ptrstream- endless stream of rdns |
| git clone git://git.acid.vegas/ptrstream.git |
| Log | Files | Refs | Archive | README | LICENSE |
README.md (5590B)
1 # PTRStream 2 > High-performance distributed PTR record scanner with real-time streaming output 3 4  5 6 PTRStream is a fast and efficient PTR record scanner designed for distributed scanning operations. It uses a Linear Congruential Generator *(LCG)* for deterministic IP generation, allowing for easy distribution of work across multiple machines while maintaining pseudo-random ordering. 7 8 ## Features 9 10 - Memory-efficient IP range processing using [GoLCG](https://github.com/acidvegas/golcg) 11 - Distributed scanning support via sharding 12 - Real-time NDJSON output for streaming to data pipelines 13 - Support for both PTR and CNAME records 14 - Automatic DNS server rotation from public resolvers 15 - Progress tracking with detailed statistics 16 - Colorized terminal output 17 - CAIDA-style error formatting (with -debug flag) 18 19 ## Installation 20 21 ```bash 22 go install github.com/acidvegas/ptrstream@latest 23 ``` 24 25 ## Options 26 | Flag | Type | Default | Description | 27 |----------|----------|---------|--------------------------------------------| 28 | `-c` | `int` | `100` | Concurrency level | 29 | `-debug` | `bool` | `false` | Show unsuccessful lookups | 30 | `-dns` | `string` | | File containing DNS servers | 31 | `-j` | `bool` | `false` | Output NDJSON to stdout (no TUI) | 32 | `-l` | `bool` | `false` | Loop continuously after completion | 33 | `-o` | `string` | | Path to NDJSON output file | 34 | `-r` | `int` | `2` | Number of retries for failed lookups | 35 | `-s` | `int` | `0` | Seed for IP generation *(0 for random)* | 36 | `-shard` | `string` | | Shard specification *(index/total format)* | 37 | `-t` | `int` | `2` | Timeout for DNS queries | 38 39 ## Usage 40 41 ```bash 42 # Basic usage 43 ptrstream -o output.json 44 45 # Use specific DNS servers 46 ptrstream -dns resolvers.txt -o output.json 47 48 # Increase concurrency 49 ptrstream -c 200 -o output.json 50 51 # Distributed scanning (4 machines) 52 # Machine 1: 53 ptrstream -shard 1/4 -s 12345 -o shard1.json 54 # Machine 2: 55 ptrstream -shard 2/4 -s 12345 -o shard2.json 56 # Machine 3: 57 ptrstream -shard 3/4 -s 12345 -o shard3.json 58 # Machine 4: 59 ptrstream -shard 4/4 -s 12345 -o shard4.json 60 ``` 61 62 ## Distributed Scanning 63 64 PTRStream supports distributed scanning through its sharding system. By using the same seed value across multiple instances with different shard specifications, you can distribute the workload across multiple machines while ensuring: 65 66 - No IP address is scanned twice 67 - Even distribution of work 68 - Deterministic results 69 - Pseudo-random scanning patterns 70 71 For example, to split the work across 4 machines: 72 ```bash 73 # Each machine uses the same seed but different shard 74 ptrstream -shard 1/4 -s 12345 # Machine 1 75 ptrstream -shard 2/4 -s 12345 # Machine 2 76 ptrstream -shard 3/4 -s 12345 # Machine 3 77 ptrstream -shard 4/4 -s 12345 # Machine 4 78 ``` 79 80 ## Real-time Data Pipeline Integration 81 82 PTRStream outputs NDJSON *(Newline Delimited JSON)* format, making it perfect for real-time data pipeline integration. Each line contains a complete JSON record with: 83 84 - Timestamp 85 - IP Address 86 - DNS Server used 87 - Record Type *(PTR/CNAME)* 88 - PTR Record 89 - CNAME Target *(if applicable)* 90 - TTL Value 91 92 Example using named pipe to Elasticsearch: 93 ```bash 94 # Create a named pipe 95 mkfifo /tmp/ptrstream 96 97 # Start Elasticsearch ingestion in background 98 cat /tmp/ptrstream | elasticsearch-bulk-import & 99 100 # Run PTRStream with pipe output 101 ptrstream -o /tmp/ptrstream 102 ``` 103 104 ## CNAME Support 105 106 PTRStream properly handles CNAME records in PTR responses, providing: 107 - Detection of CNAME chains 108 - Original hostname and target tracking 109 - TTL values for both record types 110 - Distinct coloring in terminal output 111 - CNAME statistics tracking 112 113 Example NDJSON output: 114 ```json 115 {"timestamp":"2024-01-05T12:34:56Z","ip_addr":"1.2.3.4","dns_server":"8.8.8.8","ptr_record":"example.com","record_type":"PTR","ttl":3600} 116 {"timestamp":"2024-01-05T12:34:57Z","ip_addr":"5.6.7.8","dns_server":"1.1.1.1","ptr_record":"original.com","record_type":"CNAME","target":"target.com","ttl":600} 117 ``` 118 119 ## Debug Mode 120 121 When running with `-debug`, failed lookups are displayed and logged using CAIDA-style error formatting. Each error is represented as a special `.in-addr.arpa` address: 122 123 ``` 124 2024-01-05 12:34:56 │ 1.2.3.4 │ 8.8.8.8 │ ERR │ │ FAIL.TIMEOUT.in-addr.arpa 125 2024-01-05 12:34:57 │ 5.6.7.8 │ 1.1.1.1 │ ERR │ │ FAIL.SERVER-FAILURE.in-addr.arpa 126 2024-01-05 12:34:58 │ 9.10.11.12 │ 8.8.4.4 │ ERR │ │ FAIL.NON-AUTHORITATIVE.in-addr.arpa 127 ``` 128 129 Error types include: 130 - `FAIL.TIMEOUT.in-addr.arpa` - DNS query timed out 131 - `FAIL.SERVER-FAILURE.in-addr.arpa` - DNS server returned an error 132 - `FAIL.NON-AUTHORITATIVE.in-addr.arpa` - No authoritative answer 133 - `FAIL.REFUSED.in-addr.arpa` - Query was refused 134 - `FAIL.NO-PTR-RECORD.in-addr.arpa` - No PTR record exists 135 - And more... 136 137 These errors are also included in the NDJSON output when using `-debug` with either `-o` or `-j`: 138 ```json 139 {"seen":"2024-01-05T12:34:56Z","ip":"1.2.3.4","nameserver":"8.8.8.8","record":"FAIL.TIMEOUT.in-addr.arpa","record_type":"ERR","ttl":0} 140 ``` 141 142 ___ 143 144 ###### Mirrors: [acid.vegas](https://git.acid.vegas/ptrstream) • [SuperNETs](https://git.supernets.org/acidvegas/ptrstream) • [GitHub](https://github.com/acidvegas/ptrstream) • [GitLab](https://gitlab.com/acidvegas/ptrstream) • [Codeberg](https://codeberg.org/acidvegas/ptrstream)