Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 74 lines (62 sloc) 3.18 KB
#!/bin/bash
#:::digmeup.sh | an open source, OSINT recon tool by Logan S. Diomedi - https://lsdsecurity.com 2019:::
#:::https://lsdsecurity.com/2019/02/digmeup-a-very-quick-and-simple-enumeration-tool-written-in-bash-for-recon/
#:::https://github.com/logansdiomedi/bash-recon-project/blob/master/digmeup.sh:::
#Usage: ./digmeup.sh google.com
#######################################################################
###Launch variables
recondomain=$1
#######################################################################
### Perform the dig and host commands:
echo -e "Performing dig and host on the provided domain name...\n--------------------"
host $recondomain >> /tmp/aresults.txt
dig -t ns $recondomain >> /tmp/aresults.txt
### Builds initial host data needed to perform next functions
echo -e "Dig and Host command results:\n--------------------"
cat /tmp/aresults.txt |grep $recondomain
### Sets IP variable to the IP address for all four octets !!IMPORTANT!!
###
fullip=$(cat /tmp/aresults.txt |grep "has address" | cut -d " " -f 4|cut -d"." -f 1,2,3,4)
twofourip=$(cat /tmp/aresults.txt |grep "has address" | cut -d " " -f 4|cut -d"." -f 1,2,3)
### To-Do: Accept hosts with more than one A record registered to them (ex: sprint.com)
###
echo -e "Host $recondomain has the IP address of $fullip\n--------------------"
echo -e "The host most likely owns the /24 block - we'll do a reverse DNS on $twofourip.1/24...\n--------------------"
### For loop to run reverse DNS lookup and then cleanup:::
for ipblock in $(seq 1 254);do
host $twofourip.$ipblock >> /tmp/reversedns.txt &
done
### Parses data output from reverse DNS Lookup
cat /tmp/reversedns.txt |grep pointer |sort |cut -d" " -f5,6,7,8,9 >> /tmp/reversedns24.txt
echo -e "Here's your reverse DNS lookup on the /24:\n--------------------"
cat /tmp/reversedns24.txt |sort -u
echo -e "-----\n"
echo -e "End of output for the reverse lookup on /24 range.\n--------------------"
### WHOIS DNS + IP Address Lookup
echo -e "WHOIS Records on the domain and IP of the domain:\n--------------------"
whois $fullip >> /tmp/whoisip.txt
whois $recondomain >> /tmp/whoisdns.txt
### Sorting the WHOIS data to grab the NetRange and Org (usually the only information I like to grab at first...
cat /tmp/whoisip.txt |grep Org |sort -u >> /tmp/whoisip1.txt && cat /tmp/whoisip1.txt |grep OrgTechEmail
cat /tmp/whoisip.txt |grep Net
### Formatting
echo -e "\n--------------------"
echo -e "End of IP WHOIS for $fullip: Be sure to take note of what range it covers!\n--------------------"
### Display the DNS info - could be tweaked more....
echo -e "Here's your WHOIS for the domain name $recondomain:\n--------------------"
cat /tmp/whoisdns.txt |grep Server |sort -u
cat /tmp/whoisdns.txt |grep Name |sort -u
echo -e "\n--------------------"
### Clean out /tmp###
echo -e "Cleaning up some files...\n--------------------"
rm /tmp/reversedns.txt
rm /tmp/aresults.txt
rm /tmp/reversedns24.txt
rm /tmp/whoisip.txt
rm /tmp/whoisip1.txt
rm /tmp/whoisdns.txt
### Cleanup output
echo -e "Done! Displaying /tmp directory to ensure cleanup occurred - If you don't see any output, this means it was successful:\n--------------------"
echo "Directory listing for /tmp: "
ls -la /tmp |grep txt
### Done!