17. Problems:
Very small percentage of companies OWN IP space
You rarely get Internal IP space from OSINT
Getting more rare to see companies host their own EMAIL
gateway
26. Bash + Dig = 1 request per second (.5 msec + proc time)
NMAP w/ just DNS resolution = 2 seconds per /24
IF everyone’s servers were as fast as
Google’s
33. a bunch of text files...
40 GBs of text files
Most commands don’t like receiving 30,000+ text files in
STDIN
I broke grep...
xargs -I mutex FTW
668,246,000 - Initial DB load
75. Sources
• Alexa
• Zone Transfers
• Brute forcing with an actively updated list of the Top 50,000
sub zones
• MassResolve
• My wife s DNS traffic
• Other online resources
• You! If you want to submit a DNS log for your company
GREAT! ;-) or a ZT, or just want me to update a domain, I
accept it all.
78. Parsing
• New NS records go to ZT and Domain brute forcer
• New A records go to PTR and Type brute forcer
• New PTR records attempt to resolve forward and break down into zones then
go to respective parsers
• New other records go to Type Brute forcer
• Anything older than 6 months get rechecked
• MOR PARSERS!!
• you see where this is going.....
• New input gets checked against DB, new records get ADDED, they don t
replace, so historical data will stay with date/time stamps
79. DNS traffic...
• In September of 2011, DNS traffic
surpassed my family s TOTAL other
bandwidth per month...
80. How is this different
from Shodan?
• Results aren t based on open ports
• I m not going to monetize it, I m doing it
for my use, but since it needs to be
available everywhere so I can use it, so can
you ;-)
• And I ll give you the code to do it yourself
if you want to... although...
82. Why is this useful?
• Because now I have one place to get as
much data as I can on a target in regards to
DNS (including historical) and I never have
to touch one of their servers
83. and here it is...
https://www.deepmagic.com/
$record_type
remember the (s), I usually have mean stuff on 80
“everything” search is cludgy right now
I am not a web coder
• Free to use, and always will be (PERIOD)
• That means I make no money on it
• Logs last for 24 hours
• so I can catch issues, then they go to /dev/null
• And those will never be released to anyone and long as I
can help it, and if that does happen I will just pull it down