#!/usr/bin/perl 

# zonescan.pl - by DEFT
# Usage: zonescan.pl whatever.com

if ( $ARGV[0] eq "" ) {
    die "usage: zonescan.pl whatever.com\n";
}

# do zone xfer

print "Starting zone transfer...\n";
system("/usr/bin/host -I $ARGV[0] $ARGV[1] > zone");

open( ZONE, './zone' );

while (<ZONE>) {
    split;
    if ( $_[0] eq "Server" && $_[1] eq "failed:" ) {
        die "Zone transfer refused.\n";
    }
    else { last; }
}

print "Zone transfer complete.\n ";
print "Creating target file. This may take a while ... \n";

# clear old log files for appending to later

system("echo '' > hosts");
system("echo '' > hostsToScan");
system("echo '' > log");

# strip off DNS junk to get the hostnames

while (<ZONE>) {
    split;
    if ( $_[1] eq "has" ) {
        system("echo $_[3] >> hosts");
    }
}

# need to strip off the repeating entries

open( HOSTS, './hosts' );
my (@wholefile) = <HOSTS>;
%seen = ();
foreach $item (@wholefile) {
    push( @uniq, $item ) unless $seen{$item}++;
}

for ( $i = 1 ; $i <= @uniq ; $i++ ) {
    system("echo '$uniq[$i]' >> hostsToScan");
}

print "Target file created. Starting nmap now.\n";
print "Check log for results.\n";

# clean up and do the scan. Add your own nmap options here.

system("rm -rf hosts zone");
system("/usr/bin/nmap -sS -iL hostsToScan >> log&");