Awesome

DNS Analysis Scripts

A collection of scripts used to detect Fast-Flux domains and DGA domains.

Based on research conducted for MSc thesis, related research papers are available from the following locations:

• ISSA 2011
• ISSA 2012
• Botconf 2013

Basic Usage

To analyse a single domain:

python FFAnalyse.py -d exampledomain.com

To analyse multple domains:

cat domains.txt | xargs -I {} python FFAnalyse.py -d {}

The URLAnalyse and Geolocate scripts can also be used in isolation, please see the documentation for each of these for usage info.

Dependencies These can all be installed with a simple easy_install <package name>

• pygeoip
• mgrs
• dnspython
• pytz

Note about MaxMind Databases: For Geographic analysis you require the MaxMind databases. These are not included here, please get these from MaxMind.

• GeoIPCity.dat
• GeoIPASNum.dat
• GeoLiteCity.dat