Powershell : Scan domains and report on NS servers


I had a requirement the today to see if some domains were registered and were pointing at valid NS servers, if those zones point at the expected name servers then it’s a very good indicator that they belong to the correct owner.

Publicly it’s quite hard to map the domain back to an owner because many of the Whois requests are redacted for privacy, so if you know what the name server (NS) should be and it matches that expectation, without having access to the domain registrar panel - this is the next best thing you could use - but even if you do have access To an administration portal many times you cannot search for a list of domains.

The options that are feasible here would be the name of the registrar or the name servers (NS) the domain is using.

That means I essentially need to use the command “nslookup” with the relevant syntax and then take a look at the results to see if it matched the name server I was expecting, that can be accomplished with this command:

 nslookup -type=NS <query>

If you want a live example then adding a6n.co.uk to the <query> will give you:

Non-authoritative answer:
a6n.co.uk       nameserver = salvador.ns.porkbun.com
a6n.co.uk       nameserver = fortaleza.ns.porkbun.com
a6n.co.uk       nameserver = maceio.ns.porkbun.com
a6n.co.uk       nameserver = curitiba.ns.porkbun.com

salvador.ns.porkbun.com internet address = 162.159.10.150
salvador.ns.porkbun.com AAAA IPv6 address = 2400:cb00:2049:1::a29f:a96
fortaleza.ns.porkbun.com        internet address = 162.159.8.140
fortaleza.ns.porkbun.com        AAAA IPv6 address = 2400:cb00:2049:1::a29f:88c
maceio.ns.porkbun.com   internet address = 162.159.11.180
maceio.ns.porkbun.com   AAAA IPv6 address = 2400:cb00:2049:1::a29f:bb4
curitiba.ns.porkbun.com internet address = 173.245.58.37
curitiba.ns.porkbun.com AAAA IPv6 address = 2400:cb00:2049:1::adf5:3a25

Now we have the command that will run the script we now need to add some logic, with this particular example, if the NS match what we’re expecting that we can mark the domain as protected, if the NS do not match we can report them as unprotected

If the domain is unprotected the text needs to be red outlining it’s unprotected, likewise, if the domain is marked as protected the text telling us so needs to be green.

Finally, we need a count of all the protected and unprotected domains,  and where domain is marked as unprotected it needs to list the domain name in question.

The Script : DomainDNSCheck.ps1

# Define the keywords to check for protection
$protectedKeywords = @("comlaude", "demys")

# Initialize counters and lists
$protectedCount = 0
$unprotectedCount = 0
$unprotectedDomains = @()

# Function to run nslookup for a given domain and return the output
function Run-Nslookup {
    param (
        [string]$domain
    )
    nslookup -type=NS $domain
}

# Function to parse nslookup output and extract NS records
function Parse-NslookupOutput {
    param (
        [string[]]$output
    )
    $nsRecords = @()
    foreach ($line in $output) {
        if ($line -match "nameserver = (.*)") {
            $nsRecords += $matches[1]
        }
    }

return $nsRecords
}

# Function to check if any NS record contains the protected keywords
function Check-Protection {
    param (
        [string[]]$nsRecords,
        [string[]]$keywords
    )
    foreach ($record in $nsRecords) {
    foreach ($keyword in $keywords) {
            if ($record -match $keyword) {
                return $true
            }
        }
    }
    return $false
}

# Main script
$domains = Get-Content -Path "domains.txt"
foreach ($domain in $domains) {
    Write-Output "Domain: $domain"
    $output = Run-Nslookup -domain $domain
    $nsRecords = Parse-NslookupOutput -output $output
    if ($nsRecords.Count -eq 0) {
        Write-Output "No NS records found."
        $status = "unprotected"
        $color = "Red"
        $unprotectedDomains += $domain
        $unprotectedCount++
    } else {
        $isProtected = Check-Protection -nsRecords $nsRecords -keywords $protectedKeywords
        $status = if ($isProtected) { "Protected" } else { "Unprotected" }
        $color = if ($isProtected) { "Green" } else { "Red" }
       Write-Output "NS Records:"
        foreach ($record in $nsRecords) {
            Write-Output "    $record"
        }
        if ($status -eq "unprotected") {
            $unprotectedDomains += $domain
            $unprotectedCount++
        } else {
            $protectedCount++
        }
    }

Write-Host "Status: $status" -ForegroundColor $color
    Write-Host ""
}

# Output the counts and list of unprotected domains
Write-Host "Total Protected Domains: $protectedCount" -ForegroundColor Green
Write-Host "Total Unprotected Domains: $unprotectedCount" -ForegroundColor Red

if ($unprotectedCount -gt 0) {
    Write-Host "Unprotected Domains:" -ForegroundColor Red
    foreach ($unprotectedDomain in $unprotectedDomains) {
        Write-Host "    $unprotectedDomain" -ForegroundColor Red
    }
}

The output will look then look like this where you can see the protected and unprotected domains and the listing of unprotected domains.


Previous Post Next Post

نموذج الاتصال