Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/vsploit/malware/dns/dns_query.rb
Views: 11766
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary67def initialize8super(9'Name' => 'VSploit DNS Beaconing Emulation',10'Description' => 'This module takes a list and emulates malicious DNS beaconing.',11'Author' => 'MJC',12'License' => MSF_LICENSE13)14register_options(15[16OptString.new('DOMAINS', [ true, "Separate Domains by whitespace"]),17OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]),18OptInt.new('COUNT', [false, "Number of intervals to loop",2]),19OptInt.new('DELAY', [false, "Delay in seconds between intervals",3])20])21end2223def run24@res = Net::DNS::Resolver.new()25#@res.retry = 22627if datastore['DNS_SERVER']28@res.nameservers = datastore['DNS_SERVER']29end3031count = 03233while count < datastore['COUNT']3435domain = datastore['DOMAINS'].split(/[\s,]+/)36domain.each do |name|37query = @res.query(name, "A")38time = Time.new39time = time.strftime("%Y-%m-%d %H:%M:%S")40print_status("#{time} - DNS Query sent for => #{name}")41if query.answer.length == 042print_error("#{time} - #{name} => No Record Found")43else44a = query.answer[0].to_s.split(/[\s,]+/)45print_status("#{time} - #{name} => #{a[-1]}")46end47end48unless count == (datastore['COUNT'] - 1)49time = Time.new50time = time.strftime("%Y-%m-%d %H:%M:%S")51print_status("#{time} - Waiting #{datastore['DELAY']} seconds to beacon")52select(nil, nil, nil, datastore['DELAY'])53end54count += 155end56end57end585960