DNS Scanner
From Kyle's Wiki
This tool enumerates a domain and creates a graph
#!/bin/bash DOMAIN=xkyle.com. LEVELS=`echo $DOMAIN | grep -o "\." | wc -l ` let LEVELS=$LEVELS function query { local LEVEL=$1 local NEXTLEVEL=1 let NEXTLEVEL=$LEVEL-1 local WHOTOASK=$2 if [ $LEVEL -ne 0 ]; then #local LEVEL=`echo $D | grep -o "\." | wc -l` local PLACEHOLDER=1 let PLACEHOLDER=$LEVEL local NS=`echo $DOMAIN | cut -f $LEVEL-$LEVELS -d .` if [ "$NS" = "" ]; then NS=66.118.170.2 fi if [ $NEXTLEVEL -eq 0 ]; then local NEXTNS=$DOMAIN else local NEXTNS=`echo $DOMAIN | cut -f $NEXTLEVEL-$LEVELS -d .` fi for EACH in `dig +noall +authority @$WHOTOASK $NEXTNS | awk '{ print $5; }' | sort | head -n 4` do #echo '#' Asking $EACH about $NEXTNS echo "$WHOTOASK -> $EACH (Domain: $NEXTNS) " query $NEXTLEVEL $EACH done fi } #SERVERS=`dig +short` #NEXT=`echo $DOMAIN | cut -f 1 -d .` for EACH in `dig +short | sort | head -n 4` do query $LEVELS $EACH done