Last active
November 5, 2021 09:34
-
-
Save VGostyuzhov/e12f8c86046058fb515a841a336da9b3 to your computer and use it in GitHub Desktop.
This script checks bunch of domains for DNS Zone Transfer vulnerability. Usage: python dns_axfr.py domains.txt where 'domains.txt' file with list of domains to scan. Requirements: pip install dnspython,termcolor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import dns.resolver | |
import dns.query | |
import dns.zone | |
import csv | |
from termcolor import colored | |
from pprint import pprint | |
resolver = dns.resolver.Resolver() | |
resolver.timeout = 5 | |
resolver.lifetime = 5 | |
BOLD = '\033[1m' | |
ENDBOLD = '\033[0m' | |
def check_axfr(source_file): | |
with open(source_file) as file, open('result_axfr_%s.xls' % source_file, 'wb') as csvfile: | |
csvwriter = csv.DictWriter(csvfile, ['ns', 'domain']) | |
csvwriter.writeheader() | |
for domain in file: | |
domain = domain.strip() | |
print colored(BOLD + 'Getting ns records for: %s' % domain + ENDBOLD, 'blue') | |
ns_list = [] | |
try: | |
answers = resolver.query(domain, 'ns') | |
except: | |
pass | |
else: | |
for ns in answers: | |
ns = ns.target.to_text() | |
print 'Trying to perform Zone Transfer for ns: %s' % ns | |
try: | |
dns.zone.from_xfr(dns.query.xfr(ns, domain, timeout=5, lifetime=5)) | |
except: | |
pass | |
else: | |
csvwriter.writerow({'ns': ns, 'domain': domain}) | |
print colored(BOLD + "Zone transfer successful! NS: %s Domain: %s" % (ns, domain) + ENDBOLD, 'green') | |
def main(): | |
source_file = sys.argv[1] | |
check_axfr(source_file) | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment