acidvegas/mdaxfr
acidvegas/mdaxfr
1
Fork 0
Code Issues Pull Requests Activity
b70bc1b6f2
mdaxfr/mdaxfr

93 lines
3.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# Mass DNS AXFR (POSIX version) - developed by acidvegas (https://git.acid.vegas/mdaxfr)
# Usage:
# AXFR on a single domain:
# ./mdaxfr <domain>
# AXFR on a list of domains:
# cat domain_list.txt | ./mdaxfr
# AXFR on a list of domains using parallel:
# parallel -a domain_list.txt -j 10 ./mdaxfr
# AXFR on all domains in an AXFR output file:
# domain="in-addr.arpa" cat axfrout/in-addr.arpa.txt | grep -aE "\s+IN\s+NS\s+" | grep -avE "^${domain}\.\s+" | awk '{print $1}' | sort -u | sed 's/\.$//' | ./mdaxfr
# AXFR on all TLDs:
# curl -s 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt' | tail -n +2 | tr '[:upper:]' '[:lower:]' | ./mdaxfr
# AXFR on all PSL TLDs:
# curl -s https://publicsuffix.org/list/public_suffix_list.dat | grep -vE '^(//|.*[*!])' | grep '\.' | awk '{print $1}' | ./mdaxfr
# AXFR one-liner to rule them all:
# curl -s https://www.internic.net/domain/root.zone | awk '$4=="A" || $4=="AAAA" {print substr($1, 3) " " $5}' | sed 's/\.$//' | xargs -n2 sh -c 'dig AXFR "$0" "@$1"'
# Colors
BLUE="\033[1;34m"
CYAN="\033[1;36m"
GREEN="\033[1;32m"
GREY="\033[1;90m"
PINK="\033[1;95m"
PURPLE="\033[0;35m"
RED="\033[1;31m"
YELLOW="\033[1;33m"
RESET="\033[0m"
# Set output directory
output_dir="axfrout"
mkdir -p $output_dir
axfr() {
domain=$1
ns=$2
ip=$3
echo " ${YELLOW}Attempting AXFR for ${CYAN}${domain}${YELLOW} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}"
axfr_output=$(dig +retry=3 +time=10 @$ip AXFR $domain)
axfr_status=$?
if [ $axfr_status -eq 0 ] && echo "$axfr_output" | grep -q "XFR size: "; then
echo "$axfr_output" > "${output_dir}/axfr-${domain}_${ns}_${ip}.txt"
size=$(echo "$axfr_output" | awk '/XFR size:/ {print $4}')
echo " ${GREEN}Successful AXFR for ${CYAN}${domain}${GREEN} from ${PURPLE}${ns} ${GREY}(${ip}) ${GREEN}found ${size} records${RESET}"
else
echo " ${RED} Failed AXFR for ${CYAN}${domain}${RED} from ${PURPLE}${ns} ${GREY}(${ip})${RESET}"
fi
}
process_domain() {
domain=$1
domain=$(echo "$domain" | sed -e 's|^\(https\?://\)\?||' -e 's|^www\.||' -e 's|/.*||')
echo "${PINK}Looking up nameservers for ${CYAN}${domain}${RESET}"
nameservers=$(dig +short +retry=3 +time=10 $domain NS | sed 's/\.$//')
[ -z "$nameservers" ] && echo " ${GREY}No nameservers found for ${CYAN}${domain}${RESET}" && return
total_nameservers=$(echo "$nameservers" | wc -l)
echo " ${BLUE}Found ${total_nameservers} nameservers for ${CYAN}${domain}${RESET}"
for ns in $nameservers; do
echo " ${PINK}Looking up IP addresses for ${PURPLE}${ns}${RESET}"
ns_ip=$(dig +short +retry=3 +time=10 $ns A && dig +short +retry=3 +time=10 $ns AAAA)
[ -z "$ns_ip" ] && echo " ${GREY}No IP addresses found on ${PURPLE}${ns}${GREY} for ${CYAN}${domain}${RESET}" && continue
total_ip=$(echo "$ns_ip" | wc -l)
echo " ${BLUE}Found ${total_ip} IP addresses on ${PURPLE}${ns}${BLUE} for ${CYAN}${domain}${RESET}"
for ip in $ns_ip; do
axfr "$domain" "$ns" "$ip"
done
done
}
if [ -t 0 ]; then
[ $# -ne 1 ] && echo "Usage: $0 <domain> or cat domain_list.txt | $0" && exit 1
process_domain $1
else
while IFS= read -r line; do
process_domain $line
done
fi
Reference in New Issue View Git Blame Copy Permalink