DNS server for pentesters

• go language
• go dns package
• domain you own

curl https://storage.googleapis.com/golang/go1.9.linux-amd64.tar.gz > go1.9.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.9.linux-amd64.tar.gz

sudo echo -ne "export GOPATH=$HOME/go\nexport PATH=$PATH:/usr/local/go/bin" >> /etc/profile
source /etc/profile

echo $PATH $GOPATH

mkdir -p $HOME/go/src/

If you want to make changes to the code, do this:

cd $HOME/go/src
git clone https://github.com/awgh/madns.git

If you just want to install the binary, do this:

go get github.com/awgh/madns

go get -v github.com/miekg/dns

Change to the desired install directory and: go build github.com/awgh/madns

cp ~/go/src/github.com/awgh/madns/madns-config.example.json ./madns-config.json

Edit the madns-config.json file, according to the following instructions.

"SmtpUser":"[email protected]",
"SmtpPassword":"<password to yourburneremail>",
"SmtpServer":"smtp.gmail.com:587",
"SmtpDelay":30,

The SmtpDelay parameter determines how many seconds madns will batch up alerts into a single email. By default, this is set to 1 minute, so there will be a 1 minute delay before the first email is sent unless the SmtpDelay is set.

Standard DNS port, only change if you know your setup differs.

"Port": 53

This is where you define the domain/subdomain to trigger your email notification.

. is the default DNS handler, if a query doesn't match any other handler it will use this

".": {
        "Redirect": "8.8.8.8:53" // used to forward traffic to another DNS server, REQUIRES IP address AND port
        "NotifyEmail": "" // the email address to notify when this handler is invoked
     },

Now you’ll want to create a subdomain that will trigger when a DNS lookup is performed on it for testing double blind XXE/SQLi/etc. It can be useful to setup an email with a +filterkeyword to make it easier to alert you when you’ve got a successful hit.

"your.triggering.domain": { 
        "Respond": "192.168.1.1",  // used to respond with a fixed IP address, cannot be used with Redirect. (just IP, no port)
        "NotifyEmail": "[email protected]"
        }

So gmail does that whole security thing and won't let madns log in and perform SMTP unless you enable less secure apps. https://www.google.com/settings/security/lesssecureapps

If you're listening to the default port 53 (or anything lower than 1024):

sudo ./madns &

For ports above 1024:

./madns &

Add an subdomain record (an A record) in your DNS management section of your domain to point to the IP address that madns is running on. For example:

Type		Name			Value				TTL
A		<special>		<ip-to-madns-server>		7200
NS		<subdomain>		<special.domain>		7200

Also ensure that incoming/outgoing traffic on port 53 is open and outgoing SMTP traffic is allowed on your box.

Get the nameserver registered for your domain

dig domain -t NS

Use that nameserver to query your subdomain

dig @<nameserver.from.previous.dig> subdomain.domain -t NS

If all is well you should see something like

;; QUESTION SECTION:
;<subdomain.domain.> IN    NS

;; AUTHORITY SECTION:
.<subdomain.domain>. 259200 IN NS   <special.domain.>
;; ADDITIONAL SECTION:
<special.domain.>          3600    IN      A       <ip.of.host.running.madns>

Now test with curl

curl subdomain.subdomain.domain

On the madns server you see notifications to stdout that it hit the Handler and sent an email such as:

2017/09/21 11:24:37 sent email to [email protected]