dnshunter module

The dnshunter module is a python based module that is written for MercenaryHuntFramework & Mercenary-Linux. Currently it reads in .pcap files and extracts the DNS Queries and Answers. In addition, it also performs a geo-lookup of the domains & the associated IP's. This makes it easy to catch attacks such as DNS Cache Poisoning and DNSBeacons. This tutorial was written with execution of dnshunter on Mercenary-Linux. If it is used on another platform additional dependencies may be required.

Download and Prepare

Install Dependencies:

sudo apt-get install libgeoip-dev && sudo pip install geoip scapy

Git DNShunter:

git clone https://github.com/slacker007/DNShunter

Change directories:

cd DNShunter

Ensure that the neo4j service is running (see "Custom Modules")

Help

Open a terminal and type: python dnshunter.py --help to view the available options

Execute `dnshunter` against a PCAP

python dnshunter.py -f filename

Execute `dnshunter` against a PCAP and pipe to `grep` looking for queries [Q] that contain the keyword "jeffjumps".

./dnshunter.py -f filenmae | grep '[Q]' | grep 'jeffjumps'

dnshunter module

dnshunter module

Download and Prepare

Help

Execute `dnshunter` against a PCAP

Execute `dnshunter` against a PCAP and pipe to `grep` looking for queries [Q] that contain the keyword "jeffjumps".

results matching ""

No results matching ""

dnshunter module

Download and Prepare

Help

Execute dnshunter against a PCAP

Execute dnshunter against a PCAP and pipe to grep looking for queries [Q] that contain the keyword "jeffjumps".

results matching ""

No results matching ""

Execute `dnshunter` against a PCAP

Execute `dnshunter` against a PCAP and pipe to `grep` looking for queries [Q] that contain the keyword "jeffjumps".