-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreliable-public-resolvers.sh
executable file
·65 lines (56 loc) · 2.41 KB
/
reliable-public-resolvers.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/bash
#
# Copyright (c) 2018 rootshellz - See LICENSE in this repository (MIT License)
#
# Check a list of hosts (candidates) for UDP DNS resolvers
# Not terribly invasive since each host comes from a public list
# and only receives a few packets (on UDP/53)
# Run: "sudo setcap CAP_NET_RAW+ep /usr/bin/masscan" to avoid the need for sudo on masscan
# Otherwise, fill this in with the path to sudo
SUDO=
PPS_RATE=2048
TIMEOUT=2
TEST_DOMAIN=linkedin.com
EXPECTED_IP=108.174.10.10
if [[ "$1" != "" ]]; then
RESOLVER_CANDIDATES_INPUT_FILE=$1
else
RESOLVER_CANDIDATES_INPUT_FILE="resolver_candidates.txt"
fi
echo "* Using candidates file: $RESOLVER_CANDIDATES_INPUT_FILE (with $(cat $RESOLVER_CANDIDATES_INPUT_FILE | sort -u | wc -l) candidates)"
if [[ "$2" != "" ]]; then
OUTPUT_DIRECTORY=$2
mkdir -p $OUTPUT_DIRECTORY
else
OUTPUT_DIRECTORY=$(mktemp -d)
fi
echo "* Output directory: $OUTPUT_DIRECTORY"
PORTSCAN_OUTPUT_FILE=$(mktemp -p $OUTPUT_DIRECTORY)
echo "* Port scan output file: $PORTSCAN_OUTPUT_FILE"
OPEN_RESOLVERS_OUTPUT_FILE=open_dns_resolvers-$(date +%F_%T).txt
echo "* Starting port scan"
$SUDO masscan -iL "$RESOLVER_CANDIDATES_INPUT_FILE" -p U:53 -oG "$PORTSCAN_OUTPUT_FILE" --rate "$PPS_RATE"
echo "* Completed port scan"
echo "* Testing resolution on $(cat $PORTSCAN_OUTPUT_FILE | grep open | wc -l) listening resolvers"
for CANDIDATE in $(cat $PORTSCAN_OUTPUT_FILE | grep open | cut -d" " -f2 | sort -uV); do
echo -n " Testing resolution on $CANDIDATE: "
dig -t a +time=${TIMEOUT} $TEST_DOMAIN @$CANDIDATE | grep $EXPECTED_IP 2>&1 1>/dev/null
if [ "$?" -eq "0" ]; then
if ! dig +noall +answer -t a +time=${TIMEOUT} myftpbad.${TEST_DOMAIN} @$CANDIDATE | grep IN | grep A 2>&1 1>/dev/null; then
echo "$CANDIDATE" >> "${OUTPUT_DIRECTORY}/${OPEN_RESOLVERS_OUTPUT_FILE}"
echo "good!"
else
echo "$CANDIDATE" >> "${OUTPUT_DIRECTORY}/hijackers.txt"
echo "hijacker!"
fi
else
echo "bad!"
fi
done
echo
echo "--- Results ---"
echo "* $(cat $RESOLVER_CANDIDATES_INPUT_FILE | sort -u | wc -l) candidates"
echo "* $(cat $PORTSCAN_OUTPUT_FILE | grep open | sort -u | wc -l) listening resolvers"
echo "* $(cat ${OUTPUT_DIRECTORY}/${OPEN_RESOLVERS_OUTPUT_FILE} | wc -l) reliable resolvers"
echo "* $(cat ${OUTPUT_DIRECTORY}/hijackers.txt | wc -l) hijackers"
echo "* See ${OUTPUT_DIRECTORY}/${OPEN_RESOLVERS_OUTPUT_FILE} for details"