pdknockr

- Unnamed repository; edit this file 'description' to name the repository.
git clone git://git.acid.vegas/-c.git
Log | Files | Refs | Archive | README

commit f1ce28a26b57c4a360dcdad5f133bbd0950e3b76
parent 50cf4464fae24f649d563dd8a41eb05e866dbbf6
Author: acidvegas <acid.vegas@acid.vegas>
Date: Mon, 27 Nov 2023 20:04:17 -0500

Readme updated

Diffstat:
A.screens/preview.png | 0
MREADME.md | 31++++++++++++++++++++-----------
Mpdknockr.py | 1-

3 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/.screens/preview.png b/.screens/preview.png
Binary files differ.
diff --git a/README.md b/README.md
@@ -5,17 +5,26 @@ This tool is designed to detect passive DNS servers that are logging DNS queries
 
 The program operates by accepting a list of DNS resolver addresses and a seed value for subdomain generation. It then asynchronously queries each resolver with a dynamically generated subdomain, based on the provided seed, targeting a specific domain. The asynchronous nature of the tool allows for high-throughput and efficient querying, making it suitable for scanning a large number of resolvers in a short period. Users should note that while this tool provides valuable insights into DNS logging practices, it should be used responsibly and in compliance with applicable network and privacy regulations. It serves as a powerful instrument for network administrators, security researchers, and privacy advocates to understand and evaluate the extent of passive DNS logging in their networks or across various resolvers.
 
-## WORK IN PROGRESS (STAY TUNED)
+## How it works
+When the program starts, it will generate a unique subdomain for each resolver.
+
+This list is saved as JSON data in a `dns_keys.txt` file.
+
+Th program will start firing off DNS queries to all the resolvers using the custom subdomain we made for each one:
+
+![](.screens/preview.png)
 
-- Right now we can MASS query a subdomain on a domain or list of domains using a list of resolvers or the resolvers from public-dns.info
-- Need to generate a seed per-dns server that can be included in the subdomain so it can be reversed back to a know which specific dns server is logging all dns requests.
-- Subdomain should be entirely random, have to look into commonly seen subdomains, but something like:
-    - de.220.ftp.domain.com 
-    - astro.login.domain.net 
-    - customer-cdn.1220.domain.org
+After testing across multiple IP addresses over time, if we ever see `download.event.supernets.org` show up on any passive DNS lookup engines, we can simple use the following command:
 
-The seeds here are 220, astro, and 1220. Unique things we can look for in the future.
+```bash
+jq 'to_entries | map({key: .value, value: .key}) | from_entries | ."download.event"' dns_keys.txt
+```
+
+This will return `151.202.0.84`, marking it as a DNS server that is actively logging all DNS queries that pass through.
+
+
+## WORK IN PROGRESS (STAY TUNED)
 
-Every sweep, we will generate a random seed for each dns server and save it to a seed.key file.
+This is all very theoretical right now, interested to see how this pans out.
 
-This is all very theoretical right now, interested to see how this pans out.
-\ No newline at end of file
+Stats and proof coming soon. Get fucking fucked white-ops 💯
+\ No newline at end of file
diff --git a/pdknockr.py b/pdknockr.py
@@ -130,7 +130,6 @@ if __name__ == '__main__':
     dns_keys = dict()
     for dns_server in dns_servers:
         dns_keys[dns_server] = generate_subdomain(sub_domains)
-        logging.info(f'{dns_server} will have a key of {dns_keys[dns_server]}')
     with open('dns_keys.txt', 'w') as file:
         json.dump(dns_keys, file)