There came a time where we needed to perform some system enumeration in a large Environment, verify which subnet these servers were in, if the DNS records still existed, and if the servers were still active.
After much searching we found a script which pointed us in the right direction, though we needed to perform reverse look ups instead of forward lookups. Playing around with some different DNS tools, and looking over our own scripts, this is what we came up with.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
<# Bulk PTR record lookup utility Idea borrowed from Nick Shaw's Bulk DNS lookup Source: https://www.geekynick.co.uk/bulk-dns-lookup-in-windows-powershell-better-than-nslookup-2/ By A Tech With a Hammer https://www.techwithahammer.com/?p=7 Created: November 7, 2014 Last Update: November 7, 2014 This script makes the assumption that all entires in the list that are being loaded up are in correct IPv4 or IPv6 formatting. To do Add in IP range and CIDR notation lookups #> # File Dialog Function Get-FileName($initialDirectory) { [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") | Out-Null $OpenFileDialog = New-Object System.Windows.Forms.OpenFileDialog $OpenFileDialog.initialDirectory = $initialDirectory $OpenFileDialog.filter = "All files (*.*)| *.*" $OpenFileDialog.ShowDialog() | Out-Null $OpenFileDialog.filename } # Select the text file holding the records $Path = Get-FileName if (-Not($Path)) { exit } # Get the file path and set CSV output $PathExplode = $Path.Split('.') $ResultFilePath = "" if ($PathExplode.Count -gt 1) { For($n = 0; $n -lt ($PathExplode.Count-1); $n++) { $ResultFilePath += $PathExplode[$n] $ResultFilePath += "." } } $ResultFilePath += "Result.csv" # Counting the number of hosts $Hosts = Get-Content $path $TotalHosts = $Hosts.Count $Results = "IP Address,Host name`r`n" $HostsResolved = 0 # Process the list For($Cur = 0; $Cur -lt $Hosts.Count; $Cur++) { $HostAddress = $Hosts[$Cur] $Current = ($Cur+1) Write-Progress -Activity "Enumerating host $Current of $TotalHosts" -Status "$HostAddress" -PercentComplete ($Current/$TotalHosts *100) try { $HostEntry = [System.Net.Dns]::GetHostEntry($HostAddress) # Successful PTR resolution $HostsResolved++ $HostName = $HostEntry.HostName $Results += "$HostAddress,$Hostname`r`n" } catch { # Unknown $Results += "$HostAddress,no such host known`r`n" } } # Mark progress bar as completed os it will close Write-Progress -Activity "Enumerating host" -Completed # Output the results $Results | Out-File $ResultFilePath Write-Host "DNS Pointer lookups completed. `r`n $HostsResolved resolved." Write-Host "Results saved to $ResultFilePath" # The script has successfully ran, now press the <any> key Write-Host "`r`nPress the <any> key to continue" $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") | Out-Null |