jeka/ansible-openwrt-hirkn
1
0
Fork 0
mirror of https://github.com/itdoginfo/ansible-openwrt-hirkn.git synced 2025-12-15 19:44:30 +05:00
Code Issues Packages Projects Releases Wiki Activity

Added dns check

Browse Source
This commit is contained in:
itdoginfo
2023-10-19 13:49:47 +03:00
parent e0b9857b17
commit 26532331a9
2 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -140,6 +140,11 @@ service getdomains start
wget -O - https://raw.githubusercontent.com/itdoginfo/ansible-openwrt-hirkn/master/getdomains-check.sh | sh wget -O - https://raw.githubusercontent.com/itdoginfo/ansible-openwrt-hirkn/master/getdomains-check.sh | sh
``` ```
### Запустить с проверкой на подмену DNS
```
wget -O - https://raw.githubusercontent.com/itdoginfo/ansible-openwrt-hirkn/master/getdomains-check.sh | sh -s dns
```
### Запустить с созданием dump ### Запустить с созданием dump
``` ```
wget -O - https://raw.githubusercontent.com/itdoginfo/ansible-openwrt-hirkn/master/getdomains-check.sh | sh -s dump wget -O - https://raw.githubusercontent.com/itdoginfo/ansible-openwrt-hirkn/master/getdomains-check.sh | sh -s dump

74
getdomains-check.sh
View File

@@ -388,6 +388,80 @@ if [[ "$1" == dump ]]; then
echo "For Windows use PSCP or WSL" echo "For Windows use PSCP or WSL"
fi fi
# Check DNS
if [[ "$1" == dns ]]; then
printf "\033[36;1mCheck DNS servers\033[0m\n"
DNS_SERVERS="1.1.1.1 8.8.8.8 8.8.4.4"
DOH_DNS_SERVERS="cloudflare-dns.com 1.1.1.1 mozilla.cloudflare-dns.com security.cloudflare-dns.com"
DOMAINS="instagram.com facebook.com"
echo "1. Block DNS traffic (Port 53/udp is available)"
for i in $DNS_SERVERS;
do
if nslookup -type=a -timeout=2 -retry=1 itdog.info $i | grep -q "timed out"; then
checkpoint_false "$i"
else
checkpoint_true "$i"
fi
done
echo "2. DoH available"
for i in $DOH_DNS_SERVERS;
do
if curl --connect-timeout 5 -s -H "accept: application/dns-json" "https://$i/dns-query?name=itdog.info&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then
checkpoint_true "$i"
else
checkpoint_false "$i"
fi
done
echo "3. The response not contains an address from 127.0.0.0/8"
for i in $DOMAINS;
do
if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '127\.[0-9]{1,3}\.'; then
checkpoint_false "$i"
else
checkpoint_true "$i"
fi
done
echo "4. One IP for two different domains"
FIRSTIP=$(nslookup -type=a instagram.com | awk '/^Address: / {print $2}')
SECONDIP=$(nslookup -type=a facebook.com | awk '/^Address: / {print $2}')
if [ "$FIRSTIP" = "$SECONDIP" ] ; then
checkpoint_false "IP addresses are the same"
else
checkpoint_true "Different IP addresses"
fi
echo "5. The response is not blank"
for i in $DOMAINS;
do
if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then
checkpoint_true "$i"
else
checkpoint_false "$i"
fi
done
echo "6. Сomparing response from unencrypted DNS and DoH (DNS poisoning)"
DOHIP=$(curl -s -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=facebook.com&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
OPENIP=$(nslookup -type=a -timeout=2 facebook.com 1.1.1.1 | awk '/^Address: / {print $2}')
if [ "$DOHIP" = "$OPENIP" ]; then
checkpoint_true "IPs match"
else
checkpoint_false "IPs not match"
fi
fi
# Info # Info
echo -e "\nTelegram channel: https://t.me/itdoginfo" echo -e "\nTelegram channel: https://t.me/itdoginfo"
echo "Telegram chat: https://t.me/itdogchat" echo "Telegram chat: https://t.me/itdogchat"