Optimized DNS and HTTP Log Tool for pentesters

Stella Sebastian
Posted by Stella Sebastian April 9, 2022

superior_hosting_service

DNS

eyes.sh 1.0.1

eyes.sh is a DNS Log / HTTP Log detection tool used to assist security testing and missed scan tools.

It is optimized based on BugScan DNSLog

https://github.com/bugscanteam/dnslog/

Visit

http://eyes.sh/login
  • demo account demodemo@pass, please note that the account deletion function is invalid
  • You can also choose from the login page创建随机ID并登录

Chang Log

  • 2022-04-06: Registered username, restricted to alphanumeric only

background

  • Company internal scanners generate millions of DNS Log interface calls per day
  • For some reasons, the DNSLog service is deployed in a low-profile overseas VPS, which creates a bottleneck for the scanning system

Enhanced functionality

  • More friendly paging, delete, view specified IP, add search function, increase display IP location, display Request Headers, capture Request Body
  • Support automatic refresh of monitoring new records (can be filtered by keywords, focus on specific targets or specific vulnerabilities)
  • Support DNS rebinding
  • Interface optimization, increase support for Group DNS query, reduce the number of interface calls of the scanner
    • For example, the scanner starts (主机名+任务ID)with DNS prefix, delivers all payloads, and at the end of the task, checks whether any vulnerabilities are triggered by a single query
  • The TTL of the API interface domain name is 0, which leads to too many meaningless queries. Corrected to 1200
    • Turns out each API request will generate an additional DNS query
  • Added registration, one-click random domain name generation, simple management switch, simple login lock, etc.
  • Database optimization, MySQL is used in the backend, indexes are added, and the query performance is better with millions of records

Install and deploy

git clone https://github.com/lijiejie/eyes.sh

Domain name and public IP

Take deploying a eyes.shwebsite as an example. When deploying the service, temporarily, two domain names need to be used (one of them only needs to add 2 A records as eyes.shthe NS record value of )

Because the eyes.shparsing has not yet taken effect, you cannot use ns.eyes.shit as eyes.shthe NS record for the time being, but you can change it after the service configuration takes effect.

  • Set the eyes.shNS record as eyes_dns1.lijiejie.com, then eyes_dns1.lijiejie.compoint to your server IP
eyes.sh nameserver = eyes_dns1.lijiejie.com
eyes.sh nameserver = eyes_dns2.lijiejie.com

Django project

Python 3.8 + Django 4.0 , refer to the command list in the deploy.shdocumentation for deployment, MySQL installation requires interaction

  • Please pay attention to time zone settings and MySQL encoding settings for overseas VPS

In the \dnslog\settings.pyfile , configure the service domain name, close the DEBUGswitch, configureDATABASES

DNS_DOMAIN = 'eyes.sh'   
ADMIN_DOMAIN = ['eyes.sh', 'www.eyes.sh']

NS1_DOMAIN = 'eyes_dns1.lijiejie.com'
NS2_DOMAIN = 'eyes_dns2.lijiejie.com'

SERVER_IP = '123.123.123.123'

Nginx configuration file is in the directorydnslog_nginx.conf

Create an administrator account

After the system is deployed, the first account created is the system administrator . Recommendation: In the case of binding hosts locally, complete the account creation in advance.

Functional screenshot

dnslog1
http log
rebind

The DNS Log is a github repository by lijiejie

Source from
Linux cheat sheet

Tags: