Re: DNS cache snooping script

[David Fifield <david () bamsoftware com>]

On Sat, May 15, 2010 at 07:42:03AM -0600, Eugene Alexeev wrote:
> David,
>
> I agree with you.  I'm also thinking of including the option of reading the
> site list over HTTP.  It would be limited to consuming one line at a time,
> but would let the user leverage sites like the zeus tracker.  How do you
> want to go about creating the site list to be distributed with the script?

Let's start with the top 50 sites from
http://s3.amazonaws.com/alexa-static/top-1m.csv.zip. That will already
get most of the important social sites. Then add in other sites that you
think are relevant, with comments explaining why they are. Keep these
separated in the source file so they can be managed.

There are a few other changes I want you to make. Accept qualified
synonyms for the script arguments, like dns-cache-snoop.snoop_mode.
Think of a name for the default non-timed mode and make that a possible
value of snoop_mode. For the host list, I would like to see arguments
dns-cache-snoop.hosts with a literal list of hostnames, and
dns-cache-snoop.hostfile with the name of a file containing hostnames.
I don't see people using the snoop_multiplier, so I think you should
take it out. If you wish, you can replace it with a confidence argument
that takes a number like 0.95 and automatically calculates the
multiplier for you. (What is the confidence level of the default
multiplier of 1.0?) Factor out the timed and non-timed modes of
operation into separate functions instead of a big if/else in the
action. Remove the "-->" from the output.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/