Wrote this up the other day to do a quick reverse PTR query of some internal subnets. Possibly handy if you don’t have quick access to another tool like dnsrecon.
#!/bin/bash
#Populate subnets.txt with the first three sections of the target subnet IP, one subnet per line eg
#192.168.1
#192.168.20
#etc
subnets=$(cat './subnets.txt');
for subnet in $subnets
do
for ip in $subnet.{1..255}
do
dig -x $ip | sed -n '/ANSWER SECTION:/,/Query time:/p' | sed '/ANSWER SECTION/d' | sed '/Query time:/d' | sed '/./!d'
#echo $ip
done
done
#Populate subnets.txt with the first three sections of the target subnet IP, one subnet per line eg
#192.168.1
#192.168.20
#etc
subnets=$(cat './subnets.txt');
for subnet in $subnets
do
for ip in $subnet.{1..255}
do
dig -x $ip | sed -n '/ANSWER SECTION:/,/Query time:/p' | sed '/ANSWER SECTION/d' | sed '/Query time:/d' | sed '/./!d'
#echo $ip
done
done
I’ve since found the useful python based dnsrecon which seems to work really well for this also:
./dnsrecon.py -t rvl -r 192.168.0.1/24
