Added full dnssec data for all tlds and started improving nsec/nsec3 walks

nsec

@@ -1,5 +1,6 @@
 #!/bin/sh
 # NSEC walk script for DNSSEC - developed by acidvegas (https://git.acid.vegas/nsecx)
+# nsec
 
 # This script will walk through a DNS zone using NSEC records.
 
@@ -9,9 +10,15 @@ tld="$1"
 # Initialize the top-level domain (TLD) to start the walk from
 current_domain="$tld"
 
+#dns_servers=$(curl -s https://public-dns.info/nameservers.txt | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}')
+
 # Loop to walk through the zone using NSEC records
 while true; do
+    # Select a random DNS server from the list
+   #nameserver=$(shuf -n 1 -e $dns_servers)
+
     # Perform the dig command to get the NSEC record for the current domain
+    #output="$(dig @${nameserver} +trace $current_domain NSEC)"
     output="$(dig +trace $current_domain NSEC)"
 
     # Use grep to find the line with the current domain and then use awk to extract the next domain

nsec3

@@ -0,0 +1,14 @@
+#!/bin/bash
+# NSEC walk script for DNSSEC - developed by acidvegas (https://git.acid.vegas/nsecx)
+
+# https://github.com/anonion0/nsec3map
+#python3 -m pip install n3map[predict]
+
+TARGET=$1 # Can simply be a TLD (no dot)
+mkdir -p output
+for NS in $(dig @8.8.8.8 +short NS $TARGET | sort -R); do
+	IPADDR=$(dig +short "$1" A || dig +short "$1" AAAA)
+	echo "Targeting $TARGET on $NS ($IPADDR)..."
+	n3map -avpl --output=output/$TARGET_$NS.txt $IPV4 --ignore-overlapping $TARGET
+	echo "-------------------------"
+done

output/nodnssec.txt

@@ -0,0 +1,98 @@
+ae
+al
+ao
+aq
+as
+ba
+bb
+bf
+bi
+bo
+bs
+bw
+cd
+cf
+cg
+ck
+cm
+cu
+cv
+cw
+dj
+do
+eg
+fk
+ga
+gb
+ge
+gf
+gh
+gm
+gp
+gq
+gt
+gu
+hm
+im
+iq
+jm
+jo
+kh
+km
+kn
+kp
+ls
+mh
+mk
+ml
+mo
+mp
+mq
+ms
+mt
+mu
+mv
+mw
+mz
+ne
+ng
+ni
+np
+nr
+pa
+pf
+pg
+pk
+pn
+ps
+qa
+sd
+sm
+sr
+st
+sv
+sy
+sz
+tc
+td
+tg
+tj
+tk
+to
+va
+vi
+xn--d1alf
+xn--j1amh
+xn--lgbbat1ad8j
+xn--mgba3a4f16a
+xn--mgbaam7a8h
+xn--mgbayh7gpa
+xn--mgbc0a9azcg
+xn--mgbpl2fh
+xn--mgbtx2b
+xn--mix891f
+xn--node
+xn--ogbpf8fl
+xn--wgbl6a
+ye
+zw

output/nsec.txt

@@ -0,0 +1,51 @@
+arpa
+audio
+auto
+ax
+bd
+br
+bt
+car
+cars
+ch
+christmas
+ci
+diet
+dz
+ee
+er
+flowers
+game
+gdn
+gn
+gov
+guitars
+hosting
+id
+ir
+kg
+kz
+lb
+li
+lk
+lol
+lr
+mc
+mom
+nu
+pics
+pr
+ruhr
+se
+sl
+tn
+tz
+ve
+xn--54b7fta0cc
+xn--80ao21a
+xn--fzc2c9e2c
+xn--l1acc
+xn--mgbai9azgqp6j
+xn--pgbs0dh
+xn--xkc2al3hye2a
+xn--ygbi2ammx

tldsec

@@ -1,5 +1,6 @@
 #!/bin/sh
 # NSEC walk script for DNSSEC - developed by acidvegas (https://git.acid.vegas/nsecx)
+# tldsec
 
 # This script will check the DNSSEC status of all TLDs and output the results separated by NSEC, NSEC3, and NODNSSEC.
 # NSEC3 records will also include the NSEC3PARAM parameters for the zone as well for cracking in Hashcat.
@@ -11,18 +12,15 @@ YELLOW='\033[0;33m'
 CYAN='\033[0;36m'
 PURPLE='\033[0;35m'
 GRAY='\033[1;30m'
-NC='\033[0m' # No Color
+NC='\033[0m'
 
 # Create the output directory if it doesn't exist
 mkdir -p output
 
 # Parse the tld list from a root nameserver (todo: randomize the root nameserver)
-rndroot=$(dig AXFR . @a.root-servers.net | grep -E 'IN\s+NS' | awk '{print $1}' | sed 's/\.$//' | sort -u)
+tld_list=$(dig AXFR . @g.root-servers.net | grep -E 'IN\s+NS' | awk '{print $1}' | sed 's/\.$//' | sort -u)
-if [ -z $rndroot ]; then
+if [ -z $tld_list ]; then
-	echo "Failed to AXFR a root nameserver (using IANA list instead)"
+	tld_list=$(curl -s 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt' | tail -n +2 | tr '[:upper:]' '[:lower:]')
-	tlds=$(curl -s 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt' | tail -n +2 | tr '[:upper:]' '[:lower:]')
-else 
-	tlds=$(echo  | )
 fi
 
 # Check if the list was retrieved successfully
@@ -81,7 +79,4 @@ echo "$tld_list" | while read -r tld; do
            "$nsec_total" "$nsec3_total" "$nodnssec_total" "$tld"
 done
 
-# Move to a new line after the loop is done to avoid overwriting the last line
+echo "\nCheck completed! Data written to the output directory."
-echo
-
-echo "Check completed! Data written to the output directory."