DNSA and DNSA-NG are swiss knife tools for Linux designed to test several DNS security issues.
Version: 0.5DNSA and DNSA-NG are swiss knife tools for Linux designed to test several DNS security issues.
Operating System: Linux
The most important one is a full wifi support using 2 cards:
- The first in monitor mode which capture 802.11 traffic
- The second associated to the AP and injecting DNS forged packets
Host-ap and madwifi drivers are already supported by DNSA-NG.
DNSA was initially thought because of a lack in DNS auditing tools. It uses libnet and libpcap :
"Libnet is a high-level API (toolkit) allowing the application programmer to construct and inject network packets. It provides a portable and simplified interface for low-level network packet shaping, handling and injection. Libnet hides much of the tedium of packet creation from the application programmer such as multiplexing, buffer management, arcane packet header information, byte-ordering, OS-dependent issues, and much more.
Libnet features portable packet creation interfaces at the IP layer and link layer, as well as a host of supplementary and complementary functionality. Using libnet, quick and simple packet assembly applications can be whipped up with little effort. With a bit more time, more complex programs can be written (Traceroute and ping were easily rewritten using libnet and libpcap).
Usage: ./dnsa [ARGS]
DNS Swiss knife tool
- 1 DNS ID spoofing [ Required : -S ]
- D [www.domain.org] Hostname query to fool. Don't use it if every DNS request sniffed has to be spoofed
- S [IP] IP address to send for dns queries
- s [IP] IP address of the host to fool
- i [interface] IP address to send for dns queries
- 2 DNS IDs Sniffing [ Required : -s ]
- s [IP] IP address of the server which makes queries
- w [file] Output file for DNS IDs
- 3 DNS cache poisoning [ Required : -S AND -b AND -a ]
- a [host.domain.org] Hostname to send in the additional record
- b [IP] IP to send in the additional record
- D [www.domain.org] Hostname for query. Use it if you want to fool just on
- S [IP] IP address to send for DNS queries (the normal one)
- s [IP] IP address of the server to fool
- i [interface] IP address to send for DNS queries