{"id":13762752,"url":"https://github.com/allyomalley/dnsobserver","last_synced_at":"2026-01-17T14:19:39.458Z","repository":{"id":45500828,"uuid":"266175173","full_name":"allyomalley/dnsobserver","owner":"allyomalley","description":"A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack.","archived":false,"fork":false,"pushed_at":"2020-09-06T22:16:13.000Z","size":84,"stargazers_count":188,"open_issues_count":1,"forks_count":30,"subscribers_count":13,"default_branch":"master","last_synced_at":"2024-11-16T21:33:09.383Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.allysonomalley.com/2020/05/22/dnsobserver/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/allyomalley.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-22T17:59:08.000Z","updated_at":"2024-11-09T10:39:12.000Z","dependencies_parsed_at":"2022-07-15T06:46:59.912Z","dependency_job_id":null,"html_url":"https://github.com/allyomalley/dnsobserver","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allyomalley%2Fdnsobserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allyomalley%2Fdnsobserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allyomalley%2Fdnsobserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allyomalley%2Fdnsobserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/allyomalley","download_url":"https://codeload.github.com/allyomalley/dnsobserver/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253436583,"owners_count":21908362,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T14:00:56.855Z","updated_at":"2026-01-17T14:19:39.452Z","avatar_url":"https://github.com/allyomalley.png","language":"Go","readme":"# DNSObserver\n\nA handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends notifications with the received request's details via Slack. DNSObserver can help you find bugs such as blind OS command injection, blind SQLi, blind XXE, and many more!\n\n![ScreenShot](https://raw.githubusercontent.com/allyomalley/dnsobserver/master/notification.png)\n\nFor a more detailed overview and setup instructions, see:\n\nhttps://www.allysonomalley.com/2020/05/22/dnsobserver/\n\n\n## Setup\n\nWhat you'll need:\n\n* Your own registered domain name\n* A Virtual Private Server (VPS) to run the script on (I'm using Ubuntu - I have not tested this tool on other systems)\n* *[Optional]* Your own Slack workspace and a webhook\n\n### Domain and DNS Configuration\n\nIf you don't already have a VPS ready to use, create a new Linux VPS with your preferred provider. Note down its public IP address.\n\nRegister a new domain name with your preferred registrar - any registrar should be fine as long as they allow setting custom name servers and glue records.\n\nGo into your new domain's DNS settings and find the 'glue record' section. Add two entries here, one for each new name server, and supply both with the public IP address of your VPS.\n\nNext, change the default name servers to:\n\n```\nns1.\u003cYOUR-DOMAIN\u003e\nns2.\u003cYOUR-DOMAIN\u003e\n```\n\n### Server Setup\n\nSSH into your VPS, and perform these steps:\n\n* Install Go if you don't have it already. Installation instructions can be found [here](https://golang.org/doc/install)\n* Make sure that the default DNS ports are open - 53/UDP and 53/TCP. Run:\n\t\n\t```\n\tsudo ufw allow 53/udp\n\tsudo ufw allow 53/tcp\n\t```\n\n* Get DNSObserver and its dependencies:\n\t\n\t```\n\tgo get github.com/allyomalley/dnsobserver/...\n\t```\n\n\n### DNSObserver Configuration\n\nThere are two required arguments, and two optional arguments:\n\n\u003chr /\u003e\n\n**domain** ***[REQUIRED]***  \nYour new domain name.\n\n**ip** ***[REQUIRED]***  \nYour VPS' public IP address.\n\n**webhook** *[Optional]*  \nIf you want to receive notifications, supply your Slack webhook URL. You'll be notified of any lookups of your domain name, or for any subdomains of your domain (I've excluded notifications for queries for any other apex domains and for your custom name servers to avoid excessive or random notifications). If you do not supply a webhook, interactions will be logged to standard output instead. Webhook setup instructions can be found [here](https://api.slack.com/messaging/webhooks).\n\n**recordsFile** *[Optional]*  \nBy default, DNSObserver will only respond with an answer to queries for your domain name, or either of its name servers. For any other host, it will still notify you of the interaction (as long as it's your domain or a subdomain), but will send back an empty response. If you want DNSObserver to answer to A lookups for certain hosts with an address, you can either edit the config.yml file included in this project, or create your own based on this template:\n\n```\na_records:\n  - hostname: \"\"\n    ip: \"\"\n  - hostname: \"\"\n    ip: \"\"\n```\n \nCurrently, the tool only uses A records - in the future I may add in CNAME, AAAA, etc). Here is an example of a complete custom records file:\n\n```\na_records:\n  - hostname: \"google.com\"\n    ip: \"1.2.3.4\"\n  - hostname: \"github.com\"\n    ip: \"5.6.7.8\"\n```\n\nThese settings mean that I want to respond to queries for 'google.com' with '1.2.3.4', and queries for 'github.com' with '5.6.7.8'.\n\n\u003chr /\u003e\n\n## Usage\n\nNow, we are ready to start listening! If you want to be able to do other work on your VPS while DNSObserver runs, start up a new tmux session first. \n\nFor the standard setup, pass in the required arguments and your webhook:\n\n```\ndnsobserver --domain example.com --ip 11.22.33.44 --webhook https://hooks.slack.com/services/XXX/XXX/XXX\n```\n\nTo achieve the above, but also include some custom A lookup responses, add the argument for your records file:\n```\ndnsobserver --domain example.com --ip 11.22.33.44 --webhook https://hooks.slack.com/services/XXX/XXX/XXX --recordsFile my_records.yml\n```\n\nAssuming you've set everything up correctly, DNSObserver should now be running. To confirm it's working, open up a terminal on your desktop and perform a lookup of your new domain ('example.com' in this demo):\n\n```\ndig example.com\n```\n\nYou should now receive a Slack notification with the details of the request!\n","funding_links":[],"categories":["Weapons","Go","DNS"],"sub_categories":["Tools","Purple Team"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fallyomalley%2Fdnsobserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fallyomalley%2Fdnsobserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fallyomalley%2Fdnsobserver/lists"}