dnsIntel is a tool for creating custom modules that downloads domains classified as malware or advertising from popular threat intelligence sources, and building a blocklist which can be used by DNS servers such as DNSMASQ or BIND.
The motivation behind dnsIntel was to protect my own network from malvertising and new threats by blocking on the DNS level. I run DNSMASQ in my homelab and needed a way to automatically block new threats, and so dnsIntel was born.
How does it work?
dnsIntel tries to be framework which gives you all the necessary tools in order to write a small script that downloads new domains from any source, and updates your DNS server with new domains to block. The
config.json contains all configuration and sources from which to download from. Everything is stored in a local sqlite database file. dnsIntel will build a blacklist file containing your blocked doamins according to DNSMASQ format.
Scripts/modules can be found in the module folder.
Here are some examples of using dnsIntel.
Usage: dnsintel.py [OPTIONS] COMMAND [ARGS]... dnsIntel downloads and parses a list of domains from popular threat intel sources, then transforms the list into a blacklist which can be used by Dnsmasq and BIND. -== Made by @mjdubell ==- Options: -l, --loglevel [DEBUG] Set loglevel -m, --module TEXT Run specific module --version Show the version and exit. --help Show this message and exit. Commands: reload-blacklist Reload the blacklist with domains in DB restart-dnsmasq Restart the DNSMASQ service run Run the application
(venv) λ ~/Desktop/domain_intel/ python dnsintel.py run [*] Starting dnsIntel... [!] Running Module: DisconnectMe... [!] Running Module: MalwareDomains... [+] dnsIntel Completed
Blacklist file output example
address=/101com.com/192.168.10.4 address=/101order.com/192.168.10.4 address=/123found.com/192.168.10.4 address=/140proof.com/192.168.10.4 address=/180hits.de/192.168.10.4 address=/180searchassistant.com/192.168.10.4
How to run
- Clone the repo
pip install -r requirements.txt
- Control the local sqlite database from terminal.
- Create a web interface to view the collected data and perform CRUD operations.
- Add tests.
Any feedback or ideas are welcome! Want to improve something? Create a pull request!
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request :D