Skip to content

Instantly share code, notes, and snippets.

@bjuretko

bjuretko/getting_domain_a_records.md

Created June 3, 2018 16:21
Show Gist options
  • Save bjuretko/15f282da875ce482e64e571ced199104 to your computer and use it in GitHub Desktop.
Save bjuretko/15f282da875ce482e64e571ced199104 to your computer and use it in GitHub Desktop.
Download ZIP
Getting A-Records from a Domain
Raw
getting_domain_a_records.md

Was looking to a solution to generate zonefiles from DNS, but zone transfer (AXFR) does not work for secured dns. MX, TXT etc. can be collected with dig but not A-Records of subdomains. As these are mostly secured via https for our domains, you may get the information from certificate transparency logs.

Here’s the cmdline to get some subdomains with IP-Adresses:

curl -s -q "https://crt.sh/?q=%.${DOMAIN}&output=json" |  jq -a -M -r '.name_value' | xargs -n 1 host | sort -u
@bjuretko
Copy link
Author

bjuretko commented Jun 3, 2018

more advanced auditing tool here: https://github.com/aboul3la/Sublist3r

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment