ponfertato · April 2, 2026 08:53
diff --git a/dns_recursion_scanner.sh b/dns_recursion_scanner.sh
 #!/usr/bin/env bash
 # DNS Recursion Scanner: --log

 set -e

 read -p "🌐 Domain: " INPUT; [[ -z "$INPUT" ]] && exit 1
 read -p "🔍 Test [google.com]: " TD; TD="${TD:-google.com}"
 [[ "${1:-}" == "-l" || "${1:-}" == "--log" ]] && LF="dns_$(date +%s).txt"

 if [[ $EUID -ne 0 ]]; then
    echo "⚠️ UDP scan requires root"
    if sudo -v 2>/dev/null; then
        SUDO="sudo"
    else
        echo "❌ Run with sudo or set: sudo setcap cap_net_raw+ep \$(which nmap)"
        exit 1
    fi
 else
    SUDO=""
 fi

 if [[ ! "$INPUT" =~ ^[0-9.]+$ ]]; then
    TIP=$(nslookup "$INPUT" 2>/dev/null | awk '/^Address: / && !/#/ {print $2}' | head -1)
    [[ -z "$TIP" ]] && TIP=$(dig +short "$INPUT" 2>/dev/null | grep -E '^[0-9.]+$' | head -1)
    [[ -z "$TIP" ]] && { echo "❌ Can't resolve $INPUT"; exit 1; }
 else
    TIP="$INPUT"
 fi
 echo "✅ IP: $TIP"

 ROUTE=$(whois "$TIP" 2>/dev/null | grep -Ei "^route:|^inetnum:|^CIDR:" | grep -oE "[0-9./]+" | head -1)
 if [[ "$ROUTE" =~ / ]]; then
    SUB="$ROUTE"; PREFIX="${ROUTE#*/}"; TOTAL=$((2**(32-PREFIX)))
 else
    SUB="${TIP%.*}.0/24"; TOTAL=256
 fi
 echo "🌐 Subnet: $SUB (~$TOTAL)"

 TT=$(mktemp)
 echo "⚡ Scanning UDP/53..."
 $SUDO nmap -sU -p 53 --open -Pn --host-timeout 200ms -T4 "$SUB" 2>/dev/null | \
    grep "Nmap scan report for" | sed 's/.*for //' | sed 's/ .*//' > "$TT"

 FOUND=$(wc -l < "$TT" | tr -d ' '); FOUND=${FOUND:-0}
 echo "📊 Found: $FOUND open/53 • $((TOTAL-FOUND)) filtered"

 [[ "$FOUND" -eq 0 ]] && { echo "🧪 No targets. Exit."; rm -f "$TT"; exit 0; }

 echo "🧪 Testing recursion..."
 OC=0; RC=0

 while IFS= read -r IP; do
    [[ -z "$IP" ]] && continue
    if nslookup -timeout=1 "$TD" "$IP" >/dev/null 2>&1; then
        echo "[OPEN] $IP"; [[ -n "$LF" ]] && echo "[OPEN] $IP" >> "$LF"; OC=$((OC+1))
    else
        echo "[REFUSED] $IP"; RC=$((RC+1))
    fi
 done < "$TT"

 rm -f "$TT"
 echo -e "\n📊 === RESULT ==="
 echo "Open: $OC • Refused: $RC"
 [[ -n "$LF" ]] && echo "💾 $LF"
	#!/usr/bin/env bash
	# DNS Recursion Scanner: --log

	set -e

	read -p "🌐 Domain: " INPUT; [[ -z "$INPUT" ]] && exit 1
	read -p "🔍 Test [google.com]: " TD; TD="${TD:-google.com}"
	[[ "${1:-}" == "-l" \|\| "${1:-}" == "--log" ]] && LF="dns_$(date +%s).txt"

	if [[ $EUID -ne 0 ]]; then
	echo "⚠️ UDP scan requires root"
	if sudo -v 2>/dev/null; then
	SUDO="sudo"
	else
	echo "❌ Run with sudo or set: sudo setcap cap_net_raw+ep \$(which nmap)"
	exit 1
	fi
	else
	SUDO=""
	fi

	if [[ ! "$INPUT" =~ ^[0-9.]+$ ]]; then
	TIP=$(nslookup "$INPUT" 2>/dev/null \| awk '/^Address: / && !/#/ {print $2}' \| head -1)
	[[ -z "$TIP" ]] && TIP=$(dig +short "$INPUT" 2>/dev/null \| grep -E '^[0-9.]+$' \| head -1)
	[[ -z "$TIP" ]] && { echo "❌ Can't resolve $INPUT"; exit 1; }
	else
	TIP="$INPUT"
	fi
	echo "✅ IP: $TIP"

	ROUTE=$(whois "$TIP" 2>/dev/null \| grep -Ei "^route:\|^inetnum:\|^CIDR:" \| grep -oE "[0-9./]+" \| head -1)
	if [[ "$ROUTE" =~ / ]]; then
	SUB="$ROUTE"; PREFIX="${ROUTE#/}"; TOTAL=$((2*(32-PREFIX)))
	else
	SUB="${TIP%.*}.0/24"; TOTAL=256
	fi
	echo "🌐 Subnet: $SUB (~$TOTAL)"

	TT=$(mktemp)
	echo "⚡ Scanning UDP/53..."
	$SUDO nmap -sU -p 53 --open -Pn --host-timeout 200ms -T4 "$SUB" 2>/dev/null \| \
	grep "Nmap scan report for" \| sed 's/.for //' \| sed 's/ .//' > "$TT"

	FOUND=$(wc -l < "$TT" \| tr -d ' '); FOUND=${FOUND:-0}
	echo "📊 Found: $FOUND open/53 • $((TOTAL-FOUND)) filtered"

	[[ "$FOUND" -eq 0 ]] && { echo "🧪 No targets. Exit."; rm -f "$TT"; exit 0; }

	echo "🧪 Testing recursion..."
	OC=0; RC=0

	while IFS= read -r IP; do
	[[ -z "$IP" ]] && continue
	if nslookup -timeout=1 "$TD" "$IP" >/dev/null 2>&1; then
	echo "[OPEN] $IP"; [[ -n "$LF" ]] && echo "[OPEN] $IP" >> "$LF"; OC=$((OC+1))
	else
	echo "[REFUSED] $IP"; RC=$((RC+1))
	fi
	done < "$TT"

	rm -f "$TT"
	echo -e "\n📊 === RESULT ==="
	echo "Open: $OC • Refused: $RC"
	[[ -n "$LF" ]] && echo "💾 $LF"
No results found