Simple BASH script to mass query reverse DNS PTR records for a subnet

Wrote this up the other day to do a quick reverse PTR query of some internal subnets. Possibly handy if you don’t have quick access to another tool like dnsrecon.

#!/bin/bash

#Populate subnets.txt with the first three sections of the target subnet IP, one subnet per line eg
#192.168.1
#192.168.20
#etc

subnets=$(cat './subnets.txt');
for subnet in $subnets
    do
        for ip in $subnet.{1..255}
        do
            dig -x $ip | sed -n '/ANSWER SECTION:/,/Query time:/p' | sed '/ANSWER SECTION/d' | sed '/Query time:/d' | sed '/./!d'
#echo $ip

    done
done

I’ve since found the useful python based dnsrecon which seems to work really well for this also:

./dnsrecon.py -t rvl -r 192.168.0.1/24

Leave your Comment

Except where specified otherwise, the content of this site is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.