Sources • Alexa • Zone Transfers • Brute forcing with an actively updated list of the Top 50,000 sub zones • MassResolve • My wife s DNS trafﬁc • Other online resources • You! If you want to submit a DNS log for your company GREAT! ;-) or a ZT, or just want me to update a domain, I accept it all.
Parsing • New NS records go to ZT and Domain brute forcer • New A records go to PTR and Type brute forcer • New PTR records attempt to resolve forward and break down into zones then go to respective parsers • New other records go to Type Brute forcer • Anything older than 6 months get rechecked • MOR PARSERS!! • you see where this is going..... • New input gets checked against DB, new records get ADDED, they don t replace, so historical data will stay with date/time stamps
DNS trafﬁc... • In September of 2011, DNS trafﬁc surpassed my family s TOTAL other bandwidth per month...
How is this different from Shodan? • Results aren t based on open ports • I m not going to monetize it, I m doing it for my use, but since it needs to be available everywhere so I can use it, so can you ;-) • And I ll give you the code to do it yourself if you want to... although...
Why is this useful? • Because now I have one place to get as much data as I can on a target in regards to DNS (including historical) and I never have to touch one of their servers
and here it is... https://www.deepmagic.com/ $record_type remember the (s), I usually have mean stuff on 80 “everything” search is cludgy right now I am not a web coder • Free to use, and always will be (PERIOD) • That means I make no money on it • Logs last for 24 hours • so I can catch issues, then they go to /dev/null • And those will never be released to anyone and long as I can help it, and if that does happen I will just pull it down
Next steps... • Integration with Sho-nuff • Idea? Ways to make it better? • DARPA Security Fast Track?