2023-11-05 03:43:03 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
# NSEC walk script for DNSSEC - developed by acidvegas (https://git.acid.vegas/nsecx)
|
2023-11-14 04:01:08 +00:00
|
|
|
# nsec
|
2023-11-05 03:43:03 +00:00
|
|
|
|
|
|
|
|
# This script will walk through a DNS zone using NSEC records.
|
|
|
|
|
|
|
|
|
|
# TLD to start the walk from
|
|
|
|
|
tld="$1"
|
|
|
|
|
|
|
|
|
|
# Initialize the top-level domain (TLD) to start the walk from
|
|
|
|
|
current_domain="$tld"
|
|
|
|
|
|
2023-11-14 04:01:08 +00:00
|
|
|
#dns_servers=$(curl -s https://public-dns.info/nameservers.txt | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}')
|
|
|
|
|
|
2023-11-05 03:43:03 +00:00
|
|
|
# Loop to walk through the zone using NSEC records
|
|
|
|
|
while true; do
|
2023-11-14 04:01:08 +00:00
|
|
|
# Select a random DNS server from the list
|
|
|
|
|
#nameserver=$(shuf -n 1 -e $dns_servers)
|
|
|
|
|
|
2023-11-05 03:43:03 +00:00
|
|
|
# Perform the dig command to get the NSEC record for the current domain
|
2023-11-14 04:01:08 +00:00
|
|
|
#output="$(dig @${nameserver} +trace $current_domain NSEC)"
|
2023-11-05 03:43:03 +00:00
|
|
|
output="$(dig +trace $current_domain NSEC)"
|
|
|
|
|
|
|
|
|
|
# Use grep to find the line with the current domain and then use awk to extract the next domain
|
|
|
|
|
next_domain=$(echo "$output" | grep -F "$current_domain" | awk '$4 == "NSEC" { print $5 }')
|
|
|
|
|
|
|
|
|
|
# Check if we got a valid next domain
|
|
|
|
|
if [ -z "$next_domain" ] || [ "$next_domain" = "$current_domain" ]; then
|
|
|
|
|
echo "$output"
|
|
|
|
|
echo "End of zone reached or no more domains found."
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Print the next domain
|
|
|
|
|
echo "Next domain: $next_domain"
|
|
|
|
|
|
|
|
|
|
# Update the current domain to the next one for the following iteration
|
|
|
|
|
current_domain=$next_domain
|
|
|
|
|
done
|
