Advertisement
opexxx

dnsleak.py

Jan 12th, 2016
328
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.95 KB | None | 0 0
  1. #!/usr/bin/env python
  2.  
  3. import argparse
  4.  
  5. # Suppress Scapy's chattiness
  6. import logging
  7. logging.getLogger("scapy.runtime").setLevel(logging.WARNING)
  8.  
  9. import scapy.all as sc
  10. sc.conf.verb = 0
  11.  
  12. expected_ips = []
  13.  
  14. def dns_callback(p):
  15.     if expected_ips and p[sc.IP].dst not in expected_ips:
  16.         logging.getLogger("scapy.runtime").warning(
  17.             "BAD DNS DESTINATION {}".format(p[sc.IP].dst))
  18.     elif not expected_ips:
  19.         print("{: <16} {: <16} {: <18}".format(p[sc.IP].src, p[sc.IP].dst,
  20.             p[sc.DNSQR].qname))
  21.  
  22. def sniff_dns(**kwargs):
  23.     sniff_args = {
  24.         "prn": dns_callback,
  25.         "timeout": kwargs.get("timeout"),
  26.         "lfilter": lambda p: p.haslayer(sc.DNS),
  27.         "store": kwargs.get("store")
  28.     }
  29.     if kwargs.get("interface"):
  30.         sniff_args["iface"] = kwargs["interface"]
  31.  
  32.     if not expected_ips:
  33.         print("{: <16} {: <16} {: <18}".format("SRC", "DST", "URL"))
  34.     sc.sniff(**sniff_args)
  35.  
  36. def parse_args():
  37.     p = argparse.ArgumentParser(description=
  38.         '''
  39.        Test for leaking DNS queries (i.e. if a VPN is being used).
  40.        
  41.        If no expected DNS IP is specified then all DNS traffic is printed. If
  42.        one is specified then this script alerts on leaking queries.
  43.        
  44.        The rationale being that all DNS traffic sniffed should only have
  45.        either our local IP or the IP of our trusted DNS resolver(s).
  46.        ''', formatter_class=argparse.RawTextHelpFormatter)
  47.  
  48.     p.add_argument('-i', '--interface', action='store')
  49.     p.add_argument('-e', '--expected-dns-ips', action='store', nargs='+')
  50.     p.add_argument('-t', '--timeout', type=int, action='store')
  51.     p.add_argument('-s', '--store', action='store_true')
  52.  
  53.     args = p.parse_args()
  54.     return args
  55.  
  56. def main():
  57.     args = parse_args()
  58.  
  59.     global expected_ips
  60.     expected_ips = args.expected_dns_ips
  61.  
  62.     sniff_dns(**vars(args))
  63.    
  64. if __name__ == "__main__":
  65.     main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement