Skip to content

Instantly share code, notes, and snippets.

@gothburz

gothburz/dns-zone-transfer.py

Created February 19, 2020 20:08
Show Gist options
  • Save gothburz/f9805f0b10637e69dcb887d3292abee3 to your computer and use it in GitHub Desktop.
Save gothburz/f9805f0b10637e69dcb887d3292abee3 to your computer and use it in GitHub Desktop.
Download ZIP
A simple function that takes a domain, finds NS records, resolves their IP, and attempts a DNS Zone Transfer with dnspython.
Raw
dns-zone-transfer.py
#!/bin/python3
# A Simple function that finds NS records, resolves their IP, and attempts a DNS Zone Transfer
import dns.zone
import dns.resolver
ns_servers = []
def dns_zone_xfer(address):
ns_answer = dns.resolver.query(address, 'NS')
for server in ns_answer:
print("[*] Found NS: {}".format(server))
ip_answer = dns.resolver.query(server.target, 'A')
for ip in ip_answer:
print("[*] IP for {} is {}".format(server, ip))
try:
zone = dns.zone.from_xfr(dns.query.xfr(str(ip), address))
for host in zone:
print("[*] Found Host: {}".format(host))
except Exception as e:
print("[*] NS {} refused zone transfer!".format(server))
continue
dns_zone_xfer('megacorpone.com')
@bigoper
Copy link

bigoper commented Dec 28, 2021

You're missing a simple instruction for requirements.txt in order to get this script running successsfuly.

pip install dnspython

@Emporeo
Copy link

Emporeo commented Jun 14, 2022

I've removed the deprecated messages and optimized the code a bit to use an arg instead of hardcoded domain. Maybe you want to update your code?

#!/bin/python3

A Simple function that finds NS records, resolves their IP, and attempts a DNS Zone Transfer

import dns.zone
import dns.resolver
import argparse

parser = argparse.ArgumentParser(description='Enter domain to parse and attempt a DNS Zone Transfer')
parser.add_argument("domain")
args = parser.parse_args()
print('Domain entered: ' + args.domain)

my_resolver = dns.resolver.Resolver()

ns_servers = []
def dns_zone_xfer(address):
ns_answer = my_resolver.resolve(address, 'NS')
for server in ns_answer:
print("[] Found NS: {}".format(server))
ip_answer = my_resolver.resolve(server.target, 'A')
for ip in ip_answer:
print("[] IP for {} is {}".format(server, ip))
try:
zone = dns.zone.from_xfr(dns.query.xfr(str(ip), address))
for host in zone:
print("[] Found Host: {}".format(host))
except Exception as e:
print("[] NS {} REFUSED ZONE TRANSFER!".format(server))
continue

dns_zone_xfer(args.domain)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment