Nmap Development mailing list archives
Re: DNS cache snooping script
From: David Fifield <david () bamsoftware com>
Date: Fri, 11 Jun 2010 20:28:48 -0600
On Sat, May 15, 2010 at 08:42:24AM -0600, David Fifield wrote:
On Sat, May 15, 2010 at 07:42:03AM -0600, Eugene Alexeev wrote:David, I agree with you. I'm also thinking of including the option of reading the site list over HTTP. It would be limited to consuming one line at a time, but would let the user leverage sites like the zeus tracker. How do you want to go about creating the site list to be distributed with the script?Let's start with the top 50 sites from http://s3.amazonaws.com/alexa-static/top-1m.csv.zip. That will already get most of the important social sites. Then add in other sites that you think are relevant, with comments explaining why they are. Keep these separated in the source file so they can be managed. There are a few other changes I want you to make. Accept qualified synonyms for the script arguments, like dns-cache-snoop.snoop_mode. Think of a name for the default non-timed mode and make that a possible value of snoop_mode. For the host list, I would like to see arguments dns-cache-snoop.hosts with a literal list of hostnames, and dns-cache-snoop.hostfile with the name of a file containing hostnames. I don't see people using the snoop_multiplier, so I think you should take it out. If you wish, you can replace it with a confidence argument that takes a number like 0.95 and automatically calculates the multiplier for you. (What is the confidence level of the default multiplier of 1.0?) Factor out the timed and non-timed modes of operation into separate functions instead of a big if/else in the action. Remove the "-->" from the output.
I have committed your script, after reworking it to do the things I asked in the paragraph above. (Except the script argument for reading a list of domains from a file, which someone can add if they want.) I used the top 50 Alexa sites from today, which grow to 100 when they have "www." added. I think we can do much better than that for a default domain list, so I ask people who have ideas for interesting sites to submit them here with a rationale of why they should be included. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- DNS cache snooping script Eugene Alexeev (Apr 12)
- Re: DNS cache snooping script Ron (Apr 12)
- Re: DNS cache snooping script Eugene Alexeev (Apr 12)
- Re: DNS cache snooping script Ron (Apr 12)
- Re: DNS cache snooping script Eugene Alexeev (Apr 12)
- Re: DNS cache snooping script David Fifield (May 14)
- Re: DNS cache snooping script Eugene Alexeev (May 15)
- Re: DNS cache snooping script David Fifield (May 15)
- Re: DNS cache snooping script David Fifield (Jun 11)
- Re: DNS cache snooping script Martin Holst Swende (Jun 12)
- Re: DNS cache snooping script David Fifield (Jun 12)
- Re: DNS cache snooping script Eugene Alexeev (Apr 12)
- Re: DNS cache snooping script Ron (Apr 12)
- Re: DNS cache snooping script Eugene Alexeev (Apr 12)