#!/bin/bash

# nothink.org

# settings
DNS_SERVER='8.8.8.8'
DIG='/usr/bin/dig'
WHOIS='/usr/bin/whois'
KEYWORDS=("admin" "adsl" "backup" "bck" "blog" "dns" "firewall" "fw" "internet" "intranet" "ldap" "mail" "master" "mx" "ns" "ns1" "ns2" "primary" "secondary" "server" "slave" "test" "web" "webadmin" "webmail" "www")
DELAY=2

trap ctrl_c INT

function ctrl_c(){
	exit 1
}

if [ $# -lt 1 ]; then
	echo "Usage   : $0 <domain>"
	echo "Example : $0 <nothink.org>"
	exit 1
fi

DOMAIN=$1

echo -e "\e[34m[*] Whois" ; echo -e "\e[0m"
WRES="$($WHOIS $DOMAIN | grep Registrant)"
echo -e "$WRES\n"

echo -e "\e[34m[*] DNS reverse" ; echo -e "\e[0m"
DNS1="$($DIG -x @$DNS_SERVER +short $DOMAIN)"
echo -e "$DNS1\n"

echo -e "\e[34m[*] DNS NS record" ; echo -e "\e[0m"
DNS2="$($DIG @$DNS_SERVER $DOMAIN NS | grep NS | grep -v ";")"
echo -e "$DNS2\n"

echo -e "\e[34m[*] DNS MX record" ; echo -e "\e[0m"
DNS3="$($DIG @$DNS_SERVER $DOMAIN MX | grep MX | grep -v ";")"
echo -e "$DNS3\n"

echo -e "\e[34m[*] DNS ANY record" ; echo -e "\e[0m"
DNS4="$($DIG @$DNS_SERVER $DOMAIN ANY | grep IN | grep -v ";")"
echo -e "$DNS4\n"

echo -e "\e[34m[*] DNS zone transfer" ; echo -e "\e[0m"
DNS_AUTH="$($DIG @$DNS_SERVER $DOMAIN NS | grep NS | grep -v ';' | awk {'print $5'} | head -n 1 | sed 's/.$//')"
DNS5="$($DIG @$DNS_AUTH $DOMAIN AXFR)"
if [[ "$DNS5" != *"Transfer failed"* ]]; then
	echo -e "\e[32mzone transfer permitted!\n\e[0m"
else
	echo -e "zone transfer not permitted\n"
fi

echo -e "\e[34m[*] DNS entries" ; echo -e "\e[0m"
for K in "${KEYWORDS[@]}"
do
	echo "checking... $K.$DOMAIN"
	
	RES="$($DIG @$DNS_SERVER $K.$DOMAIN)"

	if [[ "$RES" != *"ANSWER: 0"* ]]; then
		echo -e "\e[32m$K.$DOMAIN exists\e[0m"
	fi
	
	sleep $DELAY
done

exit 0