egutierrez
7c3f01c9eb
12 funciones Bash del dominio cybersecurity: auditoria de red y servicios (analyze_dns, audit_http_headers, inspect_ssl_cert, list_active_connections, enumerate_subdomains, geolocate_ip), auditoria de sistema (audit_ssh_config, check_firewall, detect_suspicious_users), y utilidades crypto (encrypt_file, generate_password, verify_file_hash). Dominio nuevo en bash/functions/.
171 lines
5.2 KiB
Bash
171 lines
5.2 KiB
Bash
#!/usr/bin/env bash
|
|
# analyze_dns
|
|
# -----------
|
|
# Análisis DNS completo de un dominio: registros A/AAAA/MX/NS/TXT/CNAME/SOA,
|
|
# consulta whois y verificación contra listas negras DNSBL.
|
|
#
|
|
# USO (directo):
|
|
# analyze_dns example.com [records|whois|dnsbl|all]
|
|
#
|
|
# Depende de: dig, whois (opcional), curl (para DNSBL)
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
source "$SCRIPT_DIR/../shell/bash_colors.sh"
|
|
source "$SCRIPT_DIR/../shell/bash_log.sh"
|
|
bash_colors
|
|
bash_log_init
|
|
|
|
# ─── Funciones puras ──────────────────────────────────────────────────────────
|
|
|
|
_dns_is_valid_domain() {
|
|
local domain="$1"
|
|
[[ -n "$domain" && "$domain" =~ ^[a-zA-Z0-9._-]+\.[a-zA-Z]{2,}$ ]]
|
|
}
|
|
|
|
_dns_build_dnsbl_query() {
|
|
local ip="$1"
|
|
local bl="$2"
|
|
local reversed
|
|
reversed="$(echo "$ip" | awk -F. '{print $4"."$3"."$2"."$1}')"
|
|
echo "${reversed}.${bl}"
|
|
}
|
|
|
|
# ─── Funciones de efecto ──────────────────────────────────────────────────────
|
|
|
|
_dns_query_record() {
|
|
local domain="$1"
|
|
local type="$2"
|
|
local result
|
|
result="$(dig +short "$type" "$domain" 2>/dev/null || true)"
|
|
if [[ -z "$result" ]]; then
|
|
echo " (sin registros)"
|
|
else
|
|
echo "$result" | while IFS= read -r line; do
|
|
echo " * $line"
|
|
done
|
|
fi
|
|
}
|
|
|
|
_dns_show_all_records() {
|
|
local domain="$1"
|
|
echo ""
|
|
for type in A AAAA MX NS TXT CNAME SOA; do
|
|
echo -e "${CYAN}── ${type} ──────────────────${NC}"
|
|
_dns_query_record "$domain" "$type"
|
|
echo ""
|
|
done
|
|
}
|
|
|
|
_dns_show_whois() {
|
|
local domain="$1"
|
|
echo ""
|
|
info "Consultando whois de ${domain}..."
|
|
echo -e "${PURPLE}════════════════════════════════════════════════════════════${NC}"
|
|
whois "$domain" 2>/dev/null \
|
|
| grep -iE "(registrar|registrant|creation|expiry|expire|updated|name server|status)" \
|
|
| head -20 \
|
|
| while IFS= read -r line; do echo -e " ${DIM_GRAY}${line}${NC}"; done
|
|
echo -e "${PURPLE}════════════════════════════════════════════════════════════${NC}"
|
|
}
|
|
|
|
_dns_check_dnsbl() {
|
|
local domain="$1"
|
|
local ip
|
|
ip="$(dig +short A "$domain" 2>/dev/null | head -1 || true)"
|
|
|
|
if [[ -z "$ip" ]]; then
|
|
warning "No se pudo resolver la IP de $domain para comprobar DNSBL"
|
|
return
|
|
fi
|
|
|
|
info "IP a comprobar: $ip"
|
|
echo ""
|
|
|
|
local blacklists=(
|
|
"zen.spamhaus.org"
|
|
"bl.spamcop.net"
|
|
"dnsbl.sorbs.net"
|
|
"b.barracudacentral.org"
|
|
)
|
|
|
|
local found=0
|
|
for bl in "${blacklists[@]}"; do
|
|
local query
|
|
query="$(_dns_build_dnsbl_query "$ip" "$bl")"
|
|
local result
|
|
result="$(dig +short A "$query" 2>/dev/null || true)"
|
|
if [[ -n "$result" ]]; then
|
|
echo -e " ${RED}LISTADO${NC} ${bl} ($result)"
|
|
found=$((found + 1))
|
|
else
|
|
echo -e " ${GREEN}limpio${NC} ${bl}"
|
|
fi
|
|
done
|
|
|
|
echo ""
|
|
if [[ $found -eq 0 ]]; then
|
|
success "La IP no aparece en ninguna lista negra comprobada"
|
|
else
|
|
warning "La IP aparece en ${found} lista(s) negra(s)"
|
|
fi
|
|
}
|
|
|
|
# ─── Punto de entrada ─────────────────────────────────────────────────────────
|
|
|
|
analyze_dns() {
|
|
local domain="$1"
|
|
local mode="${2:-all}"
|
|
|
|
if [[ -z "$domain" ]]; then
|
|
error "analyze_dns: se requiere un dominio como primer argumento" >&2
|
|
return 1
|
|
fi
|
|
|
|
if ! _dns_is_valid_domain "$domain"; then
|
|
error "analyze_dns: dominio no válido: '$domain'" >&2
|
|
return 1
|
|
fi
|
|
|
|
if ! command -v dig &>/dev/null; then
|
|
error "analyze_dns: 'dig' no está instalado (sudo apt install dnsutils)" >&2
|
|
return 1
|
|
fi
|
|
|
|
info "Analizando: ${domain}"
|
|
|
|
case "$mode" in
|
|
records)
|
|
_dns_show_all_records "$domain"
|
|
;;
|
|
whois)
|
|
if ! command -v whois &>/dev/null; then
|
|
error "analyze_dns: 'whois' no está instalado (sudo apt install whois)" >&2
|
|
return 1
|
|
fi
|
|
_dns_show_whois "$domain"
|
|
;;
|
|
dnsbl)
|
|
_dns_check_dnsbl "$domain"
|
|
;;
|
|
all)
|
|
_dns_show_all_records "$domain"
|
|
if command -v whois &>/dev/null; then
|
|
_dns_show_whois "$domain"
|
|
else
|
|
warning "whois no disponible, omitiendo"
|
|
fi
|
|
echo ""
|
|
_dns_check_dnsbl "$domain"
|
|
;;
|
|
*)
|
|
error "analyze_dns: modo no válido '$mode'. Use: records|whois|dnsbl|all" >&2
|
|
return 1
|
|
;;
|
|
esac
|
|
}
|
|
|
|
# Ejecutar si se llama directamente
|
|
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
|
|
analyze_dns "$@"
|
|
fi
|