vdns

vdns stands for "Visual DNS". The vdns module extracts DNS transactions from Bro's dns.log file and imports them into neo4j for graph visualization. In addition to importing the DNS data, it also creates some relationships to facilitate quicker analysis. During analysis, additional relational algorithms can then be applied via the web interface to find evil in DNS. This tutorial was written with execution of vdns on Mercenary-Linux. If it is used on another platform additional dependencies may be required.

Watch VDNS Demo Video

Download and Prepare

Install Dependencies

sudo pip install neo4jrestclient

Git DNShunter:

git clone https://github.com/slacker007/vdns

Change directories:

cd vdns

Ensure that the neo4j service is running (see "Custom Modules")

Help

Open a terminal and type:

`python vdns.py --help to view the available options

Execute vdns against a Bro log

Open a terminal and type: python vdns.py --logfile dns.log

Within Mercenary-Linux the default IP of the neo4j is "localhost" so you can hit enter. Then enter the default neo4j username and password for Mercenary-Linux, unless you changed it when setting up ne04j as explained in the Custom Modules Chapter:

  • username:neo4j
  • password:neo4j

Browse to http://localhost:7474 on your browser to view neo4j.

Graph view:

Text View 1:

Text View 2:

results matching ""

    No results matching ""