Domain Scanner

itfrank · 2014-03-13T13:05:06.000Z

Description

This script find out all the hosts on your domain.
Use at your own risk!
Thanks to hunt3r972

Source Code

#!/bin/bash

echo
echo ' ______   _______  _______  _______ _________ _        _______  _______  _______  _        _        _______  _______ '
echo '(  __  \ (  ___  )(       )(  ___  )\__   __/( (    /|(  ____ \(  ____ \(  ___  )( (    /|( (    /|(  ____ \(  ____ )'
echo '| (  \  )| (   ) || () () || (   ) |   ) (   |  \  ( || (    \/| (    \/| (   ) ||  \  ( ||  \  ( || (    \/| (    )|'
echo '| |   ) || |   | || || || || (___) |   | |   |   \ | || (_____ | |      | (___) ||   \ | ||   \ | || (__    | (____)|'
echo '| |   | || |   | || |(_)| ||  ___  |   | |   | (\ \) |(_____  )| |      |  ___  || (\ \) || (\ \) ||  __)   |     __)'
echo '| |   ) || |   | || |   | || (   ) |   | |   | | \   |      ) || |      | (   ) || | \   || | \   || (      | (\ (   '
echo '| (__/  )| (___) || )   ( || )   ( |___) (___| )  \  |/\____) || (____/\| )   ( || )  \  || )  \  || (____/\| ) \ \__'
echo '(______/ (_______)|/     \||/     \|\_______/|/    )_)\_______)(_______/|/     \||/    )_)|/    )_)(_______/|/   \__/'
echo
echo "By 9H4C7K3R2 - v1.0"
echo "@ Script to list all alive hosts on a domain"
echo

# List sub domain and gives IP addresses

echo -n "[+] Website URL (ex: www.google.com): "
read url

while [[ $url == "" ]] # Testing if a website has been entered
do
    echo -n "[+] Website URL (ex: www.google.com): "
    read url
done

domaine=$(echo $url | sed -r 's/.*\.([^.]+\.[^.]+)$/\1/') # Picking domain
echo "[+] Searching Domain"

# Grabbing DNS
dns=$(whois $domaine | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sed '1d')
if [[ -z ${dns} ]]
then
    echo "[+] Impossible to find DNS ip address or domain"
    echo "[+] Exiting"
    exit
fi
whois $domaine | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sed '1d' > .dns
echo "[+] Grabbing DNS on domain $domaine"

i=1
dnsnb=$(wc -l .dns | sed -e 's/\.dns//') # Counting DNS

# Grabbing sub-domains
while ((i<=dnsnb))
do
    dns=$(cat .dns | sed -n "$i"p"")
    host -l $domaine $dns >> .fetchdomain
    ((i++))
done
echo "[+] Searching sub-domains"

# Taking IP addresses and deleting doubles
cat .fetchdomain | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > .allipadd
sort  .allipadd | uniq > .ipdomain
echo "[+] Grabbing IP addresses and cleaning list"

j=1
ipnb=$(wc -l .ipdomain | sed -e 's/\.ipdomain//') # Counting number of found IP address

# Ping Test and Printing results
echo "[+] Checking alive hosts - $ipnb IPs"
sleep 3
echo "[+] Result:"

while ((j<=ipnb))
do
    ip=$(cat .ipdomain | sed -n "$j"p"")
    ping -c 1 -W 1 $ip > .testip 

    result=$(cat .testip | grep -E -o '[0-9]{1,3}\% packet loss')

        if  [[ $result == "0% packet loss" ]]
        then
            echo "IP address $ip answered and belongs to domain $url"
        else
            cat .testip 2>&1 >/dev/null
        fi
((j++))
done

rm .dns
rm .fetchdomain 
rm .allipadd
rm .ipdomain
rm .testip