Initial commit

This commit is contained in:
Dionysus 2023-11-04 23:43:03 -04:00
commit 83e3fc7505
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
4 changed files with 139 additions and 0 deletions

15
LICENSE Normal file
View File

@ -0,0 +1,15 @@
ISC License
Copyright (c) 2023, acidvegas <acid.vegas@acid.vegas>
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

11
README.md Normal file
View File

@ -0,0 +1,11 @@
# NSECX
###### Rsearch project on NSEC[3] walking for DNSSEC enabled Zones
The repository contains utilities for DNSSEC zone enumeration and subdomain discovery via NSEC/NSEC3 walking. It focuses on extracting and analyzing DNSSEC records for TLDs and specific target domains. Meant for educational purposes, security research, and sanctioned penetration testing, these tools aid in uncovering the underlying mechanisms of DNS security.
## Work in progress: More coming soon...
___
###### Mirrors
[acid.vegas](https://git.acid.vegas/nsecx) • [GitHub](https://github.com/acidvegas/nsecx) • [GitLab](https://gitlab.com/acidvegas/nsecx) • [SuperNETs](https://git.supernets.org/acidvegas/nsecx)

32
nsec Executable file
View File

@ -0,0 +1,32 @@
#!/bin/sh
# NSEC walk script for DNSSEC - developed by acidvegas (https://git.acid.vegas/nsecx)
# This script will walk through a DNS zone using NSEC records.
# TLD to start the walk from
tld="$1"
# Initialize the top-level domain (TLD) to start the walk from
current_domain="$tld"
# Loop to walk through the zone using NSEC records
while true; do
# Perform the dig command to get the NSEC record for the current domain
output="$(dig +trace $current_domain NSEC)"
# Use grep to find the line with the current domain and then use awk to extract the next domain
next_domain=$(echo "$output" | grep -F "$current_domain" | awk '$4 == "NSEC" { print $5 }')
# Check if we got a valid next domain
if [ -z "$next_domain" ] || [ "$next_domain" = "$current_domain" ]; then
echo "$output"
echo "End of zone reached or no more domains found."
break
fi
# Print the next domain
echo "Next domain: $next_domain"
# Update the current domain to the next one for the following iteration
current_domain=$next_domain
done

81
tldsec Executable file
View File

@ -0,0 +1,81 @@
#!/bin/sh
# NSEC walk script for DNSSEC - developed by acidvegas (https://git.acid.vegas/nsecx)
# This script will check the DNSSEC status of all TLDs and output the results separated by NSEC, NSEC3, and NODNSSEC.
# NSEC3 records will also include the NSEC3PARAM parameters for the zone as well for cracking in Hashcat.
# ANSI color codes
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
CYAN='\033[0;36m'
PURPLE='\033[0;35m'
GRAY='\033[1;30m'
NC='\033[0m' # No Color
# Create the output directory if it doesn't exist
mkdir -p output
# Fetch the list of TLDs using curl
tld_list=$(curl -s "https://data.iana.org/TLD/tlds-alpha-by-domain.txt")
# Check if the list was retrieved successfully
if [ -z "$tld_list" ]; then
printf "${RED}Failed to fetch the list of TLDs.${NC}\n"
exit 1
fi
# Get the total number of TLDs, excluding comments and empty lines
total_tlds=$(echo "$tld_list" | grep -v '^#' | grep -v '^$' | wc -l | tr -d ' ')
# Initialize TLD count
current_tld=0
nsec_total=0
nsec3_total=0
nodnssec_total=0
# Read through each TLD in the list
echo "$tld_list" | while read -r tld; do
# Skip comments and empty lines
case "$tld" in
\#*|"") continue;;
esac
# Increase TLD count
current_tld=$((current_tld + 1))
# Convert TLD to lowercase using tr
tld=$(printf "%s" "$tld" | tr '[:upper:]' '[:lower:]')
# Check for DNSSEC records
output=$(dig +short ${tld}. DNSKEY)
if [ -z "$output" ]; then
nodnssec_total=$((nodnssec_total + 1))
echo "$tld" >> output/nodnssec.txt
else
nsec_output=$(dig +short ${tld}. NSEC)
nsec3_output=$(dig +short ${tld}. NSEC3PARAM)
if [ -n "$nsec_output" ]; then
nsec_total=$((nsec_total + 1))
echo "$tld" >> output/nsec.txt
elif [ -n "$nsec3_output" ]; then
nsec3_total=$((nsec3_total + 1))
nsec3_params=$(echo "$nsec3_output" | awk '{print $1,$2,$3,$4}')
echo "${tld}:${nsec3_params}" >> output/nsec3.txt
else
nodnssec_total=$((nodnssec_total + 1))
echo "$tld" >> output/nodnssec.txt
fi
fi
# Output the summarized status line with color
printf "\r${CYAN}%s/%s${NC} ${GRAY}|${NC} ${GREEN}NSEC: ${NC}%s ${GRAY}|${NC} ${YELLOW}NSEC3: ${NC}%s ${GRAY}|${NC} ${RED}NODNSSEC: ${NC}%s ${GRAY}|${NC} Checking ${PURPLE}%s${NC}... " \
"$current_tld" "$total_tlds" \
"$nsec_total" "$nsec3_total" "$nodnssec_total" "$tld"
done
# Move to a new line after the loop is done to avoid overwriting the last line
echo
echo "Check completed! Data written to the output directory."