October 28, 2019 · Basic Pen-Testing
1.3 : Basic Bash scripting - IP lookup (Part II)
Example: example.com Sub-domain IP Lookup
Before you continue, please make sure you have a simple text file that contains cisco urls
cat index.html | grep -o -E 'https?://[^"]*' | grep "example" | cut -d "/" -f 3 | sort -u > list.txt cat list.txt
host is a
dig like but in more details & short-handed.
Another domain name information gathering command.
> host Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time] [-R number] [-m flag] hostname [server] -a is equivalent to -v -t ANY -c specifies query class for non-IN data -C compares SOA records on authoritative nameservers -d is equivalent to -v -i IP6.INT reverse lookups -l lists all hosts in a domain, using AXFR -m set memory debugging flag (trace|record|usage) -N changes the number of dots allowed before root lookup is done -r disables recursive processing -R specifies number of retries for UDP packets -s a SERVFAIL response should stop query -t specifies the query type -T enables TCP/IP mode -v enables verbose output -V print version number and exit -w specifies to wait forever for a reply -W specifies how long to wait for a reply -4 use IPv4 query transport only -6 use IPv6 query transport only
Example usage: look up google.com
google.com has address 220.127.116.11 google.com has IPv6 address 2404:6800:4005:805::200e google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com.
So, we can now use
host to query sub-domains, show all IP address from DNS lookup
#/bin/bash # First time init var dont need $, cat file as array for URL in `cat list.txt` do # grep "has address" , grep the ip and append it to res.txt file host $URL | grep "has address" | cut -d " " -f 4 >> res.txt done
Or you can use a one-liner like this
for URL in `cat list.txt`;do host $URL | grep "has address" | cut -d " " -f 4 >> res.txt;done