daily pastebin goal
48%
SHARE
TWEET

digmeup.sh

a guest Feb 8th, 2019 70 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. #:::digmeup.sh | an open source, OSINT recon tool by Logan S. Diomedi - 2019:::
  3. #:::https://github.com/logansdiomedi/bash-recon-project/blob/master/digmeup.sh:::
  4. #Usage: ./digmeup.sh google.com
  5. #######################################################################
  6. ###Launch variables
  7. recondomain=$1
  8. #######################################################################
  9. ### Perform the dig and host commands:
  10. echo -e "Performing dig and host on the provided domain name...\n--------------------"
  11. host $recondomain >> /tmp/aresults.txt
  12. dig -t ns $recondomain >> /tmp/aresults.txt
  13.  
  14. ### Builds initial host data needed to perform next functions
  15. echo -e "Dig and Host command results:\n--------------------"
  16. cat /tmp/aresults.txt |grep $recondomain
  17.  
  18. ### Sets IP variable to the IP address for all four octets !!IMPORTANT!!
  19. ###
  20. fullip=$(cat /tmp/aresults.txt |grep "has address" | cut -d " " -f 4|cut -d"." -f 1,2,3,4)
  21. twofourip=$(cat /tmp/aresults.txt |grep "has address" | cut -d " " -f 4|cut -d"." -f 1,2,3)
  22. ### To-Do: Accept hosts with more than one A record registered to them (ex: sprint.com)
  23. ###
  24. echo -e "Host $recondomain has the IP address of $fullip\n--------------------"
  25. echo -e "The host most likely owns the /24 block - we'll do a reverse DNS on $twofourip...\n--------------------"
  26.  
  27. ### For loop to run reverse DNS lookup and then cleanup:::
  28. for ipblock in $(seq 1 254);do
  29.     host $twofourip.$ipblock >> /tmp/reversedns.txt &
  30. done
  31.  
  32. ### Parses data output from reverse DNS Lookup
  33. cat /tmp/reversedns.txt |grep pointer |sort |cut -d" " -f5,6,7,8,9 >> /tmp/reversedns24.txt
  34. echo -e "Here's your reverse DNS lookup on the /24:\n--------------------"
  35. cat /tmp/reversedns24.txt |sort -u
  36. echo -e "-----\n"
  37. echo -e "End of output for the reverse lookup on /24 range.\n--------------------"
  38.  
  39. ### WHOIS DNS + IP Address Lookup
  40. echo -e "WHOIS Records on the domain and IP of the domain:\n--------------------"
  41. whois $fullip >> /tmp/whoisip.txt
  42. whois $recondomain >> /tmp/whoisdns.txt
  43.  
  44. ### Sorting the WHOIS data to grab the NetRange and Org (usually the only information I like to grab at first...
  45. cat /tmp/whoisip.txt |grep Org |sort -u >> /tmp/whoisip1.txt && cat /tmp/whoisip1.txt |grep OrgTechEmail
  46. cat /tmp/whoisip.txt |grep Net
  47.  
  48. ### Formatting
  49. echo -e "\n--------------------"
  50. echo -e "End of IP WHOIS for $fullip: Be sure to take note of what range it covers!\n--------------------"
  51.  
  52. ### Display the DNS info - could be tweaked more....
  53. echo -e "Here's your WHOIS for the domain name $recondomain:\n--------------------"
  54. cat /tmp/whoisdns.txt |grep Server |sort -u
  55. cat /tmp/whoisdns.txt |grep Name |sort -u
  56. echo -e "\n--------------------"
  57.  
  58. ### Clean out /tmp###
  59. echo -e "Cleaning up some files...\n--------------------"
  60. rm /tmp/reversedns.txt
  61. rm /tmp/aresults.txt
  62. rm /tmp/reversedns24.txt
  63. rm /tmp/whoisip.txt
  64. rm /tmp/whoisip1.txt
  65. rm /tmp/whoisdns.txt
  66.  
  67. ### Cleanup output
  68. echo -e "Done! Displaying /tmp directory to ensure cleanup occurred - If you don't see any output, this means it was successful:\n--------------------"
  69. echo "Directory listing for /tmp: "
  70. ls -la /tmp |grep txt
  71.  
  72. ### Done!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top