Created
May 11, 2018 12:47
-
-
Save paulka/3501a172edc357a79a37c3fd5809ac4f to your computer and use it in GitHub Desktop.
For a given domain name, Guess a few sub domains and query if they exist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e; | |
COMMON_SUBDOMAINS="404 account admin affiliate alpha aws amazon api assets beta blob blobs blog cdn clone corp data demo dev dump downloads download edge en error export exports external external files file firewall ftp free holding home images imap import imports internal intra intranet kodi local log logs logo login mail marketing media mobile my myaccount mx nas net office op ops order orders partner partners photos pictures pop pos portal redirect remote s3 shop smtp ssh stage static store support test testing track tracking training upload video vpn web webmail www xxx" | |
EXTENDED="" | |
while :; do case $1 in | |
--) shift; break ;; | |
-x) EXTENDED=y; shift ;; | |
-s) NS="$2"; shift 2 ;; | |
*) break ;; | |
esac; done | |
DOM="$1"; shift | |
TYPE="${1:-any}" | |
echo '$DOM='$DOM | |
test "${NS:-}" || NS=$(dig +short SOA "$DOM" | awk '{print $1}') | |
test "$NS" && NS="@$NS" | |
#NS='@1.1.1.1' | |
echo '$NS='$NS | |
if [ ${#NS} -gt 1 ] ; then | |
if test "$EXTENDED"; then | |
dig +nocmd $NS "$DOM" +noall +answer "$TYPE" | |
wild_ips=$(dig +short "$NS" "*.$DOM" "$TYPE" | tr '\n' '|') | |
wild_ips="${wild_ips%|}" | |
#echo '${#wild_ips}='${#wild_ips} | |
if [ ${#wild_ips} -gt 0 ] | |
then | |
echo 'Wild IP Found:' $wild_ips | |
else | |
echo 'No Wild IP Detected.' | |
wild_ips='none' | |
fi | |
#echo 'wild_ips='$wild_ips | |
for sub in $COMMON_SUBDOMAINS; do | |
#dig +nocmd $NS "$sub.$DOM" +noall +answer "$TYPE" | |
dig +nocmd $NS "$sub.$DOM" +noall +answer "CNAME" & | |
dig +nocmd $NS "$sub.$DOM" +noall +answer "A" & | |
dig +nocmd $NS "$sub.$DOM" +noall +answer "AAAA" & | |
done | grep -vE "${wild_ips}" | |
dig +nocmd $NS "*.$DOM" +noall +answer "CNAME" | |
dig +nocmd $NS "*.$DOM" +noall +answer "A" | |
dig +nocmd $NS "*.$DOM" +noall +answer "AAAA" | |
else | |
dig +nocmd $NS "$DOM" +noall +answer "$TYPE" | |
fi | |
else | |
echo 'No valid Nameserver found. Non-existant domain?' | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment