acidvegas/mdaxfr
acidvegas/mdaxfr
1
Fork 0
Code Issues Pull Requests Activity

POSIX script has been debugged and improved. Color support added. Fixed parsing root-zones

Browse Source
This commit is contained in:
Dionysus 2023-11-23 15:31:46 -05:00
parent b73cc90d52
commit a05c4c2eb0
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
4 changed files with 48 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -18,7 +18,14 @@ It is expected to set *realistic* expectations when using this tool. In contempo
## Information ## Information
I only wrote this to shit on **[this bozo](https://github.com/flotwig/TLDR-2/)** who took a dead project & brought it back to life by making it even worse. Rather than making a pull request to give this bloke more credit in his "tenure" as a developer, I decided to just rewrite it all from scratch so people can fork off of *clean* code instead. I only wrote this to shit on **[this bozo](https://github.com/flotwig/TLDR-2/)** who took a dead project & brought it back to life by making it even worse. Rather than making a pull request to give this bloke more credit in his "tenure" as a developer, I decided to just rewrite it all from scratch so people can fork off of *clean* code instead.
This repostiory also contains a [pure POSIX version](./mdaxfr) for portability, aswell as a [script](./opennic) to do zone transfers on [OpenNIC TLDs](https://wiki.opennic.org/opennic/dot). This repostiory also contains a [pure POSIX version](./mdaxfr) for portability, aswell as a [script](./opennic) to do zone transfers on [OpenNIC TLDs](https://wiki.opennic.org/opennic/dot). Included also is a special [ozones](./ozones) script for fetching a few obscure zones in a non-convential manner.
## One Liner (YEAH THATS RIGHT)
Just flexing nuts here...little one-liner MASS zone AXFR, ok?
```bash
curl -s https://www.internic.net/domain/root.zone | awk '$4=="A" || $4=="AAAA" {print substr($1, 3) " " $5}' | sed 's/\.$//' | xargs -n2 sh -c 'dig AXFR "$0" "@$1"'
```
___ ___

50
mdaxfr
View File

@ -11,36 +11,40 @@ resolve_nameserver() {
} }
attempt_axfr() { attempt_axfr() {
tld=$1 tld=$1
nameserver=$2 nameserver=$2
filename="$3" filename="$3"
temp_file="${filename}.temp" temp_file="${filename}.temp"
nameserver_ips=$(resolve_nameserver "$nameserver") nameserver_ips=$(resolve_nameserver "$nameserver")
if [ -z "$nameserver_ips" ]; then if [ -z "$nameserver_ips" ]; then
echo "Failed to resolve nameserver $nameserver" echo -e "\e[31m[FAIL]\e[0m AXFR for \e[36m$tld\e[0m on \e[33m$nameserver\e[0m \e[90m(failed to resolve nameserver)\e[0m"
return return
fi fi
for nameserver_ip in $nameserver_ips; do for nameserver_ip in $nameserver_ips; do
dig AXFR "$tld" "@$nameserver_ip" > "$temp_file" dig AXFR "$tld" "@$nameserver_ip" > "$temp_file"
if [ $? -eq 0 ]; then if grep -Eq 'Transfer failed|timed out|connection refused' "$temp_file"; then
mv "$temp_file" "$filename" echo -e "[\e[31mFAIL\e[0m] AXFR for \e[36m$tld\e[0m on \e[33m$nameserver\e[0m \e[90m($nameserver_ip)\e[0m"
return rm -f "$temp_file"
else else
echo "Failed to perform zone transfer from $nameserver for $tld" mv "$temp_file" "$filename"
rm -f "$temp_file" echo -e "[\e[32mSUCCESS\e[0m] AXFR for \e[36m$tld\e[0m on \e[33m$nameserver\e[0m \e[90m($nameserver_ip)\e[0m"
fi return
done fi
done
} }
echo "[\e[31WARNING\e[0m] Most nameservers will block AXFR requests \e[90m(It is normal for most of these to fail)\e[0m"
sleep 3
# For root nameservers # For root nameservers
for root in $(dig +short . NS); do for root in $(dig +short . NS | sed 's/\.$//'); do
attempt_axfr "." "$root" "$OUTPUT_DIR/root/$root.txt" attempt_axfr "." "$root" "$OUTPUT_DIR/root/$root.txt"
done done
# Parse the tld list from a root nameserver # Parse the tld list from a root nameserver
rndroot=$(find $OUTPUT/root/*.root-servers.net.txt -type f | shuf -n 1) rndroot=$(find $OUTPUT_DIR/root/*.root-servers.net.txt -type f | shuf -n 1)
if [ -z $rndroot ]; then if [ -z $rndroot ]; then
echo "Failed to AXFR a root nameserver (using IANA list instead)" echo "Failed to AXFR a root nameserver (using IANA list instead)"
tlds=$(curl -s 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt' | tail -n +2 | tr '[:upper:]' '[:lower:]') tlds=$(curl -s 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt' | tail -n +2 | tr '[:upper:]' '[:lower:]')
@ -50,14 +54,14 @@ fi
# For TLD nameservers # For TLD nameservers
for tld in $tlds; do for tld in $tlds; do
for ns in $(dig +short "$tld" NS); do for ns in $(dig +short "$tld" NS | sed 's/\.$//'); do
attempt_axfr "$tld" "$ns" "$OUTPUT_DIR/$tld.txt" attempt_axfr "$tld" "$ns" "$OUTPUT_DIR/$tld.txt"
done done
done done
# For Public Suffix List TLD nameservers # For Public Suffix List TLD nameservers
for tld in $(curl -s https://publicsuffix.org/list/public_suffix_list.dat | grep -vE '^(//|.*[*!])' | grep '\.' | awk '{print $1}'); do for tld in $(curl -s https://publicsuffix.org/list/public_suffix_list.dat | grep -vE '^(//|.*[*!])' | grep '\.' | awk '{print $1}'); do
for ns in $(dig +short "$tld" NS); do for ns in $(dig +short "$tld" NS | sed 's/\.$//'); do
attempt_axfr "$tld" "$ns" "$OUTPUT_DIR/psl/$tld.txt" attempt_axfr "$tld" "$ns" "$OUTPUT_DIR/psl/$tld.txt"
done done
done done

13
mdaxfr.py
View File

@ -39,9 +39,10 @@ def attempt_axfr(tld: str, nameserver: str, filename: str):
os.rename(temp_file, filename) os.rename(temp_file, filename)
break break
except Exception as ex: except Exception as ex:
# Most zone transfers are blocked, so we don't want to log them
#logging.error(f'Failed to perform zone transfer from {nameserver} ({ns}) for {tld}: {ex}')
if os.path.exists(temp_file): if os.path.exists(temp_file):
os.remove(temp_file) os.remove(temp_file)
logging.error(f'Failed to perform zone transfer from {nameserver} ({ns}) for {tld}: {ex}')
def get_nameservers(target: str) -> list: def get_nameservers(target: str) -> list:
@ -67,7 +68,7 @@ def get_root_tlds() -> list:
if rndroot: if rndroot:
tlds = sorted(set([item.split()[0][:-1] for item in open(rndroot).read().split('\n') if item and 'IN' in item and 'NS' in item])) tlds = sorted(set([item.split()[0][:-1] for item in open(rndroot).read().split('\n') if item and 'IN' in item and 'NS' in item]))
else: else:
logging.warning('Failed to find root nameserver list, using IANA list') logging.warning('Failed to find root nameserver list...fallback to using IANA list')
tlds = urllib.request.urlopen('https://data.iana.org/TLD/tlds-alpha-by-domain.txt').read().decode('utf-8').lower().split('\n')[1:] tlds = urllib.request.urlopen('https://data.iana.org/TLD/tlds-alpha-by-domain.txt').read().decode('utf-8').lower().split('\n')[1:]
random.shuffle(tlds) random.shuffle(tlds)
return tlds return tlds
@ -114,10 +115,12 @@ if __name__ == '__main__':
parser.add_argument('-t', '--timeout', type=int, default=15, help='DNS timeout (default: 15)') parser.add_argument('-t', '--timeout', type=int, default=15, help='DNS timeout (default: 15)')
args = parser.parse_args() args = parser.parse_args()
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
os.makedirs(args.output, exist_ok=True) os.makedirs(args.output, exist_ok=True)
dns.resolver._DEFAULT_TIMEOUT = args.timeout dns.resolver._DEFAULT_TIMEOUT = args.timeout
# Grab the root nameservers logging.info('Fetching root nameservers...')
os.makedirs(os.path.join(args.output, 'root'), exist_ok=True) os.makedirs(os.path.join(args.output, 'root'), exist_ok=True)
with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor: with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor:
futures = [executor.submit(attempt_axfr, '', root, os.path.join(args.output, f'root/{root}.txt')) for root in get_nameservers('')] futures = [executor.submit(attempt_axfr, '', root, os.path.join(args.output, f'root/{root}.txt')) for root in get_nameservers('')]
@ -127,7 +130,7 @@ if __name__ == '__main__':
except Exception as e: except Exception as e:
logging.error(f'Error in root server task: {e}') logging.error(f'Error in root server task: {e}')
# Get the root TLDs logging.info('Fetching root TLDs...')
with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor: with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor:
futures = [executor.submit(attempt_axfr, tld, ns, os.path.join(args.output, tld + '.txt')) for tld in get_root_tlds() for ns in get_nameservers(tld) if ns] futures = [executor.submit(attempt_axfr, tld, ns, os.path.join(args.output, tld + '.txt')) for tld in get_root_tlds() for ns in get_nameservers(tld) if ns]
for future in concurrent.futures.as_completed(futures): for future in concurrent.futures.as_completed(futures):
@ -136,7 +139,7 @@ if __name__ == '__main__':
except Exception as e: except Exception as e:
logging.error(f'Error in TLD task: {e}') logging.error(f'Error in TLD task: {e}')
# Get the Public Suffix List logging.info('Fetching PSL TLDs...')
os.makedirs(os.path.join(args.output, 'psl'), exist_ok=True) os.makedirs(os.path.join(args.output, 'psl'), exist_ok=True)
with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor: with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor:
futures = [executor.submit(attempt_axfr, tld, ns, os.path.join(args.output, f'psl/{tld}.txt')) for tld in get_psl_tlds() for ns in get_nameservers(tld) if ns] futures = [executor.submit(attempt_axfr, tld, ns, os.path.join(args.output, f'psl/{tld}.txt')) for tld in get_psl_tlds() for ns in get_nameservers(tld) if ns]

12
ozones
View File

@ -1,31 +1,29 @@
#!/bin/sh #!/bin/sh
# Mass DNS AXFR (other zones) - developed by acidvegas (https://git.acid.vegas/mdaxfr) # Mass DNS AXFR (other zones) - developed by acidvegas (https://git.acid.vegas/mdaxfr)
```bash
curl -s https://www.internic.net/domain/root.zone | awk '$4=="NS" {gsub(/\.$/, "", $NF); print $NF}' curl -s https://www.internic.net/domain/root.zone | awk '$4=="NS" {gsub(/\.$/, "", $NF); print $NF}'
curl -s https://www.internic.net/domain/root.zone | awk '$4=="A" || $4=="AAAA" {print $5}' curl -s https://www.internic.net/domain/root.zone | awk '$4=="A" || $4=="AAAA" {print $5}'
```
```bash
# https://portal.switch.ch/pub/open-data/#tab-fccd70a3-b98e-11ed-9a74-5254009dc73c-3 # https://portal.switch.ch/pub/open-data/#tab-fccd70a3-b98e-11ed-9a74-5254009dc73c-3
dig @zonedata.switch.ch ch. AXFR -y hmac-sha512:tsig-zonedata-ch-public-21-01:stZwEGApYumtXkh73qMLPqfbIDozWKZLkqRvcjKSpRnsor6A6MxixRL6C2HeSVBQNfMW4wer+qjS0ZSfiWiJ3Q== > ch.txt dig @zonedata.switch.ch ch. AXFR -y hmac-sha512:tsig-zonedata-ch-public-21-01:stZwEGApYumtXkh73qMLPqfbIDozWKZLkqRvcjKSpRnsor6A6MxixRL6C2HeSVBQNfMW4wer+qjS0ZSfiWiJ3Q== > ch.txt
dig @zonedata.switch.ch li. AXFR -y hmac-sha512:tsig-zonedata-li-public-21-01:t8GgeCn+fhPaj+cRy1epox2Vj4hZ45ax6v3rQCkkfIQNg5fsxuU23QM5mzz+BxJ4kgF/jiQyBDBvL+XWPE6oCQ== > li.txt dig @zonedata.switch.ch li. AXFR -y hmac-sha512:tsig-zonedata-li-public-21-01:t8GgeCn+fhPaj+cRy1epox2Vj4hZ45ax6v3rQCkkfIQNg5fsxuU23QM5mzz+BxJ4kgF/jiQyBDBvL+XWPE6oCQ== > li.txt
dig @zonedata.iis.se se AXFR > se.txt dig @zonedata.iis.se se AXFR > se.txt
dig @zonedata.iis.se nu AXFR > nu.txt dig @zonedata.iis.se nu AXFR > nu.txt
dig @zone.internet.ee ee. AXFR > ee.txt dig @zone.internet.ee ee. AXFR > ee.txt
dig @ns1.gov.ps xn--ygbi2ammx. AXFR > xn--ygbi2ammx.txt dig @ns1.gov.ps xn--ygbi2ammx. AXFR > xn--ygbi2ammx.txt
wget -O sk.txt https://sk-nic.sk/subory/domains.txt wget -O sk.txt https://sk-nic.sk/subory/domains.txt
wget -O gov.txt https://raw.githubusercontent.com/cisagov/dotgov-data/main/gov.txt wget -O gov.txt https://raw.githubusercontent.com/cisagov/dotgov-data/main/gov.txt
wget -O nc.txt https://www.domaine.nc/whos?who=A* wget -O nc.txt https://www.domaine.nc/whos?who=A*
# https://www.afnic.fr/produits-services/services-associes/donnees-partagees/ # https://www.afnic.fr/produits-services/services-associes/donnees-partagees/
# not sure about this one.... curl -s -H 'Accept: application/json' 'https://odata.domain.fi/OpenDomainData.svc/Domains?$inlinecount=allpages' # not sure about this one....
curl -s -H 'Accept: application/json' 'https://odata.domain.fi/OpenDomainData.svc/Domains?$inlinecount=allpages'
wget -O dn42.txt http://ix.ucis.nl/dn42/dnszone2.php? wget -O dn42.txt http://ix.ucis.nl/dn42/dnszone2.php? # Darknet
``` ```