mdaxfr- Mass DNS AXFR |
| git clone git://git.acid.vegas/mdaxfr.git |
| Log | Files | Refs | Archive | README | LICENSE |
mdaxfr.py (7663B)
1 #!/usr/bin/env python 2 # Mass DNS AXFR - developed by acidvegas in python (https://git.acid.vegas/mdaxfr) 3 4 import logging 5 import os 6 import re 7 import urllib.request 8 9 try: 10 import dns.rdatatype 11 import dns.query 12 import dns.zone 13 import dns.resolver 14 except ImportError: 15 raise SystemExit('missing required \'dnspython\' module (pip install dnspython)') 16 17 18 # Colours 19 BLUE = '\033[1;34m' 20 CYAN = '\033[1;36m' 21 GREEN = '\033[1;32m' 22 GREY = '\033[1;90m' 23 PINK = '\033[1;95m' 24 PURPLE = '\033[0;35m' 25 RED = '\033[1;31m' 26 YELLOW = '\033[1;33m' 27 RESET = '\033[0m' 28 29 30 def attempt_axfr(domain: str, nameserver: str, nameserver_ip: str): 31 ''' 32 Request a zone transfer from a nameserver on a domain. 33 34 :param domain: The domain to perform the zone transfer on. 35 :param nameserver: The nameserver to perform the zone transfer on. 36 :param nameserver_ip: The IP address of the nameserver. 37 ''' 38 39 print(f' {YELLOW}Attempting AXFR for {CYAN}{domain}{RESET} on {PURPLE}{nameserver} {GREY}({nameserver_ip}){RESET}') 40 41 zone = dns.zone.from_xfr(dns.query.xfr(nameserver_ip, domain)) 42 43 record_count = sum(len(node.rdatasets) for node in zone.nodes.values()) 44 45 print(f' {GREEN}AXFR successful for {CYAN}{domain}{RESET} on {PURPLE}{nameserver} {GREY}({nameserver_ip}){RESET} - {record_count:,} records') 46 47 with open(os.path.join('axfrout', f'{domain}_{nameserver}_{nameserver_ip}.log'), 'w') as file: 48 file.write(zone.to_text()) 49 50 51 def get_nameservers(domain: str) -> list: 52 ''' 53 Generate a list of the root nameservers. 54 55 :param target: The target domain to get the nameservers for. 56 ''' 57 58 ns_records = dns.resolver.resolve(domain, 'NS', lifetime=30) 59 nameservers = [str(rr.target)[:-1] for rr in ns_records] 60 61 return nameservers 62 63 64 def get_root_tlds(output_dir: str) -> list: 65 ''' 66 Get the root TLDs from a root nameservers. 67 68 :param output_dir: The output directory to use. 69 ''' 70 rndroot = [root for root in os.listdir(output_dir) if root.endswith('.root-servers.net.txt')] 71 if rndroot: 72 rndroot_file = rndroot[0] # Take the first file from the list 73 tlds = sorted(set([item.split()[0][:-1] for item in open(os.path.join(root_dir, rndroot_file)).read().split('\n') if item and 'IN' in item and 'NS' in item])) 74 else: 75 logging.warning('Failed to find root nameserver list...fallback to using IANA list') 76 tlds = urllib.request.urlopen('https://data.iana.org/TLD/tlds-alpha-by-domain.txt').read().decode('utf-8').lower().split('\n')[1:] 77 return tlds 78 79 80 def get_psl_tlds() -> list: 81 '''Download the Public Suffix List and return its contents.''' 82 data = urllib.request.urlopen('https://publicsuffix.org/list/public_suffix_list.dat').read().decode() 83 domains = [] 84 for line in data.split('\n'): 85 if line.startswith('//') or not line: 86 continue 87 if '*' in line or '!' in line: 88 continue 89 if '.' not in line: 90 continue 91 domains.append(line) 92 return domains 93 94 95 def resolve_nameserver(nameserver: str) -> list: 96 ''' 97 Resolve a nameserver to its IP address. 98 99 :param nameserver: The nameserver to resolve. 100 ''' 101 102 data = [] 103 104 for version in ('A', 'AAAA'): 105 data.extend([ip.address for ip in dns.resolver.resolve(nameserver, version, lifetime=30)]) 106 107 return data 108 109 110 def process_domain(domain: str): 111 domain = re.sub(r'^https?://|^(www\.)|(/.*$)', '', domain) 112 113 print(f'{PINK}Looking up nameservers for {CYAN}{domain}{RESET}') 114 115 try: 116 nameservers = get_nameservers(domain) 117 except Exception as ex: 118 print(f' {RED}Error resolving nameservers for {CYAN}{domain} {GREY}({ex}){RESET}') 119 return 120 121 if not nameservers: 122 print(f' {GREY}No nameservers found for {CYAN}{domain}{RESET}') 123 return 124 125 print(f' {BLUE}Found {len(nameservers):,} nameservers for {CYAN}{domain}{RESET}') 126 127 for nameserver in nameservers: 128 print(f' {PINK}Looking up IP addresses for {PURPLE}{nameserver}{RESET}') 129 130 try: 131 nameserver_ips = resolve_nameserver(nameserver) 132 except Exception as ex: 133 print(f' {RED}Error resolving IP addresses for {PURPLE}{nameserver} {GREY}({ex}){RESET}') 134 continue 135 136 if not nameserver_ips: 137 print(f' {GREY}No IP addresses found for {PURPLE}{nameserver}{RESET}') 138 continue 139 140 print(f' {BLUE}Found {len(nameserver_ips):,} IP addresses for {PURPLE}{nameserver}{RESET}') 141 142 for nameserver_ip in nameserver_ips: 143 try: 144 attempt_axfr(domain, nameserver, nameserver_ip) 145 except Exception as e: 146 print(f' {RED}Error performing AXFR for {CYAN}{domain}{RESET} on {PURPLE}{nameserver} {GREY}({nameserver_ip}){RESET} - {e}{RESET}') 147 148 149 150 if __name__ == '__main__': 151 import argparse 152 import concurrent.futures 153 import sys 154 155 parser = argparse.ArgumentParser(description='Mass DNS AXFR') 156 parser.add_argument('-d', '--domain', type=str, help='domain to perform AXFR on') 157 parser.add_argument('-i', '--input', type=str, help='input file') 158 parser.add_argument('-t', '--tlds', action='store_true', help='Perform AXFR on all TLDs') 159 parser.add_argument('-p', '--psl', action='store_true', help='use the Public Suffix List') 160 parser.add_argument('-c', '--concurrency', type=int, default=30, help='maximum concurrent tasks') 161 parser.add_argument('-o', '--output', dest='output_dir', type=str, default='axfrout', help='output directory') 162 args = parser.parse_args() 163 164 logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s') 165 166 # Create output directories 167 os.makedirs(args.output_dir, exist_ok=True) 168 root_dir = os.path.join(args.output_dir, 'root') 169 os.makedirs(root_dir, exist_ok=True) 170 171 # Set DNS timeout 172 dns.resolver._DEFAULT_TIMEOUT = 30 173 174 with concurrent.futures.ThreadPoolExecutor(max_workers=args.concurrency) as executor: 175 if args.domain: 176 # Single domain mode 177 process_domain(args.domain) 178 179 elif args.input: 180 # Input file mode 181 try: 182 with open(args.input, 'r') as f: 183 domains = [line.strip() for line in f if line.strip()] 184 futures = [executor.submit(process_domain, domain) for domain in domains] 185 for future in concurrent.futures.as_completed(futures): 186 try: 187 future.result() 188 except Exception as e: 189 logging.error(f'Error processing domain: {e}') 190 except FileNotFoundError: 191 logging.error(f'Input file not found: {args.input}') 192 sys.exit(1) 193 194 elif args.tlds: 195 # TLD mode 196 logging.info('Fetching root nameservers...') 197 # First get root nameservers 198 for root in get_nameservers('.'): 199 try: 200 attempt_axfr('', root, os.path.join(root_dir, f'{root}.txt')) 201 except Exception as e: 202 logging.error(f'Error processing root nameserver {root}: {e}') 203 204 # Then process TLDs 205 logging.info('Processing TLDs...') 206 tlds = get_root_tlds(root_dir) 207 futures = [] 208 for tld in tlds: 209 try: 210 nameservers = get_nameservers(tld) 211 for ns in nameservers: 212 futures.append(executor.submit(process_domain, tld)) 213 except Exception as e: 214 logging.error(f'Error processing TLD {tld}: {e}') 215 216 for future in concurrent.futures.as_completed(futures): 217 try: 218 future.result() 219 except Exception as e: 220 logging.error(f'Error in TLD task: {e}') 221 222 elif args.psl: 223 # PSL mode 224 logging.info('Fetching PSL domains...') 225 psl_dir = os.path.join(args.output_dir, 'psl') 226 os.makedirs(psl_dir, exist_ok=True) 227 228 domains = get_psl_tlds() 229 futures = [] 230 for domain in domains: 231 try: 232 futures.append(executor.submit(process_domain, domain)) 233 except Exception as e: 234 logging.error(f'Error processing PSL domain {domain}: {e}') 235 236 for future in concurrent.futures.as_completed(futures): 237 try: 238 future.result() 239 except Exception as e: 240 logging.error(f'Error in PSL task: {e}') 241 242 else: 243 parser.print_help() 244 sys.exit(1)