Re: DNS cache snooping script

[Martin Holst Swende <martin () swende se>]

----- Ursprungsmeddelande -----
> On Sat, May 15, 2010 at 08:42:24AM -0600, David Fifield wrote:
> > On Sat, May 15, 2010 at 07:42:03AM -0600, Eugene Alexeev wrote:
> > > David,
> > >
> > > I agree with you.   I'm also thinking of including the option of
> > > reading the site list over HTTP.   It would be limited to consuming
> > > one line at a time, but would let the user leverage sites like the
> > > zeus tracker.   How do you want to go about creating the site list to
> > > be distributed with the script?
> >
> > Let's start with the top 50 sites from
> > http://s3.amazonaws.com/alexa-static/top-1m.csv.zip. That will already
> > get most of the important social sites. Then add in other sites that
> > you think are relevant, with comments explaining why they are. Keep
> > these separated in the source file so they can be managed.
> >
> > There are a few other changes I want you to make. Accept qualified
> > synonyms for the script arguments, like dns-cache-snoop.snoop_mode.
> > Think of a name for the default non-timed mode and make that a possible
> > value of snoop_mode. For the host list, I would like to see arguments
> > dns-cache-snoop.hosts with a literal list of hostnames, and
> > dns-cache-snoop.hostfile with the name of a file containing hostnames.
> > I don't see people using the snoop_multiplier, so I think you should
> > take it out. If you wish, you can replace it with a confidence argument
> > that takes a number like 0.95 and automatically calculates the
> > multiplier for you. (What is the confidence level of the default
> > multiplier of 1.0?) Factor out the timed and non-timed modes of
> > operation into separate functions instead of a big if/else in the
> > action. Remove the "-->" from the output.
>
> I have committed your script, after reworking it to do the things I
> asked in the paragraph above. (Except the script argument for reading a
> list of domains from a file, which someone can add if they want.) I used
> the top 50 Alexa sites from today, which grow to 100 when they have
> "www." added. I think we can do much better than that for a default
> domain list, so I ask people who have ideas for interesting sites to
> submit them here with a rationale of why they should be included.
>
> David Fifield

How about update sites, like windowsupdate and different linux repositories? That could perhaps be interesting..
/Martin
--
Sent from my n900

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/