dnshunter module

The dnshunter module is a python based module that is written for MercenaryHuntFramework & Mercenary-Linux. Currently it reads in .pcap files and extracts the DNS Queries and Answers. In addition, it also performs a geo-lookup of the domains & the associated IP's. This makes it easy to catch attacks such as DNS Cache Poisoning and DNSBeacons. This tutorial was written with execution of dnshunter on Mercenary-Linux. If it is used on another platform additional dependencies may be required.

Watch DNS Hunter Demo Video

Download and Prepare

Install Dependencies:

sudo apt-get install libgeoip-dev && sudo pip install geoip scapy

Git DNShunter:

git clone https://github.com/slacker007/DNShunter

Change directories:

cd DNShunter

Ensure that the neo4j service is running (see "Custom Modules")

Help

Open a terminal and type: python dnshunter.py --help to view the available options

Execute dnshunter against a PCAP

python dnshunter.py -f filename

Execute dnshunter against a PCAP and pipe to grep looking for queries [Q] that contain the keyword "jeffjumps".

./dnshunter.py -f filenmae | grep '[Q]' | grep 'jeffjumps'

results matching ""

    No results matching ""