toplevel domain scanner (tds) 0.02 beta
an official phunc release
phunc network tools department
by knight@phunc.com

NOTE: TDS was formerly called SCANDNS.

WHAT IS TDS?
------------

TDS is a script written in perl for unix which utilizes data from dns
information, essentially scanning the entire internet by querying the
root-servers, and then the individual nameservers for domains.

I originally wrote this script simply because I wanted to find more
outdials on the net (what an idea eh), and the idea of having a collection
of all the hosts on the internet and being able to grep them for common
hostname matches was ideal. The ability to "grep outdial *" was a nice
thing. I can think of a million uses for this script: whether it be for
searching for insecure sites, listing your network, or just getting an
idea what the people in Australia are looking at.

If you find this useful, more power to you. Drop me a note if you have
ideas or comments. Is the name change to TDS acceptable?

USING TDS
---------

Tds is pretty straight forward. You _NO LONGER_ have to edit the script
and modify the $toplevel variable to change the domain. Just use the
toplevel domain you want to scan on the commandline. A neat feature about
TDS is it keeps seperate domain lists and status files for each toplevel
domain seperately. On top of that, subdirectories of the hosts
directory, going by the name of the toplevel domain you are scanning are
where your domain lists go. You can even use blah.com if you know that it
is a domain that will show you subnets.

But most people use com, edu, org, or any other toplevel domain (like us,
cz, ie, il, etc). Go get a country->2-letter-abbrev doc from the net and
start scanning the world.

The first time you run tds, it will create a file called 
"domains-toplevel.com" which will store all of the domains that belong to
that toplevel (i.e. if you chose com, it will get *.com). Please take
note, if you have chosen a large toplevel domain (like com, net, org, edu,
etc) be weiry of your bandwidth. If you are on a 33.6 modem, this will
take you some time. We run our scripts on DS1 and DS3 circuits, so queries
are extremely fast (it took us 3 seconds to list 5200 .edu domains). 
This will work fine with a modem just realize it will take some TIME! The
toplevel domain list is named after the toplevel domain you are scanning.
So if you are scanning org domains, you will see domain-toplevel.org.

Next, it will query each domain, one by one, and report how many hosts
belong to that domain. These hosts are stored in the "hosts" directory
under the directory then filename of the domain. When the hosts are
queried from dns, they are sorted, and uniqed so that you do not have
duplicate entries. All entries are first put to lowercase before sorts and
uniqs are run.

We are working on database implementation, but until then to search
through all of these hosts, simply change to the hosts directory
and grep away. Here's a couple examples:

	$ pwd
	/home/knight/tds/hosts

	-- example to search for outdial, in just the files in subdir ie
	$ grep outdial ie/* 

	-- search all subdirs
	$ grep modem */*

	-- search a few dirs
	$ grep gateway il/* ky/a* net/whist*

You can control-c from your tds sessions, and run it again, and it will
continue from where it left off. This is handy so you dont have to scan
toplevels each time, or go through 3000 domain scans again. 

WHERE DO I GET TDS?
------------------

You may retrieve tds from several locations:

	Primary HTTP:	http://www.phunc.com/tools/tds
	Primary FTP:	ftp://ftp.phunc.com/pub/phunc/tools/tds

The current version as of this release is "0.02 beta".

WHAT IS PHUNC?
--------------

Phunc is an organization of people from several various backgrounds who
got together to stimulate technology; to attack problems our entire
community is facing, and challenge what we are all use to. We want to
advance technology, tighten security, and develop tools and suites as an
organization.

Phunc is currently undergoing heavy bug searching, and will be releasing
advisories soon. To subscribe to the phunc advisory mailing list, email
advisory-request@phunc.com and the word "subscribe" in the body of the
email. You can also subscribe via http://www.phunc.com/advisory.

You can find us on #phunc on EFnet IRC if you wish to communicate, or send
email to us at phunc.

	knight, phunc founder	knight@phunc.com
	awr,	phunc founder	andrewr@phunc.com
	
