digmeup.sh

1. #!/bin/bash
2. #:::digmeup.sh | an open source, OSINT recon tool by Logan S. Diomedi - 2019:::
3. #:::https://github.com/logansdiomedi/bash-recon-project/blob/master/digmeup.sh:::
4. #Usage: ./digmeup.sh google.com
5. #######################################################################
6. ###Launch variables
7. recondomain=$1
8. #######################################################################
9. ### Perform the dig and host commands:
10. echo -e "Performing dig and host on the provided domain name...\n--------------------"
11. host $recondomain >> /tmp/aresults.txt
12. dig -t ns $recondomain >> /tmp/aresults.txt
13.  
14. ### Builds initial host data needed to perform next functions
15. echo -e "Dig and Host command results:\n--------------------"
16. cat /tmp/aresults.txt |grep $recondomain
17.  
18. ### Sets IP variable to the IP address for all four octets !!IMPORTANT!!
19. ###
20. fullip=$(cat /tmp/aresults.txt |grep "has address" | cut -d " " -f 4|cut -d"." -f 1,2,3,4)
21. twofourip=$(cat /tmp/aresults.txt |grep "has address" | cut -d " " -f 4|cut -d"." -f 1,2,3)
22. ### To-Do: Accept hosts with more than one A record registered to them (ex: sprint.com)
23. ###
24. echo -e "Host $recondomain has the IP address of $fullip\n--------------------"
25. echo -e "The host most likely owns the /24 block - we'll do a reverse DNS on $twofourip...\n--------------------"
26.  
27. ### For loop to run reverse DNS lookup and then cleanup:::
28. for ipblock in $(seq 1 254);do
29.     host $twofourip.$ipblock >> /tmp/reversedns.txt &
30. done
31.  
32. ### Parses data output from reverse DNS Lookup
33. cat /tmp/reversedns.txt |grep pointer |sort |cut -d" " -f5,6,7,8,9 >> /tmp/reversedns24.txt
34. echo -e "Here's your reverse DNS lookup on the /24:\n--------------------"
35. cat /tmp/reversedns24.txt |sort -u
36. echo -e "-----\n"
37. echo -e "End of output for the reverse lookup on /24 range.\n--------------------"
38.  
39. ### WHOIS DNS + IP Address Lookup
40. echo -e "WHOIS Records on the domain and IP of the domain:\n--------------------"
41. whois $fullip >> /tmp/whoisip.txt
42. whois $recondomain >> /tmp/whoisdns.txt
43.  
44. ### Sorting the WHOIS data to grab the NetRange and Org (usually the only information I like to grab at first...
45. cat /tmp/whoisip.txt |grep Org |sort -u >> /tmp/whoisip1.txt && cat /tmp/whoisip1.txt |grep OrgTechEmail
46. cat /tmp/whoisip.txt |grep Net
47.  
48. ### Formatting
49. echo -e "\n--------------------"
50. echo -e "End of IP WHOIS for $fullip: Be sure to take note of what range it covers!\n--------------------"
51.  
52. ### Display the DNS info - could be tweaked more....
53. echo -e "Here's your WHOIS for the domain name $recondomain:\n--------------------"
54. cat /tmp/whoisdns.txt |grep Server |sort -u
55. cat /tmp/whoisdns.txt |grep Name |sort -u
56. echo -e "\n--------------------"
57.  
58. ### Clean out /tmp###
59. echo -e "Cleaning up some files...\n--------------------"
60. rm /tmp/reversedns.txt
61. rm /tmp/aresults.txt
62. rm /tmp/reversedns24.txt
63. rm /tmp/whoisip.txt
64. rm /tmp/whoisip1.txt
65. rm /tmp/whoisdns.txt
66.  
67. ### Cleanup output
68. echo -e "Done! Displaying /tmp directory to ensure cleanup occurred - If you don't see any output, this means it was successful:\n--------------------"
69. echo "Directory listing for /tmp: "
70. ls -la /tmp |grep txt
71.  
72. ### Done!