From 4847e32f04d20f7d0ad19a6f9252e77ecc819133 Mon Sep 17 00:00:00 2001
From: Manuel Vergara <manuel@vergaracarmona.es>
Date: Sun, 28 Jan 2024 23:41:08 +0100
Subject: [PATCH] Add DNS sniffer

---
 python-ofensivo/15_hacking/02_dns_sniffer.py | 81 ++++++++++++++++++++
 python-ofensivo/README.md                    |  1 +
 2 files changed, 82 insertions(+)
 create mode 100644 python-ofensivo/15_hacking/02_dns_sniffer.py

diff --git a/python-ofensivo/15_hacking/02_dns_sniffer.py b/python-ofensivo/15_hacking/02_dns_sniffer.py
new file mode 100644
index 0000000..ab1b6fd
--- /dev/null
+++ b/python-ofensivo/15_hacking/02_dns_sniffer.py
@@ -0,0 +1,81 @@
+# /usr/bin/env python3
+"""
+DNS sniffer
+"""
+
+import argparse
+import signal
+import scapy.all as scapy
+
+
+def def_handler(sig, frame):
+
+    print("\n\n[!] Saliendo del programa...\n")
+    exit(1)
+
+
+signal.signal(signal.SIGINT, def_handler)
+
+
+def get_arguments():
+    """
+    Obtiene los argumentos de la línea de comandos
+    """
+
+    parser = argparse.ArgumentParser(description="DNS sniffer")
+    parser.add_argument(
+        "-i", "--interface",
+        required=True, dest="interface",
+        help="Interfaz de red a utilizar"
+    )
+    args = parser.parse_args()
+
+    return args
+
+
+def process_sniffed_packet(packet):
+    """
+    Procesa el paquete sniffado
+    """
+
+    if packet.haslayer(scapy.DNSQR):
+
+        domain = packet[scapy.DNSQR].qname.decode()
+
+        exclude_keywords = ["bing", "google", "static", "cloud", "yahoo"]
+
+        if domain not in domains_seen and not any(keyword in domain for keyword in exclude_keywords):
+
+            domains_seen.add(domain)
+            print(f"[+] Dominio: {domain}")
+
+
+def sniff(interface):
+    """
+    
+    """
+
+    print("\n[+] Interceptando paquetes de la máquina victima: \n")
+
+    scapy.sniff(
+        iface=interface, filter="udp and port 53",
+        store=False, prn=process_sniffed_packet
+    )
+
+
+def main():
+    """
+    Función principal
+    """
+
+    arguments = get_arguments()
+
+    sniff(arguments.interface)
+
+
+if __name__ == "__main__":
+
+    global domains_seen
+    domains_seen = set()
+
+    main()
diff --git a/python-ofensivo/README.md b/python-ofensivo/README.md
index 765faa6..1198e2b 100644
--- a/python-ofensivo/README.md
+++ b/python-ofensivo/README.md
@@ -28,3 +28,4 @@ Quizá encuentres aquí cosas que no están en el vídeo, o viceversa, son apunt
 | 12. [Escaner de puertos](./12_escaner_puertos/)                      |
 | 13. [Cambiador de MAC](./13_cambiar_mac_address/)                    |
 | 14. [Escaner de red](./14_escaneres_red/)                            |
+| 15. [Hacking](./15_hacking/)                                         |