#!/bin/ksh
###############################################################
#
#  mx
#
#  A mail server-seeking program, a ferret if you will.
#  BY: chux0r (copyleft)2003
#
#  Another SheBANG Bin Kerasssssssh! production.
#
#  Copyleft, 2003
#  (Intellectual property rights governed by the LGPL)
#  See here: http://www.gnu.org/copyleft/lesser.txt
#
#
###############################################################
VER="MX Snooper Version 0.1.4-r1 Alpha. \n\
By chux0r [ http://chux0r.org ], 2003"

FULL=1
HALF=2
QUICK=3
# Pick a scanning speed:
SPEED=${HALF}

# How 'brute force' do you wish your scan to be on every pass?
# Multiples of six are good choices.

BRUTELIMIT=6

CONF="/usr/local/etc/mx.conf"

# Check args for errors/omissions
if [ $# -lt 1 ]; then
  echo "ERROR: $0 requires 1 argument: a domain name"
  exit
elif [ $# -gt 1 ]; then
  if [ $2 = "-s" ]; then
    nslookup -type=mx $1
    exit
  elif [ $1 = "-s" ]; then
    nslookup -type=mx $2
    exit
  else
    echo "ERROR: invalid args: $1 $2"
    exit
  fi
fi
# Check for config file exist/readable
if [ ! -r ${CONF} ]; then
  echo "ERROR: Configuration file ${CONF} missing or not readable."
  exit
fi

# Check number of entries in config file
NAMECT=`grep -c '^[A-z0-9]' ${CONF}`
echo "NAMECT = ${NAMECT}"

if [ ${NAMECT} -le 0 ]; then
  echo "ERROR: No names to check in config file ${CONF}"
  exit
fi
DIR=`which mx`

nslookup -type=mx $1 2>/dev/null

i=0;
j=2;

set -A MXHOSTNAME `cat ${CONF}`

while [ $i -lt ${NAMECT} ];
do
  echo "[checking ${MXHOSTNAME[$i]}.$1]"
  nslookup ${MXHOSTNAME[$i]}."$1" 2>&1|egrep '(Name|Alias)'
  while [ $j -le ${BRUTELIMIT} ];
  do
    nslookup ${MXHOSTNAME[$i]}$j."$1" 2>&1|egrep '(Name|Alias)'
    nslookup ${MXHOSTNAME[$i]}0${j}."$1" 2>&1|egrep '(Name|Alias)'
    nslookup ${MXHOSTNAME[$i]}-0${j}."$1" 2>&1|egrep '(Name|Alias)'
    j=`expr $j + ${SPEED}`
  done
  j=2;
  i=`expr $i + 1`
done