Quick and dirty script to check if a host is online via bash
SaltyHashes
Member Posts: 33 ■■■□□□□□□□
in Off-Topic
Here is a quick and dirty bash script that I authored to check to see if a host is online. This was tested using Ubuntu.
for word in $(cat domains.txt); do host $word; done > output.txt
This is assuming you have changed directories to the directory where the domains.txt file is located.
The point of this script is if you have large quantity of domains that you need to verify if they are online (active threat) and don't have the want or time to check each of them manually.
Please be advised that if you're editing in a Windows environment, the default line breaks are \r\n (carriage return and new line).
Linux environments only use \n (new line) and having \r (carriage returns) in your document will cause for this script to break.
Feel free to remove these carriage returns in an app like Notepad++.
Example of domains:
You can press Ctrl + H (or Search... > Replace). That will open this menu:
Replace all "\r" with "" (null) [ensure that Extended is selected]
The command should work fine in your bash terminal.
Example of output (viewing in vi):
for word in $(cat domains.txt); do host $word; done > output.txt
This is assuming you have changed directories to the directory where the domains.txt file is located.
The point of this script is if you have large quantity of domains that you need to verify if they are online (active threat) and don't have the want or time to check each of them manually.
Please be advised that if you're editing in a Windows environment, the default line breaks are \r\n (carriage return and new line).
Linux environments only use \n (new line) and having \r (carriage returns) in your document will cause for this script to break.
Feel free to remove these carriage returns in an app like Notepad++.
Example of domains:
You can press Ctrl + H (or Search... > Replace). That will open this menu:
Replace all "\r" with "" (null) [ensure that Extended is selected]
The command should work fine in your bash terminal.
Example of output (viewing in vi):
Comments
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
This can save an analyst time by seeing which domains are live.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
This may not be a useful script for you, but this might be useful to someone.
The name of this post is not misleading...
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I think you'll also find that not getting emotionally involved with your work leads to better work. The work can be criticized without the author being criticized.
Never mind me. I'll be in the corner over there with my popcorn.
take the wake on lan feature. the nic has power to receive the "magic packet" but the system can be off.
and I know that some nics implement a response to a ping on the interface card. nothing goes on a data bus or into memory or executed by the cpu.
the ping can be responded to by the nic even if the system is locked up, sitting at a blue screen of death, or powered down.
while a ping can tell you that there is a computer out there. it won't tell you that the OS is functioning.
maybe things aren't that way anymore. correct me if i'm wrong.
There must be solutions to scan for WakeOnLAN adapters over the Internet, like we scan for SSH and VNC servers.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
The intent behind the creation of this script was to look at fraud domains that have malware, phishing, or tech scams on them at scale. Web browsers are reliant on DNS to resolve the host for which the web content is on. That's why the host command was appropriate in this scenario.
If an analyst is tasked with looking at 200 domains to find additional evidence, this script would report back which domains were accessible.
If this script can show that perhaps 35 of the domains in that list are not active, that can save considerable amount of time.
Paul, thank you for the feedback. Absolutely this script could be modified to perform other actions such as telnet, whois, dig, ping, etc.
Do you/your team use a script that performs a telnet request to IANA? Also, what are the advantages of doing that?
Our team and our network are not fond of opening telnet connections. Could ssh be used instead?
Whois is a minimalist protocol. It's just a tcp listener on port 43 that takes a newline terminated string and spits out it's records. So you can do something as simple as:
echo 'techexams.net' | netcat whois.iana.org 43
I'm somewhat curious as to why you are doing domain registration checks. Like @JDMurray - I originally thought you were doing some sort of targeted passive DNS collection. Passive DNS collection can be challenging to do at scale. And there are only a few players out there that have datasets of significance - plus it's tough to monetize those data set.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
@JDMurray, Thank you for the pointer. Going to have to add this to my toolkit. Huge fan of freeware too. The CIDR field is a nice addition to standard whois output.
If you have any suggestions to improve the one-line script, I'm all ears. Glad we have hashed-out our differences on how we view the word "host".