-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathsonar.sh
executable file
·99 lines (76 loc) · 2.81 KB
/
sonar.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/bin/bash
# Usage : ./sonar.sh <version number> <file>
# Example: ./sonar.sh 2018-10-27-1540655191 sonar.txt
set -u
# DEBUG: Mark start time
time_start=$(date -u +%s)
# Set location for temporary junk
tempdir=/tmp/sonar
# Make sure there aren't existing temp files
rm -rf ${tempdir:?}
mkdir -p $tempdir
# Download dataset from Rapid7 if not already provided
# Find the latest timestamp listed at https://opendata.rapid7.com/sonar.fdns_v2/ (the string preceding "-fdns_cname.json.gz") and pass in as first argument
# Example: 2018-10-27-1540655191
filename="$1-fdns_cname.json.gz"
if [ ! -f "$tempdir/$filename" ]; then
SECONDS=0
echo "[-] Downloading $filename from Rapid7..."
curl -#Lo "$tempdir/$filename" "https://opendata.rapid7.com/sonar.fdns_v2/$filename"
echo "[+] Successfully downloaded $filename. Took $((SECONDS/60)) minutes."
fi
# Parse data into a temp file called sonar_cnames
SECONDS=0
echo "[-] Extracting CNAME records..."
zcat < "$tempdir/$filename" | grep 'type":"cname' | awk -F'":"' '{print $3, $5}' | \
awk -F'"' '{print $1, $3}' | sed -e s/" type "/" "/g > $tempdir/sonar_cnames
rm "${tempdir:?}/$filename"
echo "[+] CNAME records extracted. Took $((SECONDS/60)) minutes."
# List of fingerprints we're going to grep for
declare -a prints=(
"\.s3-website"
"\.s3.amazonaws.com$"
"\.herokuapp.com$"
"\.herokudns.com$"
"\.wordpress.com$"
"\.pantheonsite.io$"
"domains.tumblr.com$"
"\.zendesk.com$"
"\.github.com$"
"\.github.io$"
"\.global.fastly.net$"
"\.ghost.io$"
"\.myshopify.com$"
"\.surge.sh$"
"\.bitbucket.io$"
"\.azurewebsites.net$"
"\.cloudapp.net$"
"\.trafficmanager.net$"
"\.blob.core.windows.net$"
)
prints_array=$(echo "${prints[@]}" | tr ' ' '|')
# Grepping CNAMEs w/ matching fingerprints from the array
echo "[-] Dusting for fingerprints..."
SECONDS=0
grep -Ei "$prints_array" $tempdir/sonar_cnames > $tempdir/sonar_prints
rm ${tempdir:?}/sonar_cnames
echo "[+] Fingerprints dusted. Took $((SECONDS/60)) minutes."
# Output only the CNAME (not the target/fingerprint)
echo "[-] Isolating CNAME records..."
SECONDS=0
awk '{print $1}' $tempdir/sonar_prints > $tempdir/sonar_records
rm ${tempdir:?}/sonar_prints
echo "[+] CNAME records isloated. Took $((SECONDS/60)) minutes."
# Removing recursive records (when CNAME contains its own fingerprint; ex: abcd.herokuapp.com -> us-east-1-a.route.herokuapp.com)
echo "[-] Removing recursive records..."
SECONDS=0
grep -v -Ei "$prints_array" $tempdir/sonar_records > "$2"
rm ${tempdir:?}/sonar_records
echo "[+] Recursive records removed. Took $((SECONDS/60)) minutes."
# All done with temp files, make sure we've tidied everything up
echo "[-] Cleaning up..."
rm -rf ${tempdir:?}
echo "[+] Cleaned up."
# DEBUG: Mark finish time
time_end=$(date -u +%s)
echo "[+] Finally done! Took $(((time_end-time_start)/60)) minutes total."