#!/bin/sh # dnsxplore # Author M.W. Baurichter a.k.a. M1ch13l - bugs: faust92@gmx.net # # Assigning variables # TEMPDIR=/tmp/dns$$ # use temp directory REVERSEDNS=1 # should reverse dns be checked (1=enable/0=disable) RUNLESS=1 # run less on results file (1=enable/0=disable) VER="0.3" # current version # Checking for input # if [ $# -lt 1 ]; then echo echo "==> Syntax: $0 [IP-address/domain]" echo "==> try './dnsxplore -h' for help" exit 1 elif [ "$1" = "-h" ]; then echo "==> dnsxplore by M1ch13l --faust92@gmx.net--" echo "==> Usage: dnsxplore -i|-d [IP-address/domainname]" echo echo "Flags:" echo "-i IP style (e.g. ./dnsexplore -i 146.27.40.210)" echo "-d domain style (e.g. ./dnsexplore -d microsoft.com)" exit 1 fi # Determine specified options # if [[ $1 == "-i" ]]; then IP=$2 STYLE=IP elif [[ $1 == "-d" ]]; then DOMAIN=$2 STYLE=DOMAIN else echo "==> Error: unknown option "$2 fi # Functions ---- # create_dir () { mkdir $TEMPDIR } remove_dir () { if [ -e $TEMPDIR ] then rm -fr $TEMPDIR fi } are_we_up () { ping -c 1 216.239.115.148 > $TEMPDIR/live-stat.tmp if [ -e $TEMPDIR/live-stat.tmp ] then count=`grep -c Unreachable $TEMPDIR/live-stat.tmp` if [ $count == 1 ] then echo "==> Error: no internet connection" echo "==> check your network settings ..." rm -f $TEMPDIR/live-stat.tmp exit 1 fi fi } process_domain () { host -l -v -t any $DOMAIN > $TEMPDIR/host.tmp dig $DOMAIN +nssearch|grep -v A.ROOT|grep SOA|cut -d " " -f11|uniq >> $TEMPDIR/dns.tmp for i in `cat $TEMPDIR/dns.tmp` do echo $i dig @$i axfr $DOMAIN > $TEMPDIR/$i.axfr.tmp dig @$i txt chaos version.bind > $TEMPDIR/$i.bind.tmp done grep "^[[:digit:]]*\.[[:digit:]]*\.[[:digit:]]*\.[[:digit:]]*" $TEMPDIR/*.tmp|grep -v 127.0.0.1|uniq > $TEMPDIR/$DOMAIN.ip.tmp if [[ -e $DOMAIN.ip.tmp ]] then for i in `cat $TEMPDIR/$DOMAIN.ip.tmp` do nmap -sP -R $i >> $TEMPDIR/$DOMAIN.reverse.tmp done fi results } process_ip () { nmap -sP -R $IP > $TEMPDIR/reverse.tmp lynx -dump -crawl http://www.ripe.net/perl/whois?$IP > $TEMPDIR/ripe.tmp for i in `grep "mnt-by:" $TEMPDIR/ripe.tmp | awk -F" " '{print $2}' | sort -u` do echo -e "Fetching auth methods of $i" # # Fetching AUTH methods ... # lynx -dump -crawl "http://www.ripe.net/perl/whois?searchtext=$i&form_type=simple" > $TEMPDIR/$i.auth.tmp sleep 3 AUTH=`grep "auth" $TEMPDIR/$i.auth.tmp` echo -e "$i has \n$AUTH">> $TEMPDIR/auth.tmp done results } results () { # # Generic section # echo "##############################################"> results.tmp echo "# dnsxplore version "$VER" by M1ch13l # ">>results.tmp echo "##############################################">>results.tmp echo "">>results.tmp echo "Date :" `date +%T-%D` >>results.tmp echo "Requested style:" $STYLE >>results.tmp echo "Query object :" $DOMAIN $IP >>results.tmp echo "">>results.tmp echo "">>results.tmp # # Section for domain # if [ -e $TEMPDIR/host.tmp ] then echo "">>results.tmp echo "#### Generic domain information ####">>results.tmp echo "">>results.tmp cat $TEMPDIR/host.tmp >> results.tmp fi if [ `ls $TEMPDIR/dns.tmp 2>/dev/null |wc -l` = 1 ] then echo "">>results.tmp echo "#### Authoritive nameservers ################">>results.tmp echo "">>results.tmp cat $TEMPDIR/dns.tmp >> results.tmp fi if [ ! `ls $TEMPDIR/*.axfr.tmp 2>/dev/null |wc -l` = 0 ] then echo "">>results.tmp echo "#### Zone Transfers #########################">>results.tmp echo "">>results.tmp for i in `ls $TEMPDIR/*.axfr.tmp` do nameserver=`echo $i|cut -d "/" -f3|cut -d "." -f1-3` echo "#### Nameserver:" $nameserver >>results.tmp cat $i >> results.tmp echo "" >> results.tmp done fi if [ ! `ls $TEMPDIR/*bind.tmp 2>/dev/null |wc -l` = 0 ]; then echo "">>results.tmp echo "#### Bind versions ###########################">>results.tmp echo "">>results.tmp for i in `ls $TEMPDIR/*.bind.tmp` do nameserver=`echo $i|cut -d "/" -f3|cut -d "." -f1-3` echo "#### Nameserver:" $nameserver >>results.tmp cat $i >> results.tmp echo "" >>results.tmp done fi if [ -e $TEMPDIR/$DOMAIN.reverse.tmp ] then echo "">>results.tmp echo "#### Reverse DNS Lookup ####################">>results.tmp echo "">>results.tmp cat $TEMPDIR/$DOMAIN.reverse.tmp >> results.tmp echo "" >> results.tmp fi # # Section for IP # if [ -e $TEMPDIR/reverse.tmp ] then echo "">>results.tmp echo "#### Reverse DNS Lookup ######################">>results.tmp echo "">>results.tmp cat $TEMPDIR/reverse.tmp>>results.tmp echo "">>results.tmp fi if [ -e $TEMPDIR/ripe.tmp ] then echo "">>results.tmp echo "#### RIPE database [whois] ####################">>results.tmp echo "">>results.tmp cat $TEMPDIR/ripe.tmp>>results.tmp echo "">>results.tmp fi if [ -e $TEMPDIR/auth.tmp ] then echo "">>results.tmp echo "###### Authentication methods ################">>results.tmp echo "">>results.tmp cat $TEMPDIR/auth.tmp>>results.tmp echo "">>results.tmp fi # # Generic section # echo "">>results.tmp echo "#### End of results dnsxplore ################">>results.tmp echo "">>results.tmp echo "##############################################">>results.tmp echo "#send your bugs & comments to faust92@gmx.net#">>results.tmp echo "##############################################">>results.tmp rm -f $TEMPDIR/*.tmp if [[ $STYLE == "DOMAIN" ]]; then mv results.tmp dnsxplore-$DOMAIN-results; fi if [[ $STYLE == "IP" ]]; then mv results.tmp dnsxplore-$IP-results; fi if [[ $RUNLESS == "1" && $STYLE == "DOMAIN" ]]; then less dnsxplore-$DOMAIN-results echo "==> results saved in "`pwd`"/"dnsxplore-$DOMAIN-results fi if [[ $RUNLESS == "1" && $STYLE == "IP" ]]; then less dnsxplore-$IP-results; echo "==> results saved in "`pwd`"/"dnsxplore-$IP-results fi } # End of functions --------- # create_dir are_we_up if [[ $STYLE == "IP" ]]; then process_ip fi if [[ $STYLE == "DOMAIN" ]]; then process_domain fi remove_dir exit 0