Skip to content

Instantly share code, notes, and snippets.

@corifeo
Last active February 16, 2017 14:18
  • Star 3 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save corifeo/4722054 to your computer and use it in GitHub Desktop.
a simple DNS sniffer based on dnssnarf.py which outputs data in bind log format for further analysis
#!/usr/bin/python
"""
dnsSquirrel.py: Simple DNS sniffer based on dnssnarf.py which outputs data in bind log
format for further analysis with more advanced tools
"""
from datetime import datetime
import logging
from scapy.all import *
interface="eth0"
logfile="bind.log"
def dns_parser(data):
if data.haslayer(DNS) and data.haslayer(DNSQR):
ip = data.getlayer(IP)
udp = data.getlayer(UDP)
dns = data.getlayer(DNS)
dnsqr = data.getlayer(DNSQR)
now = datetime.now()
timestamp = str(now.strftime('%d-%b-%Y %H:%M:%S.%f'))
query = dnsqr.sprintf("%qname% %qclass% %qtype%").replace("'","")+ " +"
log = '%s client %s#%s: query: %s (%s)' % (timestamp[:-3], ip.src, udp.sport, \
query, ip.dst)
logging.info(log)
if __name__ == '__main__':
logging.basicConfig(filename=logfile, format='%(message)s', level=logging.INFO)
console = logging.StreamHandler()
logging.getLogger('').addHandler(console)
try:
sniff(filter="udp dst port 53", prn=dns_parser, store=0, iface=interface)
except KeyboardInterrupt:
exit(0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment