DNS Tools & Utilities

🔍 DNS Sniffer Daemon (dnsscience_snifferd)

The most powerful tool in the DNS Science arsenal - Deploy on client networks to monitor real-time DNS traffic, detect threats, and analyze query patterns from any location.

Key Features

Real-time DNS Monitoring - Capture and analyze ALL DNS queries from your network
Threat Detection - Automatically identify malicious domains, phishing sites, botnets, and malware
Blacklisted DNS Server Detection - Alert when queries go to suspicious DNS servers
Traffic Pattern Analysis - Identify unusual traffic spikes and detect anomalies
Attack Detection - Real-time detection of DNS-based attacks (cache poisoning, amplification, exfiltration)
Performance Monitoring - Monitor DNS resolution times and track query success rates
Multiple Locations - Monitor multiple sites from a single DNS Science account
Web Dashboard - Beautiful GUI to visualize threats and query patterns

Quick Start

# 1. Clone the repository
git clone https://github.com/dnsscience/dnsscience_snifferd.git
cd dnsscience_snifferd

# 2. Install dependencies
sudo pip3 install -r requirements.txt

# 3. Create monitoring location in DNS Science dashboard
# Log in → DNS Monitoring → Add Location → Save API Key

# 4. Configure
sudo cp config.example.yaml /etc/dnsscience_snifferd/config.yaml
sudo nano /etc/dnsscience_snifferd/config.yaml

# 5. Run (requires root for packet capture)
sudo python3 dnsscience_snifferd.py -c /etc/dnsscience_snifferd/config.yaml

Install as Systemd Service

# Copy files
sudo mkdir -p /opt/dnsscience_snifferd
sudo cp dnsscience_snifferd.py /opt/dnsscience_snifferd/
sudo cp requirements.txt /opt/dnsscience_snifferd/

# Install service
sudo cp dnsscience_snifferd.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable dnsscience_snifferd
sudo systemctl start dnsscience_snifferd

# Check status
sudo systemctl status dnsscience_snifferd

Use Cases

Home Network Security - Monitor all DNS queries from IoT devices, smart TVs, and computers
Office DNS Monitoring - Track employee browsing patterns and detect malware infections
MSP Deployments - Monitor multiple client networks from a single dashboard
Threat Hunting - Proactive detection of C2 communication and data exfiltration
Compliance Monitoring - Log all DNS queries for audit and compliance requirements

🛠️ Web-Based Tools

Access these tools directly from your browser - no installation required:

🔐 DNSSEC Validator

Web Tool

Validate DNSSEC signatures and verify the chain of trust for any domain.

Launch Tool →

📜 Certificate Chain Resolver

Web Tool

Resolve and validate SSL certificate chains, identify intermediate CA issues.

Launch Tool →

🔄 Certificate Converter

Web Tool

Convert between PEM, DER, PKCS#7, PKCS#12, and JKS certificate formats.

Launch Tool →

✅ Certificate Validator

Web Tool

Comprehensive SSL certificate validation including expiration, revocation, and trust chain.

Launch Tool →

🗝️ JKS Manager

Web Tool

Manage Java KeyStore files - import, export, and convert certificates.

Launch Tool →

🔧 OpenSSL Builder

Web Tool

Generate OpenSSL commands for common certificate and key operations.

Launch Tool →

🔍 DNS Cache Inspector

Web Tool

Inspect DNS cache entries across multiple recursive resolvers worldwide.

Launch Tool →

⚙️ DNS Config Validator

Web Tool

Validate DNS zone files, check for common misconfigurations, and verify records.

Launch Tool →

🚨 Hijacking Detector

Web Tool

Detect DNS hijacking and BGP hijacking attempts for your domains.

Launch Tool →

🔓 Zone Transfer Checker

Web Tool

Test for DNS zone transfer (AXFR) vulnerabilities and misconfigurations.

Launch Tool →

🕸️ Dark Web Lookup

Web Tool

Search for domain mentions in dark web marketplaces and forums.

Launch Tool →

💻 CLI Tools

Command-line tools for automation and integration with your workflows:

🎯 DNSScience Tools (Unified Toolkit)

The complete network engineering & DNS toolkit - All tools in one repository with git submodules.

# Clone with submodules
git clone --recurse-submodules https://github.com/straticus1/dnsscience-tools.git
cd dnsscience-tools

# Install all tools
./install-all.sh --all --venv

# Activate virtual environment
source .venv/bin/activate

# Available tools:
dnsscience-util --help      # Advanced DNS analysis
dnsscience-api-util.py --help  # Complete API CLI
dnsnet --help               # Enterprise DNS/DHCP/IPAM
globaldetect --help         # ISP network engineering
rancid-ng --help            # Network config backup

dnsscience-api-util

Complete CLI access to DNSScience.io & IPScience.io APIs

# Configuration
dnsscience-api-util.py config show
dnsscience-api-util.py login -e your@email.com

# Domain Operations
dnsscience-api-util.py scan example.com --full
dnsscience-api-util.py domain example.com --profile
dnsscience-api-util.py enrich example.com
dnsscience-api-util.py rdap example.com

# IP Operations
dnsscience-api-util.py ip 8.8.8.8 --profile
dnsscience-api-util.py geoip 1.1.1.1
dnsscience-api-util.py asn 15169 --prefixes

# DNS Tools
dnsscience-api-util.py propagation example.com -t MX
dnsscience-api-util.py dnssec example.com
dnsscience-api-util.py cert-chain example.com

# Output formats
dnsscience-api-util.py ip 8.8.8.8 --json      # JSON output
dnsscience-api-util.py ip 8.8.8.8 --pretty    # Pretty JSON

dnsscience-util

The world's most advanced DNS analysis tool - Combines dig + ldns + security analysis

# Basic queries
./dnsscience-util.py example.com
./dnsscience-util.py example.com MX @8.8.8.8

# DNSSEC validation
./dnsscience-util.py example.com +dnssec
./dnsscience-util.py --validate example.com

# Global resolver testing (258+ resolvers)
./dnsscience-util.py --global-test example.com

# Security analysis
./dnsscience-util.py --security-analyze example.com

# DNS over HTTPS/TLS
./dnsscience-util.py --doh https://cloudflare-dns.com/dns-query example.com

# DNSScience.io API integration
./dnsscience-util.py --api-scan example.com
./dnsscience-util.py --enrich example.com
./dnsscience-util.py --web3 vitalik.eth

DNSNet

Enterprise DNS/DHCP/IPAM Management - Multi-platform support with compliance

# Configure
dnsnet config init

# Infoblox management
dnsnet infoblox dns zones list
dnsnet infoblox dns records create example.com www A 192.168.1.1

# Cloud DNS (Route53, Cloudflare, Azure, GCP)
dnsnet route53 zones list
dnsnet cloudflare dns records list

# Infrastructure as Code
dnsnet iac import ./terraform/dns --to-db
dnsnet iac export --from-db --format terraform

# Visual traceroute
dnsnet trace run google.com --style table

# Jenkins CI/CD integration
dnsnet jenkins jobs list
dnsnet jenkins pipeline generate --provider route53

GlobalDetect (GlobalConnect)

ISP Network Engineering Utilities - IP, BGP, DNS, RBL, and more

# IP tools
globaldetect ip info 8.8.8.8 --geoip
globaldetect ip calc 10.0.0.0/24
globaldetect ip bogon 192.168.1.1

# BGP analysis
globaldetect bgp asinfo 15169
globaldetect bgp prefixes 15169
globaldetect bgp peers 15169

# Network diagnostics
globaldetect diag traceroute google.com --geoip
globaldetect diag ping 8.8.8.8 -c 10
globaldetect diag port 8.8.8.8 443

# RBL/Blacklist check (50+ providers)
globaldetect rbl check 1.2.3.4

# Network inventory
globaldetect catalog discover 192.168.1.0/24 --save
globaldetect system list --type server

# Have I Been Pwned
globaldetect hibp email user@example.com

# Data center lookup
globaldetect facility search "Equinix"

RANCID-NG

Network Config Backup & Change Tracking - Modern Python rewrite

# Initialize
rancid-ng init --group production

# Run collection
rancid-ng run --group production

# Interactive login scripts
clogin router.example.com     # Cisco IOS
jlogin switch.example.com     # Juniper
panlogin fw.example.com       # Palo Alto
fnlogin fw.example.com        # Fortinet

# View changes
rancid-ng diff --device router1

# Supported: Cisco, Juniper, Arista, Palo Alto, F5, Fortinet,
#            Nokia, Cisco IronPort, BlueCat, Infoblox, and more

dnsscience-cli

Legacy CLI for DNS Science API

# Install
pip install dnsscience-cli

# Usage
dnsscience-cli scan example.com
dnsscience-cli lookup 8.8.8.8
dnsscience-cli threat-check suspicious-domain.com
dnsscience-cli export --format json --output results.json

dnsscience-email

Email security and deliverability testing CLI

# Install
pip install dnsscience-email

# Usage
dnsscience-email check example.com
dnsscience-email spf-validate example.com
dnsscience-email dmarc-check example.com
dnsscience-email mta-sts-test example.com

dnsscience_analyze

PCAP Analysis Tool - Offline analysis of DNS traffic from packet captures

# Analyze a PCAP file for threats
python3 dnsscience_analyze.py -c config.yaml capture.pcap

# Features:
# • Parse PCAP files and extract DNS queries
# • Detect malicious domains using DNS Science threat intelligence
# • Identify blacklisted DNS servers
# • Generate comprehensive threat reports with statistics
# • Beautiful terminal output with threat categories and metrics
# • Export results to JSON for further processing

# Example output:
# ┌─────────────────────────────────────────┐
# │  DNS Traffic Analysis Summary           │
# ├─────────────────────────────────────────┤
# │ Total Packets:         10,542           │
# │ DNS Queries:           1,847            │
# │ Unique Domains:        412              │
# │ Malicious Domains:     7                │
# │ Blacklisted Servers:   2                │
# └─────────────────────────────────────────┘

# Perfect for:
# • Forensic analysis of network captures
# • Security incident investigation
# • Historical traffic pattern analysis
# • Batch processing of multiple captures

🔌 API Integration

REST API for programmatic access to DNS Science data and features:

DNS Monitoring API

Real-time DNS monitoring endpoints - Manage monitoring locations and retrieve threat data

# Location Management
GET  /api/v1/dns-monitoring/locations
POST /api/v1/dns-monitoring/locations
PUT  /api/v1/dns-monitoring/locations/{id}
DELETE /api/v1/dns-monitoring/locations/{id}

# Query Data Ingestion (from dnsscience_snifferd)
POST /api/v1/dns-monitoring/queries

# Threat Retrieval
GET /api/v1/dns-monitoring/threats?location_id={id}
GET /api/v1/dns-monitoring/threats/{id}
PUT /api/v1/dns-monitoring/threats/{id}/resolve

# Statistics
GET /api/v1/dns-monitoring/stats?location_id={id}

# Example: Create a monitoring location
curl -X POST https://www.dnsscience.io/api/v1/dns-monitoring/locations \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "location_name": "Office HQ",
    "description": "Main office network monitoring"
  }'

# Response includes API key for dnsscience_snifferd deployment:
{
  "id": 123,
  "location_name": "Office HQ",
  "api_key": "loc_abc123...",
  "created_at": "2025-11-16T12:00:00Z"
}

# Features:
# • Create unlimited monitoring locations
# • Unique API key per location for security
# • Real-time query ingestion from remote sniffers
# • Threat detection with automatic categorization
# • Query pattern analysis and statistics
# • Historical threat data with resolution tracking

📚 Documentation

API Documentation - RESTful API reference
CLI Documentation - Command-line tool guides
Data Ingestion - 20+ data feeds explained
Platform Architecture - System design and infrastructure

🚀 Get Started

Ready to start using DNS Science tools? Create a free account to access all web tools and get your API key for CLI and daemon deployment.