In modern cybersecurity, you cannot protect what you don’t know exists. Traditional DNS tools often give you fragmented data. You get an A record here, an SPF record there, but connecting those to an owner (WHOIS) or a risk profile (Shodan) usually requires manual effort.
A Solution: One Script to Rule Them All
I’ve consolidated several specialized enumeration scripts, originally designed for SOA tracking, SPF auditing, and endpoint discovery, into a single, high-performance Bash suite.
What makes this different?
- Contextual Intelligence: It doesn’t just tell you a domain points to an IP; it tells you who owns that IP range and what Shodan knows about it.
- Modular Logic: Whether you are doing a deep-dive ANY request or a broad endpoint enumeration, the script handles the logic and cleans up the “noise” (empty fields and headers) automatically.
- ASM-Ready: Designed with “Attack Surface Management” in mind, the output is standardized with custom prefixes and timestamps, making it perfect for cron-job monitoring of your infrastructure over time.
Behind the Scenes
The script uses a combination of dig, host, and curl to pull data, then utilizes awk and sed to transform raw terminal output into structured CSVs. It even handles the complexities of parsing WHOIS records across different registrars by targeting key flags like NetRange and OriginAS.
