Created
November 28, 2018 07:08
-
-
Save rootbsd/387b029776f94ecd0e58d42217cc550b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# DNSpionage log parser | |
# This script displays the exfiltrated data in the log.txt file | |
# It only supports the DNS mode. The HTTP mode does not encode the exfiltrated data in the log file | |
# Can be easily adapted to parse passive DNS logs | |
# @r00tbsd | |
import sys | |
import base64 | |
with open(sys.argv[1]) as f: | |
lines = f.readlines() | |
s=0 | |
output="" | |
for line in lines: | |
if "send command result" in line: | |
s=1 | |
continue | |
if "-----end-------" in line: | |
print output | |
output="" | |
s=0 | |
if s == 1: | |
dns=line.split()[1] | |
subdns=dns.split(".")[0] | |
data=subdns[4:] | |
decodeddata=base64.b32decode(data.replace("0", "=")) | |
output=output+decodeddata[4:] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment