Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Scripts to detect Fast-Flux and DGA using DNS query responses
Python
branch: master
Failed to load latest commit information.
FFanalyse.py Extra commenting
Geolocate.py Prettify Output
README.md Updated dependencies
TrainURLAnalysis.py Extra commenting
URLAnalysis.py Extra commenting
output_b.dgt trained data files
output_m.dgt trained data files
utmLL.py Initial Commit

README.md

DNS Analysis Scripts

A collection of scripts used to detect Fast-Flux domains and DGA domains.

Based on research conducted for MSc thesis, related research papers are available from the following locations:

Basic Usage

To analyse a single domain: python FFAnalyse.py -d exampledomain.com

To analyse multple domains: cat domains.txt | xargs -I {} python FFAnalyse.py -d {}

The URLAnalyse and Geolocate scripts can also be used in isolation, please see the documentation for each of these for usage info.

Dependencies These can all be installed with a simple easy_install

  • pygeoip
  • mgrs
  • dnspython
  • pytz

Note about MaxMind Databases: For Geographic analysis you require the MaxMind databases. These are not included here, please get these from MaxMind.

  • GeoIPCity.dat
  • GeoIPASNum.dat
  • GeoLiteCity.dat
Something went wrong with that request. Please try again.