DNSAudit.sh fetches a list of compromised domains from Zonefiles.io, and loops through each domain to check its resolution against various secure DNS providers.
DNSAudit is a comprehensive DNS provider audit tool designed to test how different DNS providers resolve domains. Inspired by Tom Lawrence's 2023 Best DNS for Secure Browsing video and code and combined with previous private efforts from myself, this script focuses on the indicators of various DNS providers when encountering potentially harmful or compromised domains.
- Fetches a list of compromised domains for testing from Zonefiles.io.
- Filters for
.comand.netdomains. - Tests domain resolution across various DNS providers.
- Provides real-time, visually engaging feedback in the terminal.
- Outputs results to CSV files for further analysis.
This script is meant to test network deployments only and will not work on roaming agents.
- Clone the repository:
git clone https://github.com/mikeydiamonds/DNSAudit.git - Navigate to the directory:
cd DNSAudit.sh - Make the script executable:
chmod +x DNSAudit.sh - Run the script:
./DNSAudit.sh
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
This code and its contents are solely my own work in combination with code provided by Tom Lawrence and do not reflect the views, strategies, or opinions of my employer or any other entity. Use this script at your own discretion and responsibility.