Home

Awesome

GodNS

A fast and configurable attacker-in-the-middle DNS proxy for penetration testers, reverse engineers, and malware analysts inspired by DNSChef. It allows the selective replacement of specific DNS records for arbitrary domains with custom values, and can be used to direct traffic to a different host. GodNS can spoof A, AAAA, CNAME, PTR, MX, NS, SRV, SOA, and TXT records. It can also be used to block DNS requests for specific domains.

Go Report Card Build Check Unit Tests Release

Download

Download the latest release for your platform.

Basic Usage

Basic rules can be passed via the command line and use glob matching for the domain name spoof the response using the provided value. For example, to spoof A records for various domains:

godns --rule-a "microsoft.com|127.0.0.1" --rule-a "google.com|127.0.0.1"

You can leverage the glob matching to replace all A records for all domains:

godns --rule-a "*|127.0.0.1"

Replace a domain and all subdomain A records:

godns --rule-a "example.com|127.0.0.1" --rule-a "*.example.com|127.0.0.1"

Advanced Usage

For more advanced usage, a config file can be provided. The config file is a JSON or YAML file that contains a list of rules. Configuration file entries support regular expression matching in addition to glob matching. See the example configuration file in this repository for more details. Note that CLI flags override values in the config file if both are provided. Additionally, certain record types such as SOA and SRV can only be spoofed using a configuration file.

Supported Platforms

GodNS is a standalone statically compiled binary, and runs on nearly every operating system and CPU architecture: