• Stars
    star
    236
  • Rank 170,480 (Top 4 %)
  • Language
    Python
  • License
    MIT License
  • Created about 4 years ago
  • Updated 9 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Database Driven DNS Server with a Web UI

SnitchDNS

SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services.

One of its main features is the logging of all DNS queries allowing the discovery of network traffic endpoints, and it can also be used to implement canary tokens as it supports notifications via e-mail, web push, Slack, and Teams. Red teamers can also use SnitchDNS to monitor phishing domains for sandboxes, integrate with SIEM solutions, restrict responses to specific IP ranges, egress data via a DNS tunnel and catch-all domains, and more.

Dependencies

  • Python 3.6+

Installation

Please make sure you install using git rather than by downloading the repo manually.

Documentation

For general documentation see here

Screenshots

For screenshots see here

Basic Features

  • Database Driven.
    • Changes are reflected immediately on each DNS request.
    • Supported DBMS:
      • SQLite
      • MySQL / MariaDB
      • Postgres
  • DNS Server
    • Support for common DNS Records.
      • A, AAAA, AFSDB, CNAME, DNAME, HINFO, MX, NAPTR, NS, PTR, RP, SOA, SPF, SRV, SSHFP, TSIG, TXT.
    • Catch-All Domains.
      • Ability to match any subdomain (no matter the depth) to a specific parent domain, for instance *.hello.example.com.
    • Unmatched Record Forwarding.
      • Functionality to intercept specific queries (ie only A and CNAME) and forward all other records to a third-party DNS server (ie Google).
    • Regular Expression matching.
  • Tags and Aliases.
  • IP Rules
    • Configure Allow/Block rules per domain.
  • Notifications. Receive a notification when a domain is resolved, via:
    • E-mail
    • Web Push
    • Slack
    • Microsoft Teams
  • User Management
    • Multi-User support
      • Each user is given their own subdomain to use.
    • LDAP/RADIUS Support
    • Two Factor Authentication
    • Password Complexity Management
  • Logging
    • All DNS queries are logged, whether they have been matched or not.
    • CSV Logging for SIEM integration.
  • Swagger 2.0 API
  • Deployment
    • Ansible scripts for Ubuntu 18.04 / 20.04
    • Docker
    • CLI support for zone, record, user, and settings management.
    • CSV Export/Import

Use Cases

SnitchDNS can be used for:

  • A DNS Forwarding Server - Allowing you to monitor all requests via a Web GUI.
  • Red Teams - Implement IP restrictions to block sandboxes, monitor phishing domain resolutions and e-mails, and restrict access to known IP ranges.
  • DNS Tunnel - Log all DNS requests and egress data.
  • Let's Encrypt DNS Challenge, using the API or the CLI interface.
  • Ad-blocking.
  • Canary Tokens.
  • Integrate with SIEM solutions.

For more details on scenarios please see the Use Cases Document

Limitations

  • SnitchDNS currently runs in a single-thread, therefore may not be suitable for environments with hundreds of DNS requests per minute.

Contributing

If you wish to contribute pull requests, feature requests, and bug reports - feel free to raise an issue (especially before you start writing code).

Security

If you identify any security vulnerabilities within SnitchDNS, for the time being please contact me on twitter - @sadreck

Credits

UI

Development

  • Lambros Zannettos | @_C960_ - For his help with writing the Dockerfile.

More Repositories

1

CAPE

Malware Configuration And Payload Extraction
Python
747
star
2

crackerjack

CrackerJack / Hashcat Web Interface / Context Information Security
Python
357
star
3

beemka

Basic Electron Exploitation
Python
201
star
4

RDP-Replay

Replay RDP traffic from PCAP
C
183
star
5

canape

CANAPE Network Testing Tool
Python
183
star
6

django-admin-view-permission

Reusable application which provides a view permission for the existing models.
Python
151
star
7

DLLHSC

DLLHSC - DLL Hijack SCanner a tool to assist with the discovery of suitable candidates for DLL Hijacking
C++
138
star
8

DynamicLabs

Dynamic Labs is an open source tool aimed at red teamers and pentesters for the quick deployment of flexible, transient and cloud-hosted lab environments.
HCL
60
star
9

django-admin-multiple-choice-list-filter

Python
59
star
10

DynamicWrapperEx

x64 Registration-Free In-Process COM Automation Server.
C++
46
star
11

Furby

Python tools for handing Furby Connect DLC files
Python
43
star
12

capemon

CAPE monitor DLLs
C
38
star
13

cbrcli

Command line interface to Carbon Black Response
Python
38
star
14

cvsslib

A library implementing CVSS v2 and v3 scores
Python
31
star
15

pac-leak-demo

PAC HTTPS leak demo from DEF CON 24 'Toxic Proxies' talk
JavaScript
29
star
16

yate-bts

Yate BTS
C
20
star
17

VulnerableXsltConsoleApplication

Vulnerable XSLT Console Application
10
star
18

OpenBanking-BurpExtension

Java
7
star
19

stun-remote-control

Control Motorola/Binatone IP cameras behind NAT
Python
5
star
20

django-inline-admin-extensions

Add pagination to Django inline admin
Python
4
star
21

OpenBanking-MessageSigning

Java
3
star
22

RFTap

Modified RFTap dissector for Wireshark
C
3
star
23

OpenBanking-AuthorisationRedirect

Java
2
star
24

mid-level-interview

Python
1
star
25

blog

Archived posts from www.contextis.com
HTML
1
star
26

webdev-demo

An example of a typical web dev environment built with Docker, Django, Nginx, Redis, and more.
Python
1
star