|
||||||
|
|
||||||
|
echo "$ips" | while read -r ip; do
|
||||||
|
axfr_output=$(dig @$ip AXFR "$domain")
|
||||||
|
if echo "$axfr_output" | grep -q "Transfer failed."; then
|
||||||
|
echo "${RED}AXFR attempt from $ip ($ns) on ${domain} was not successful.${RESET}"
|
||||||
|
elif echo "$axfr_output" | grep -q "IN"; then
|
||||||
|
echo "${GREEN}Successful AXFR from $ip ($ns) on on ${domain}:${RESET}"
|
||||||
|
echo "${CYAN}$axfr_output${RESET}"
|
||||||
|
else
|
||||||
|
echo "${RED}AXFR attempt from $ip ($ns) on on ${domain} was not successful.${RESET}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done
|
@ -12,11 +12,14 @@ dig @zone.internet.ee ee. AXFR > ee.txt
|
|||||||
|
|
||||||
dig @ns1.gov.ps xn--ygbi2ammx. AXFR > xn--ygbi2ammx.txt
|
dig @ns1.gov.ps xn--ygbi2ammx. AXFR > xn--ygbi2ammx.txt
|
||||||
|
|
||||||
wget -O sk.txt https://sk-nic.sk/subory/domains.txt
|
|
||||||
|
|
||||||
wget -O gov.txt https://raw.githubusercontent.com/cisagov/dotgov-data/main/gov.txt
|
|
||||||
|
|
||||||
wget -O nc.txt https://www.domaine.nc/whos?who=A*
|
|
||||||
|
wget -O sk.txt https://sk-nic.sk/subory/domains.txt # not rfc compliant
|
||||||
|
|
||||||
|
wget -O gov.txt https://raw.githubusercontent.com/cisagov/dotgov-data/main/gov.txt # czds available also
|
||||||
|
|
||||||
|
wget -O nc.txt https://www.domaine.nc/whos?who=A* # Need to crawl the http maybe for this one...
|
||||||
|
|
||||||
# https://www.afnic.fr/produits-services/services-associes/donnees-partagees/
|
# https://www.afnic.fr/produits-services/services-associes/donnees-partagees/
|
||||||
|
|
36
mdaxfr
36
mdaxfr
@ -1,22 +1,21 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# Mass DNS AXFR (POSIX version) - developed by acidvegas (https://git.acid.vegas/mdaxfr)
|
# Mass DNS AXFR (POSIX version) - developed by acidvegas (https://git.acid.vegas/mdaxfr)
|
||||||
|
|
||||||
OUTPUT_DIR="axfrout"
|
# Define the current date for data organization
|
||||||
mkdir -p "$OUTPUT_DIR"
|
now=$(date +"%Y-%m-%d")
|
||||||
mkdir -p "$OUTPUT_DIR/root"
|
|
||||||
mkdir -p "$OUTPUT_DIR/psl"
|
|
||||||
|
|
||||||
resolve_nameserver() {
|
# Define the output directory
|
||||||
dig +short AAAA $1 +short -t A $1 2>/dev/null
|
output="axfrout/$now"
|
||||||
}
|
|
||||||
|
|
||||||
|
# Function to attempt an AXFR request on all possible IP addresses for a nameserver
|
||||||
attempt_axfr() {
|
attempt_axfr() {
|
||||||
tld=$1
|
tld=$1
|
||||||
nameserver=$2
|
nameserver=$2
|
||||||
filename="$3"
|
filename="$3"
|
||||||
temp_file="${filename}.temp"
|
|
||||||
|
|
||||||
nameserver_ips=$(resolve_nameserver "$nameserver")
|
temp_file="${filename}.temp"
|
||||||
|
nameserver_ips=$(dig +short A +retry=3 +time=10 $nameserver && dig +short AAAA +retry=3 +time=10 $nameserver)
|
||||||
|
|
||||||
if [ -z "$nameserver_ips" ]; then
|
if [ -z "$nameserver_ips" ]; then
|
||||||
echo -e "\e[31m[FAIL]\e[0m AXFR for \e[36m$tld\e[0m on \e[33m$nameserver\e[0m \e[90m(failed to resolve nameserver)\e[0m"
|
echo -e "\e[31m[FAIL]\e[0m AXFR for \e[36m$tld\e[0m on \e[33m$nameserver\e[0m \e[90m(failed to resolve nameserver)\e[0m"
|
||||||
return
|
return
|
||||||
@ -35,21 +34,20 @@ attempt_axfr() {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "[\e[31mWARNING\e[0m] Most nameservers will block AXFR requests \e[90m(It is normal for most of these to fail)\e[0m"
|
# Create the output directories (if they don't exist)
|
||||||
sleep 3
|
mkdir -p "$output/root"
|
||||||
|
mkdir -p "$output/psl"
|
||||||
|
|
||||||
# For root IP space zones
|
# Give a warning about the current state of AXFR requests
|
||||||
for i in $(seq 0 255); do
|
echo "[\e[31mWARNING\e[0m] Most nameservers will block AXFR requests \e[90m(It is normal for most of these to fail)\e[0m" && sleep 3
|
||||||
dig +nocmd +noall +answer +multiline $i.in-addr.arpa NS >> $OUTPUT_DIR/root/in-addr.arpa.txt
|
|
||||||
done
|
|
||||||
|
|
||||||
# For root nameservers
|
# For root nameservers
|
||||||
for root in $(dig +short . NS | sed 's/\.$//'); do
|
for root in $(dig +short . NS | sed 's/\.$//'); do
|
||||||
attempt_axfr "." "$root" "$OUTPUT_DIR/root/$root.txt"
|
attempt_axfr "." "$root" "$output/root/$root.txt"
|
||||||
done
|
done
|
||||||
|
|
||||||
# Parse the tld list from a root nameserver
|
# Parse the tld list from a root nameserver
|
||||||
rndroot=$(find $OUTPUT_DIR/root/*.root-servers.net.txt -type f | shuf -n 1)
|
rndroot=$(find $output/root/*.root-servers.net.txt -type f | shuf -n 1)
|
||||||
if [ -z $rndroot ]; then
|
if [ -z $rndroot ]; then
|
||||||
echo "Failed to AXFR a root nameserver (using IANA list instead)"
|
echo "Failed to AXFR a root nameserver (using IANA list instead)"
|
||||||
tlds=$(curl -s 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt' | tail -n +2 | tr '[:upper:]' '[:lower:]')
|
tlds=$(curl -s 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt' | tail -n +2 | tr '[:upper:]' '[:lower:]')
|
||||||
@ -60,13 +58,13 @@ fi
|
|||||||
# For TLD nameservers
|
# For TLD nameservers
|
||||||
for tld in $tlds; do
|
for tld in $tlds; do
|
||||||
for ns in $(dig +short "$tld" NS | sed 's/\.$//'); do
|
for ns in $(dig +short "$tld" NS | sed 's/\.$//'); do
|
||||||
attempt_axfr "$tld" "$ns" "$OUTPUT_DIR/$tld.txt"
|
attempt_axfr "$tld" "$ns" "$output/$tld.txt"
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
# For Public Suffix List TLD nameservers
|
# For Public Suffix List TLD nameservers
|
||||||
for tld in $(curl -s https://publicsuffix.org/list/public_suffix_list.dat | grep -vE '^(//|.*[*!])' | grep '\.' | awk '{print $1}'); do
|
for tld in $(curl -s https://publicsuffix.org/list/public_suffix_list.dat | grep -vE '^(//|.*[*!])' | grep '\.' | awk '{print $1}'); do
|
||||||
for ns in $(dig +short "$tld" NS | sed 's/\.$//'); do
|
for ns in $(dig +short "$tld" NS | sed 's/\.$//'); do
|
||||||
attempt_axfr "$tld" "$ns" "$OUTPUT_DIR/psl/$tld.txt"
|
attempt_axfr "$tld" "$ns" "$output/psl/$tld.txt"
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
Loading…
Reference in New Issue
Block a user