Path: blob/master/modules/auxiliary/vsploit/malware/dns/dns_query.rb
19758 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary67def initialize8super(9'Name' => 'VSploit DNS Beaconing Emulation',10'Description' => 'This module takes a list of domains and emulates malicious DNS beaconing.',11'Author' => 'MJC',12'License' => MSF_LICENSE,13'Notes' => {14'Stability' => [CRASH_SAFE],15'SideEffects' => [IOC_IN_LOGS],16'Reliability' => []17}18)19register_options(20[21OptString.new('DOMAINS', [ true, 'Separate domains by whitespace']),22OptString.new('DNS_SERVER', [false, 'Specifies a DNS Server']),23OptInt.new('COUNT', [false, 'Number of intervals to loop', 2]),24OptInt.new('DELAY', [false, 'Delay in seconds between intervals', 3])25]26)27end2829def run30@res = Net::DNS::Resolver.new31# @res.retry = 23233if datastore['DNS_SERVER']34@res.nameservers = datastore['DNS_SERVER']35end3637count = 03839while count < datastore['COUNT']4041domain = datastore['DOMAINS'].split(/[\s,]+/)42domain.each do |name|43query = @res.query(name, 'A')44time = Time.new45time = time.strftime('%Y-%m-%d %H:%M:%S')46print_status("#{time} - DNS Query sent for => #{name}")47if query.answer.empty?48print_error("#{time} - #{name} => No Record Found")49else50a = query.answer[0].to_s.split(/[\s,]+/)51print_status("#{time} - #{name} => #{a[-1]}")52end53end54unless count == (datastore['COUNT'] - 1)55time = Time.new56time = time.strftime('%Y-%m-%d %H:%M:%S')57print_status("#{time} - Waiting #{datastore['DELAY']} seconds to beacon")58select(nil, nil, nil, datastore['DELAY'])59end60count += 161end62end63end646566