Skip to content

Instantly share code, notes, and snippets.

@borchsenius

borchsenius/dns-report.sh

Last active December 18, 2019 14:36
Show Gist options
  • Save borchsenius/7abc99269716c968cfe0335a11c5905d to your computer and use it in GitHub Desktop.
Save borchsenius/7abc99269716c968cfe0335a11c5905d to your computer and use it in GitHub Desktop.
Download ZIP
Script for doing various domain queries i.e. http get, a, mx spf, dmarc and DNSsec for a list of domains and generate a csv-report-file.
Raw
dns-report.sh
#!/bin/bash
# ▛ ▜
# The dns-report script takes a file containing a list of domainnames and does a suite of DNS queries for each.
# HTTP GET
# DNS A and MX record
# DNS TXT spf & _dmarc record
# DNSKEY used when enabling DNSsec.
# Link to DNSsec validation via verisign-labs
#
# usage $ dns-report.sh a_file_with_domains
#
# a_file_with_domains
# google.com
# internetstiftelsen.se
# facebook.com
# amazon.com
# digst.dk
# linkedin.com
# ▙ ▟
input=$1
if [[ ! -f "$1" ]]; then
echo "Argument one should be an existing file with a list of domainnames separated with a newline" 1>&2
exit 1
fi
echo "▛ ____ _ _ ____ ____ _ ▜";
echo " | _ \| \ | / ___| | _ \ ___ _ __ ___ _ __| |_ ";
echo " | | | | \| \___ \ _____| |_) / _ \ '_ \ / _ \| '__| __|";
echo " | |_| | |\ |___) |_____| _ < __/ |_) | (_) | | | |_ ";
echo " |____/|_|_\_|____/_____ |_| \_\___| .__/ \___/|_| \__|";
echo " / ___|| _ \| ___| |_| ";
echo " ____\___ \| |_) | |_ ";
echo " |_____|__) | __/| _| ";
echo " |____/|_|_ |_| _ ____ ____ ";
echo " | _ \| \/ | / \ | _ \ / ___| ";
echo " _____| | | | |\/| | / _ \ | |_) | | ";
echo " |_____| |_| | | | |/ ___ \| _ <| |___ ";
echo " |____/|_| |_/_/_ \_\_| \_\\____| ";
echo " | _ \| \ | / ___| ___ ___ ___ ";
echo " _____| | | | \| \___ \/ __|/ _ \/ __| ";
echo " |_____| |_| | |\ |___) \__ \ __/ (__ ";
echo " |____/|_| \_|____/|___/\___|\___| ";
echo "▙ ▟";
now=$(date +"%Y_%m_%d-%H_%M")
_filename="dns_report_$now.csv"
echo "Domain,HTTP-GET,A-record,MX-record,TXT-spf-record,TXT-_dmarc,DNSsec,DNSsec_verisign-validator" >> "$_filename"
while IFS= read -r domainname
do
http_get=`curl --max-time 10 -I $domainname | head -1 `
dmarc=`dig -t TXT "_dmarc."$domainname +short`
spf=`dig -t TXT $domainname +short | grep spf`
rrsig=`dig +dnssec $domainname @8.8.8.8 | grep RRSIG`
a_records=`dig $domainname +short`
mx_records=`host -t mx $domainname`
http_printable="$(echo -e "${http_get}"| tr '[:space:]' '_' | tr -d '\n' )"
dmarc_printable="$(echo -e "${dmarc}" | tr -d '[:space:]' | tr '\n' ' ')"
rrsig_printable="$(echo -e "${rrsig}" | tr -d '[:space:]' | tr '\n' ' ')"
spf_printable="$(echo -e "${spf}" | tr '\n' ' ')"
mx_printable="$(echo -e "${mx_records}" | tr '\n' ' ')"
a_records_printable="$(echo -e "${a_records}" | tr '[:space:]' '_' | tr -s '\n' '-' )"
hyperlink="https://dnssec-analyzer.verisignlabs.com/$domainname"
echo "$domainname, $http_printable, ${a_records_printable:-not used}, ${mx_printable:-no mail}, $spf_printable, $dmarc_printable, $hyperlink, $rrsig_printable"
echo "$domainname, ""$http_printable"", ""${a_records_printable:-not used}"", ""${mx_printable:-no mail}"",""$spf_printable"",""$dmarc_printable"",""$rrsig_printable"",""$hyperlink"" " >> "$_filename"
done < "$input"
echo "--- see report file $_filename for details"
# open $_filename
Raw
sample-domains
google.com
internetstiftelsen.se
facebook.com
amazon.com
digst.dk
linkedin.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment