This snippet will perform a zone transfer from all name servers on a domain. Credit to averagesecurityguy.
#!/usr/bin/env python3
import sys
import dns.resolver
import dns.reversename
import dns.zone
import dns.exception
TIMEOUT = 15.0
def nameservers(fqdn):
try:
ans = dns.resolver.query(fqdn, 'NS')
return [a.to_text() for a in ans]
except dns.exception.DNSException:
return []
def axfr(domain, nameserver):
try:
z = dns.zone.from_xfr(dns.query.xfr(ns, domain, lifetime=TIMEOUT))
return [z[n].to_text(n) for n in z.nodes.keys()]
except:
return None
if __name__ == '__main__':
domain = sys.argv[1]
nservers = [n for n in nameservers(domain)]
for ns in nservers:
recs = axfr(domain, ns)
if recs is not None:
fn = '{0}_{1}axfr'.format(domain, ns)
with open(fn, 'w') as f:
f.write('\n'.join(recs))