Skip to content

gviz/revDNS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

internal

internal

 
 

Dockerfile

Dockerfile

 
 

Gopkg.lock

Gopkg.lock

 
 

Gopkg.toml

Gopkg.toml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

http.go

http.go

 
 

main.go

main.go

 
 

main_test.go

main_test.go

 
 

revDns.go

revDns.go

 
 

revJson.go

revJson.go

 
 

revdns.yaml

revdns.yaml

 
 

stream.go

stream.go

 
 

Repository files navigation

revDNS

revDNS is a passive host information collector written for NSM platforms ingesting data from Bro IDS.

revDNS builds a passive database of reverse DNS information from DNS, SSL and HTTP metadata ingested from bro logs.
It currently supports ingesting data from Kafka and provides a REST interface to lookup information using IP.

Install

go get github.com/gviz/revDNS/...

Configuration

revDNS reads its configuraiton from revdns.yaml.

> api:
>>  port: 9090
>
>input: 
>>    type: "kafka"  
>>    host: "localhost:9092"  
>>    topic: "bro-raw"  
>>    stream_dns:  "dns"  
>>    stream_ssl:  "ssl"  
>>    stream_http: "http"

Usage

> go run github.com/gviz/revDNS/revDNS.go

Reverse DNS Query

> curl http://localhost:9090/revdns/api/v1/ip/<IP Address>

License

The contents of this repository are covered under the GPL V3 License.

About

revDNS

Topics

bro reverse-dns threat-intelligence

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages