Shell script for testing DNS zone transfer misconfiguration .
Details of the problem and how to fix it, can be found here: https://www.us-cert.gov/ncas/alerts/TA15-103A
-
Clone the repository using git or download it manually
-
Unzip the repository and set the execution permission to the script:
$chmod +x DNSaxfr.sh
- Execute the script using the syntax as follows
Usage:
The syntax is very simple:
./DNSaxfr.sh [OPTION...][DOMAIN...]
- 0 Arguments:
The script reads from stdin and writes on stdout, it takes one domain to test per line.
- 1+ Arguments:
The script tests every domain specified as argument.
Options:
-b Batch mode, makes the output readable when saved in a file"
-h Display the help and exit"
-i Interactive mode"
-r Test recursively every subdomain of a vulnerable domain"
-z Save the zone transfer in a directory named as the domain vulnerable in the following form: domain_axfr.log"
andrea@Workstation:~/Desktop$ ./DNSaxfr.sh -rz unito.it
DOMAIN unito.it: albert.unito.it. VULNERABLE!
DOMAIN unito.it: dns.unito.it. moebius.to.infn.it. NOT VULNERABLE!
|--DOMAIN ac.unito.it.: albert.unito.it. VULNERABLE!
| DOMAIN ac.unito.it.: dns.unito.it. NOT VULNERABLE!
|--DOMAIN agraria.unito.it.: albert.unito.it. VULNERABLE!
| DOMAIN agraria.unito.it.: dns.unito.it. NOT VULNERABLE!
|--DOMAIN agriinnova.unito.it.: albert.unito.it. VULNERABLE!
| DOMAIN agriinnova.unito.it.: dns.unito.it. NOT VULNERABLE!
...
Written by Andrea 'cybernova' Dari and licensed under GNU GPL v2.0
If you have found this script useful I gladly accept donations, also symbolic through Paypal: