Bro script module for detecting malware using domain generation algorithms.
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 3 commits ahead, 5 commits behind sethhall:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README.rst
__load__.bro
g01pack.bro
main.bro
newgoz.bro
utils.bro

README.rst

Domain Generation Algorithm for Bro

Detect domain generation algorithms (DGA) with Bro. The module will regularly generate domains by any implemented algorithms and watch for those domains in DNS queries.

This script only works with Bro 2.1+.

Installation

cd <prefix>/share/bro/site/
git clone git://github.com/sethhall/bro-domain-generation.git
echo "@load bro-domain-generation" >> local.bro

Configuration

There is no particular configuration required.

Output

There is a single notice type generated by this module:

DomainGeneration::Computed_Domain_Detected