SnatchDNS – Database Driven DNS Server With Web UI

SnatchDNS
SnatchDNS

SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services.

Twisted is an event-based framework for internet applications, supporting Python 3.6+. It includes modules for many different purposes.

One of its main features is the logging of all DNS queries allowing the discovery of network traffic endpoints, and it can also be used to implement canary tokens as it supports notifications via e-mail, web push, Slack, and Teams. Red teamers can also use SnitchDNS to monitor phishing domains for sandboxes, integrate with SIEM solutions, restrict responses to specific IP ranges, egress data via a DNS tunnel and catch-all domains, and more.

SnitchDNS ip-restrictions
SnitchDNS ip-restrictions

Basic Features

  • Database Driven.
    Changes are reflected immediately on each DNS request.
    Supported DBMS:
    SQLite
    MySQL / MariaDB
    Postgres
  • DNS Server
    Support for common DNS Records.
    A, AAAA, AFSDB, CNAME, DNAME, HINFO, MX, NAPTR, NS, PTR, RP, SOA, SPF, SRV, SSHFP, TSIG, TXT.
    Catch-All Domains.
    Ability to match any subdomain (no matter the depth) to a specific parent domain, for instance *.hello.example.com.
    Unmatched Record Forwarding.
    Functionality to intercept specific queries (ie only A and CNAME) and forward all other records to a third-party DNS server (ie Google).
    Tags and Aliases.
  • IP Rules
    Configure Allow/Block rules per domain.
  • Notifications. Receive a notification when a domain is resolved, via:
    E-mail
    Web Push
    Slack
    Microsoft Teams
  • User Management
    Multi-User support
    Each user is given their own subdomain to use.
    LDAP Support
    Two Factor Authentication
    Password Complexity Management
  • Logging
    All DNS queries are logged, whether they have been matched or not.
    CSV Logging for SIEM integration.
  • Swagger 2.0 API
  • Deployment
    Ansible scripts for Ubuntu 18.04 / 20.04
    Docker
    CLI support for zone, record, user, and settings management.
    CSV Export/Import

SnitchDNS settings

Use Cases

SnitchDNS can be used for:

  • A DNS Forwarding Server – Allowing you to monitor all requests via a Web GUI.
  • Red Teams – Implement IP restrictions to block sandboxes, monitor phishing domain resolutions and e-mails, and restrict access to known IP ranges.
  • DNS Tunnel – Log all DNS requests and egress data.
  • Let’s Encrypt DNS Challenge, using the API or the CLI interface.
  • Ad-blocking.
  • Integrate with SIEM solutions.

Installation

Please make sure you install using git rather than by downloading the repo manually.

Python

Python 3.6+ is required for SnitchDNS to work.

SnitchDNS domains

Packages

Install the following required packages:

sudo apt install git python3-pip python3-venv libpq-dev.
libpq-dev is required by the psycopg2 requirement for Postgres support (to be built while installing requirements.txt).

SnitchDNS Documentation

Limitations

Caching has not been implemented, which means this isn’t suitable for environments with hundreds of DNS requests per minute.

Download SnitchDNS

Also See – Batea- To Find Large Network Devices Using Machine Learning

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

Total
9
Shares
Related Posts