🔧 DNS Tools & Utilities

🔍 DNS Sniffer Daemon (dnsscience_snifferd)

The most powerful tool in the DNS Science arsenal - Deploy on client networks to monitor real-time DNS traffic, detect threats, and analyze query patterns from any location.

Key Features

• Real-time DNS Monitoring - Capture and analyze ALL DNS queries from your network
• Threat Detection - Automatically identify malicious domains, phishing sites, botnets, and malware
• Blacklisted DNS Server Detection - Alert when queries go to suspicious DNS servers
• Traffic Pattern Analysis - Identify unusual traffic spikes and detect anomalies
• Attack Detection - Real-time detection of DNS-based attacks (cache poisoning, amplification, exfiltration)
• Performance Monitoring - Monitor DNS resolution times and track query success rates
• Multiple Locations - Monitor multiple sites from a single DNS Science account
• Web Dashboard - Beautiful GUI to visualize threats and query patterns

Quick Start

# 1. Clone the repository
git clone https://github.com/dnsscience/dnsscience_snifferd.git
cd dnsscience_snifferd

# 2. Install dependencies
sudo pip3 install -r requirements.txt

# 3. Create monitoring location in DNS Science dashboard
# Log in → DNS Monitoring → Add Location → Save API Key

# 4. Configure
sudo cp config.example.yaml /etc/dnsscience_snifferd/config.yaml
sudo nano /etc/dnsscience_snifferd/config.yaml

# 5. Run (requires root for packet capture)
sudo python3 dnsscience_snifferd.py -c /etc/dnsscience_snifferd/config.yaml
            

Install as Systemd Service

# Copy files
sudo mkdir -p /opt/dnsscience_snifferd
sudo cp dnsscience_snifferd.py /opt/dnsscience_snifferd/
sudo cp requirements.txt /opt/dnsscience_snifferd/

# Install service
sudo cp dnsscience_snifferd.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable dnsscience_snifferd
sudo systemctl start dnsscience_snifferd

# Check status
sudo systemctl status dnsscience_snifferd
            

Use Cases

• Home Network Security - Monitor all DNS queries from IoT devices, smart TVs, and computers
• Office DNS Monitoring - Track employee browsing patterns and detect malware infections
• MSP Deployments - Monitor multiple client networks from a single dashboard
• Threat Hunting - Proactive detection of C2 communication and data exfiltration
• Compliance Monitoring - Log all DNS queries for audit and compliance requirements

---

🛠️ Web-Based Tools

Access these tools directly from your browser - no installation required:

💻 CLI Tools

Command-line tools for automation and integration with your workflows:

dnsscience-cli

Full-featured CLI for DNS Science API

# Install
pip install dnsscience-cli

# Usage
dnsscience-cli scan example.com
dnsscience-cli lookup 8.8.8.8
dnsscience-cli threat-check suspicious-domain.com
dnsscience-cli export --format json --output results.json
            

dnsscience-email

Email security and deliverability testing CLI

# Install
pip install dnsscience-email

# Usage
dnsscience-email check example.com
dnsscience-email spf-validate example.com
dnsscience-email dmarc-check example.com
dnsscience-email mta-sts-test example.com
            

dnsscience_analyze

PCAP Analysis Tool - Offline analysis of DNS traffic from packet captures

# Analyze a PCAP file for threats
python3 dnsscience_analyze.py -c config.yaml capture.pcap

# Features:
# • Parse PCAP files and extract DNS queries
# • Detect malicious domains using DNS Science threat intelligence
# • Identify blacklisted DNS servers
# • Generate comprehensive threat reports with statistics
# • Beautiful terminal output with threat categories and metrics
# • Export results to JSON for further processing

# Example output:
# ┌─────────────────────────────────────────┐
# │  DNS Traffic Analysis Summary           │
# ├─────────────────────────────────────────┤
# │ Total Packets:         10,542           │
# │ DNS Queries:           1,847            │
# │ Unique Domains:        412              │
# │ Malicious Domains:     7                │
# │ Blacklisted Servers:   2                │
# └─────────────────────────────────────────┘

# Perfect for:
# • Forensic analysis of network captures
# • Security incident investigation
# • Historical traffic pattern analysis
# • Batch processing of multiple captures
            

---

🔌 API Integration

REST API for programmatic access to DNS Science data and features:

DNS Monitoring API

Real-time DNS monitoring endpoints - Manage monitoring locations and retrieve threat data

# Location Management
GET  /api/v1/dns-monitoring/locations
POST /api/v1/dns-monitoring/locations
PUT  /api/v1/dns-monitoring/locations/{id}
DELETE /api/v1/dns-monitoring/locations/{id}

# Query Data Ingestion (from dnsscience_snifferd)
POST /api/v1/dns-monitoring/queries

# Threat Retrieval
GET /api/v1/dns-monitoring/threats?location_id={id}
GET /api/v1/dns-monitoring/threats/{id}
PUT /api/v1/dns-monitoring/threats/{id}/resolve

# Statistics
GET /api/v1/dns-monitoring/stats?location_id={id}

# Example: Create a monitoring location
curl -X POST https://www.dnsscience.io/api/v1/dns-monitoring/locations \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "location_name": "Office HQ",
    "description": "Main office network monitoring"
  }'

# Response includes API key for dnsscience_snifferd deployment:
{
  "id": 123,
  "location_name": "Office HQ",
  "api_key": "loc_abc123...",
  "created_at": "2025-11-16T12:00:00Z"
}

# Features:
# • Create unlimited monitoring locations
# • Unique API key per location for security
# • Real-time query ingestion from remote sniffers
# • Threat detection with automatic categorization
# • Query pattern analysis and statistics
# • Historical threat data with resolution tracking
            

📚 Documentation

• API Documentation - RESTful API reference
• CLI Documentation - Command-line tool guides
• Data Ingestion - 20+ data feeds explained
• Platform Architecture - System design and infrastructure

🚀 Get Started

Ready to start using DNS Science tools? Create a free account to access all web tools and get your API key for CLI and daemon deployment.