From 4847e32f04d20f7d0ad19a6f9252e77ecc819133 Mon Sep 17 00:00:00 2001 From: Manuel Vergara Date: Sun, 28 Jan 2024 23:41:08 +0100 Subject: [PATCH] Add DNS sniffer --- python-ofensivo/15_hacking/02_dns_sniffer.py | 81 ++++++++++++++++++++ python-ofensivo/README.md | 1 + 2 files changed, 82 insertions(+) create mode 100644 python-ofensivo/15_hacking/02_dns_sniffer.py diff --git a/python-ofensivo/15_hacking/02_dns_sniffer.py b/python-ofensivo/15_hacking/02_dns_sniffer.py new file mode 100644 index 0000000..ab1b6fd --- /dev/null +++ b/python-ofensivo/15_hacking/02_dns_sniffer.py @@ -0,0 +1,81 @@ +# /usr/bin/env python3 +""" +DNS sniffer +""" + +import argparse +import signal +import scapy.all as scapy + + +def def_handler(sig, frame): + + print("\n\n[!] Saliendo del programa...\n") + exit(1) + + +signal.signal(signal.SIGINT, def_handler) + + +def get_arguments(): + """ + Obtiene los argumentos de la línea de comandos + """ + + parser = argparse.ArgumentParser(description="DNS sniffer") + parser.add_argument( + "-i", "--interface", + required=True, dest="interface", + help="Interfaz de red a utilizar" + ) + args = parser.parse_args() + + return args + + +def process_sniffed_packet(packet): + """ + Procesa el paquete sniffado + """ + + if packet.haslayer(scapy.DNSQR): + + domain = packet[scapy.DNSQR].qname.decode() + + exclude_keywords = ["bing", "google", "static", "cloud", "yahoo"] + + if domain not in domains_seen and not any(keyword in domain for keyword in exclude_keywords): + + domains_seen.add(domain) + print(f"[+] Dominio: {domain}") + + +def sniff(interface): + """ + + """ + + print("\n[+] Interceptando paquetes de la máquina victima: \n") + + scapy.sniff( + iface=interface, filter="udp and port 53", + store=False, prn=process_sniffed_packet + ) + + +def main(): + """ + Función principal + """ + + arguments = get_arguments() + + sniff(arguments.interface) + + +if __name__ == "__main__": + + global domains_seen + domains_seen = set() + + main() diff --git a/python-ofensivo/README.md b/python-ofensivo/README.md index 765faa6..1198e2b 100644 --- a/python-ofensivo/README.md +++ b/python-ofensivo/README.md @@ -28,3 +28,4 @@ Quizá encuentres aquí cosas que no están en el vídeo, o viceversa, son apunt | 12. [Escaner de puertos](./12_escaner_puertos/) | | 13. [Cambiador de MAC](./13_cambiar_mac_address/) | | 14. [Escaner de red](./14_escaneres_red/) | +| 15. [Hacking](./15_hacking/) |