Parsing File For Domain Name

bEgUnDaL · November 27, 2010, 8:18pm

I was trying to setup some conficker monitoring for my network
I took the list from

http://www.epicwinrar.com/conficker/domains.txt

The text file format containing

Variant, Date, Index, Hostname
A, 10/01/2008, 0, kuwzclqpw.com
A, 10/01/2008, 1, hspch.net
A, 10/01/2008, 2, sumkuezgsq.info
A, 10/01/2008, 3, ibcct.net
.
upto 3500 lines
.
B, 06/30/2009, 245, themziwbvky.com
B, 06/30/2009, 246, dmwznbpiug.ws
B, 06/30/2009, 247, jdsjytlnlj.ws
B, 06/30/2009, 248, bbsle.com
B, 06/30/2009, 249, kbojbitigx.biz

I would like to resolve the hostname from domains.txt into ip address in ipaddress.txt to check wether the hostname is still active using

#!/bin/bash
#
# File: check_domains_conficker.sh
#
CONFICKER="domains.txt"
DNS="1.2.3.4"
cat $FILE | while read domain
do
  ip=`dig @$DNS +time=1 +short $CONFICKER`
  echo "$CONFICKER:$ip" >> ipaddress.txt
done

doesnt seems to work
Than I would grep only the ip address and take the most 50 resolved ip address with

grep -oe "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" \ ipaddress.txt | sort > ipaddress_exist

#!/bin/bash
# File: count_modulus_ip_conficker.sh
file=ipaddress_exist
i=0
oldip='Initialization'
while read newip
do
  if [ $newip == $oldip ]
  then
    i=$((i+1))
  else
    i=$((i+1))
    echo "$oldip: $i"
    i=0
    oldip=$newip
  fi
  done <$file
  echo "$oldip: $((i+1))"
done

please evaluate the script
much appreciated

rdcwayx · November 28, 2010, 12:44am

#!/bin/bash
#
# File: check_domains_conficker.sh
#
CONFICKER="domains.txt"
DNS="1.2.3.4"
awk '{print $NF}' $CONFICKER| while read domain
do
  ip=`dig @$DNS $domain +time=1 +short`
  echo "$CONFICKER:$ip" >> ipaddress.txt
done

bEgUnDaL · November 28, 2010, 3:27am

rdcwayx:

#!/bin/bash
#
# File: check_domains_conficker.sh
#
CONFICKER="domains.txt"
DNS="1.2.3.4"
awk '{print $NF}' $CONFICKER| while read domain
do
  ip=`dig @$DNS $domain +time=1 +short`
  echo "$CONFICKER:$ip" >> ipaddress.txt
done

with that script the ipaddress.txt content is

domains_conficker.txt:
domains_conficker.txt:
domains_conficker.txt:

what I'm trying todo is having an output of

somedomain.tld:ip.ad.dr.ess
somedomain.tld:ip.ad.dr.ess
somedomain.tld:ip.ad.dr.ess

ilikecows · November 28, 2010, 3:48am

Comment the top line of the domains.txt file containing column headers and try this:

 
#!/bin/bash
#
# File: check_domains_conficker.sh
#
CONFICKER="domains.txt"
DNS="1.2.3.4"
awk -F\, '!/^#/{print $4}' $CONFICKER| while read domain
do
  ip=`dig @$DNS $domain +time=1 +short`
  echo "$CONFICKER:$ip" >> ipaddress.txt
done

bEgUnDaL · November 28, 2010, 5:44am

ilikecows:

Comment the top line of the domains.txt file containing column headers and try this:

 
#!/bin/bash
#
# File: check_domains_conficker.sh
#
CONFICKER="domains.txt"
DNS="1.2.3.4"
awk -F\, '!/^#/{print $4}' $CONFICKER| while read domain
do
  ip=`dig @$DNS $domain +time=1 +short`
  echo "$CONFICKER:$ip" >> ipaddress.txt
done

input domains.txt

A, 10/01/2008, 0, kuwzclqpw.com
A, 10/01/2008, 1, hspch.net

output ipaddress.txt

domains.txt:
domains.txt:

ilikecows · November 28, 2010, 3:45pm

CONFICKER="domains.txt"
DNS="1.2.3.4"
awk -F\, '!/^#/{print $4}' $CONFICKER| while read domain
do
  ip=`dig @$DNS $domain +time=1 +short`
  echo "$domain:$ip" >> ipaddress.txt
done

Works on my machine. Try changing the $CONFICKER to $domain.