Find subdo + DNS Cache Poisoning

1. #!/bin/bash
2. # Tested on Ubuntu 16.04
3. # @Author : Zerobyte-id
4. # @Github : github.com/zerobyte-id
5.  
6. uagent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/75.0.3770.90 Chrome/75.0.3770.90 Safari/537.36";
7. rm -Rf tmp-domain.txt
8. # Find Subdomains
9. read -p "Input Domain >> " do;
10.  
11. curl -s "https://findsubdomains.com/search/subdomains?domain=${do}&page=1&per_page=100&domain=${do}" | sed 's/\\//g' | grep -Po '(?<=data-target=").*?(?=")' > tmp-domain.txt
12.  
13. # Checking domain
14. if [[ -z $(cat tmp-domain.txt) ]]; then
15.     echo "Kosong"
16. else
17.     for d in $(cat tmp-domain.txt);
18.     do
19.         # Checking DNS Cache Poisoning
20.         dnscp=$(curl -Ls -A "${uagent}" -m 3 -H "X-Forwarded-Host: zerobyte.id" "${d}")
21.         if [[ $dnscp =~ 'zerobyte.id' ]]; then
22.             echo "  ${d} => Vuln DNS Cache Poisoning"
23.             echo "${d}" >> vuln.txt
24.         else
25.             echo "  ${d} => Not Vuln"
26.         fi
27.     done
28. fi
29. rm -Rf tmp-domain.txt