PHP DNS AMP SCANNER BY SYNTHMESC [CONSOLE VERSION]

1. <?php
2.  
3. $file = "dnsservers.txt";
4.  
5. $handle = fopen($file, "r");
6. if ($handle) {
7.     while (($server = fgets($handle)) !== false) {
8.         $server = str_replace("\n", "", $server); //remove trailing \n
9.         checkForRecursion($server);
10.     }
11.  
12.     fclose($handle);
13. } else {
14.     // error opening the file.
15.     echo "Failed to open file $file\n";
16.     die;
17. }
18.  
19.  
20. function checkForRecursion($target) {
21.     $request = "\xde\xad"; // Transaction-ID 0xdead
22.     $request .= "\x01\x00"; // flags (recursion desired)
23.     $request .= "\x00\x01"; // 1 question
24.     $request .= "\x00\x00"; // 0 answers
25.     $request .= "\x00\x00"; // 0 authority
26.     $request .= "\x00\x00"; // 0 additional
27.     $request .= "\x03www\x09wikipedia\x03org\x00"; // www.wikipedia.org
28.     $request .= "\x00\x01"; // type A
29.     $request .= "\x00\x01"; // class IN
30.  
31.     $sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
32.  
33.     socket_set_option($sock,SOL_SOCKET,SO_RCVTIMEO,array("sec"=>0,"usec"=>500000));
34.  
35.     $len = strlen($request);
36.     $port = 53;
37.     socket_sendto($sock, $request, $len, 0, $target, $port);
38.     $r = socket_recvfrom($sock, $response, 1024, 0, $target, $port);
39.  
40.     if ($response[3] == "\x80") {
41.         echo "[+] Recursion appears to be enabled on $target!\n";
42.         $logfile="recursive.txt";
43.         $fp = fopen($logfile, "a") or die("Unable to open file!");  fwrite($fp, $target . "\r\n") or die("Unable to write to file!");
44.         fflush($fp);
45. fclose($fp);
46.         return true;
47.     } else if ($response == "") {
48.         echo "[-] No response from $target.\n";
49.         return false;
50.     } else {
51.         echo "[-] Recursion appears to be disabled on $target.\n";
52.         return false;
53.     }
54.     socket_close($sock);
55. }
56. ?>