Think you know the linux digg command? Ever try to do some simple network discovery with it? This script by Tommy Johnson does some nice condensed discovery. Just pass a domain for the argument.
./diggall.sh example.com
That is all!
#!/bin/bash echo "MX points to:" dig MX $1 +short | sort -n echo "" echo "A points to:" dig A $1 +short echo "" echo "www points to:" dig A www.$1 +short echo "" echo "mail points to:" dig A mail.$1 +short echo "" echo "SOA Nameserver declared:" echo `dig SOA $1 +short | awk '{print $1}'` echo "" #echo "oldmail points to:" #dig A oldmail.$1 +short domain1=( $(echo $1 | awk -F '.' '{print $1}')) domain2=( $(echo $1 | awk -F '.' '{print $2}')) domain3=( $(echo $1 | awk -F '.' '{print $3}')) domain2=( $(echo $domain2.$domain3 | sed 's/[:.:]$//') ) first=( $(dig NS +short $domain2 | sed 's/[:.:]$//') ) second=( $(dig +short NS $domain2 @$first | sed 's/[:.:]$//') ) #echo "Authoritative nameserver for TLD is: "$second #echo '+===============================================+' echo "Name Servers as reported by registrar:" echo `dig NS $domain1.$domain2 @$second | grep "AUTHORITY SECTION" -A3 | grep -v AUTHORITY | awk '{print $5}'` echo "IPs declared by registrar:" echo `dig NS $domain1.$domain2 @$second | grep "ADDITIONAL SECTION" -A3 | grep -v ADDITIONAL | awk '{print $5}'` #echo '+===============================================+' echo "" echo "Name Servers in zone file are:" dig NS $1 +short dig NS $1 | grep "ADDITIONAL SECTION" -A3 | grep -v ADDITIONAL | awk '{print $5}' echo "txt record is:" dig txt $1 +short