ronin-listener-dns is a DNS server for receiving exfiltrated data sent via DNS queries. ronin-listener-dns can be used to test for XML external entity (XXE) injection.
- Supports receiving any DNS query for a given domain.
- Always returns with
NXDOMAIN
to prevent DNS caching.
require 'ronin/listener/dns'
Ronin::Listener::DNS.listen('example.com', host: '127.0.0.1', port: 5553) do |query|
puts "Received query for #{query.type} #{query.label} from #{query.source}"
end
Then try running host -p 5553 s3cr3t.example.com 127.0.0.1
to test the server.
Received query for A s3cr3t.example.com from 127.0.0.1:59042
Note: if you wish to run the server on 0.0.0.0
and port 53
, the ruby
script must be ran as root
.
$ gem install ronin-listener-dns
gem 'ronin-listener-dns', '~> 0.1'
gem.add_dependency 'ronin-listener-dns', '~> 0.1'
- Fork It!
- Clone It!
cd ronin-listener-dns/
bundle install
git checkout -b my_feature
- Code It!
bundle exec rake spec
git push origin my_feature
Copyright (c) 2023-2024 Hal Brodigan ([email protected])
ronin-listener-dns is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
ronin-listener-dns is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with ronin-listener-dns. If not, see https://www.gnu.org/licenses/.