-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathdnsrr.sh
195 lines (176 loc) · 4.44 KB
/
dnsrr.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
#!/bin/bash
currentdir=$(pwd)
scriptdir=$(dirname "$0")
function banner()
{
if [ $# -eq 1 ]
then
echo "==========================================="
echo -e "== \033[1;33mDNSrr\033[0m =================================="
echo "==========================================="
echo -e "== Twitter : \033[1;36m@A3h1nt\033[0m ======================"
echo "==========================================="
echo -e "== Attempting : \033[1;31m$1\033[0m "
echo "==========================================="
else
echo "==========================================="
echo -e "== \033[1;33mDNSrr\033[0m =================================="
echo "==========================================="
echo -e "== Twitter : \033[1;36m@A3h1nt\033[0m ======================"
echo "==========================================="
echo -e "== Attempting : \033[1;31m$1\033[0m "
echo "==========================================="
echo -e "== Wordlist : \033[1;32m$2\033[0m "
echo "==========================================="
fi
}
function zone_transfer()
{
dig axfr @$1 $2 | sort -t 'I' -k2 -u
}
function forward_lookup_bruteforce()
{
if [ $# -eq 1 ]
then
# Check if we can use host -l to dump the host list of the zone, if possible. Otherwise use the list.
dump_host_list=$(host -l $1 2> /dev/null)
if [[ $dump_host_list == *"failed"* ]] ; then
echo "Attempting from list.txt"
for i in $(cat list.txt);do host $i.$1;done | grep -v not | awk '{print $1 " : " $NF}'
else
host -l $1
fi
else
for ip in $(cat $2);do host $ip.$1;done | grep -v not | awk '{print $1 " : " $NF}'
fi
}
function reverse_lookup_bruteforce()
{
ip=$(host $1 | awk '{print $NF}' | head -1 | cut -d '.' -f-3)
if [[ $ip == *"NXDOMAIN"* ]]
then
echo "Invalid Domain Name!!!"
cd $currentdir && exit
fi
for i in $(seq 1 255);do host $ip.$i;done | grep -v not | awk '{print $1 " : " $NF}' | sed 's/.in-addr.arpa/ /g'
}
function cache_snooping()
{
for i in $(cat $2)
do
echo $i : `dig @$1 $i +norecurse | grep ANSWER | head -1 | awk -F , '{print $2}'` | grep -v 0
done
}
function xplain()
{
case $1 in
z|-z)
less xplain/zone_transfer.txt
;;
fb|-fb)
less xplain/forward_lookup_bruteforce.txt
;;
rb|-rb)
less xplain/reverse_lookup_bruteforce.txt
;;
cs|-cs)
less xplain/cache_snooping.txt
;;
*)
less xplain/thanks.txt
;;
esac
}
cd $scriptdir
if [ $# -lt 1 ]
then
echo "Use --help to see options"
cd $currentdir && exit
fi
if [ $1 == --help ]
then
echo "------------------- USAGE ------------------"
echo "-z : Attempt Zone Transfer"
echo " Syntax: ./dns.sh -z [Nameserver] [Domain Name]"
echo "-fb : Forward Lookup Bruteforce"
echo " Syntax: ./dns.sh [Domain Name]"
echo " Syntax: ./dns.sh [Domain Name] [Wordlist]"
echo "-rb : Reverse Lookup Bruteforce"
echo " Syntax: ./dns.sh [Domain Name]"
echo "-cs : Perform DNS Cache Snooping"
echo " Syntax: ./dns.sh [Name Server] [Wordlist]"
echo "-x : Explain A Particular Option"
echo " Syntax: ./dns.sh -x [Option_Flag]"
echo "------------------------------------------------"
cd $currentdir && exit
fi
# Case statements
case $1 in
# Zone Transfer
-z)
if [ $# -ne 3 ]
then
echo "Syntax Error !"
cd $currentdir && exit
fi
# Calling the function
banner "Zone Transfer"
zone_transfer $2 $3
;;
# Forward Lookup Bruteforce
-fb)
if [ $# -lt 2 ]
then
echo "Syntax Error !"
elif [ $# -eq 2 ]
then
# Calling the function
banner "Forward Lookup Bruteforce" "list.txt"
forward_lookup_bruteforce $2
elif [ $# -eq 3 ]
then
# Calling the function
banner "Forward Lookup Bruteforce" $3
forward_lookup_bruteforce $2 $3
else
echo "Use f***1g --help"
fi
;;
# Reverse Lookup Bruteforce
-rb)
if [ $# -ne 2 ]
then
echo "Syntax Error !"
cd $currentdir && exit
fi
# Calling the function
banner "Reverse Lookup Bruteforce"
reverse_lookup_bruteforce $2
;;
# DNS Cache Snooping
-cs)
if [ $# -ne 3 ]
then
echo "Syntax Error !"
cd $currentdir && exit
fi
# Calling the function
banner "DNS Cache Snooping" $3
cache_snooping $2 $3
;;
# Explain Options
-x)
if [ $# -ne 2 ]
then
echo "What to explain !!!"
cd $currentdir && exit
fi
# Calling the function
xplain $2
;;
# If i don't understand something
*)
echo "Invalid option or argument !!"
;;
esac
cd $currentdir