updates

wip/dns_query_analyzer.sh.unloaded

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+get_tool_name() {
+    echo "DNS Query Analyzer"
+}
+
+get_tool_description() {
+    echo "Analyze DNS queries and responses for slow responses"
+}
+
+execute_tool() {
+    if ! command -v tcpdump &> /dev/null || ! command -v tshark &> /dev/null; then
+        echo "Required tools (tcpdump and tshark) are not available."
+        exit 1
+    fi
+
+    result=""
+    if [ -n "$domain" ]; then
+        if [[ "$domain" == *$'\n'* ]]; then
+            for single_domain in $domain; do
+                analyze_dns "$single_domain"
+            done
+        else
+            analyze_dns "$domain"
+        fi
+    else
+        result="No domains specified."
+    fi
+
+    echo -e "$result"
+}
+
+analyze_dns() {
+    local single_domain="$1"
+    
+    result+="\e[1mAnalyzing DNS queries for $single_domain:\e[0m\n"
+    
+    # Capture DNS traffic with tcpdump
+    tcpdump -i any -n -s0 -w dns_traffic.pcap udp port 53 &> /dev/null &
+    sleep 5
+    pkill tcpdump
+    
+    # Analyze captured traffic with tshark
+    slow_queries=$(tshark -r dns_traffic.pcap -Y "dns.qry.name contains $single_domain && dns.a" -T fields -e dns.time -e dns.qry.name)
+    
+    if [ -n "$slow_queries" ]; then
+        result+="$slow_queries\n"
+    else
+        result+="No slow queries found.\n"
+    fi
+    
+    # Cleanup captured traffic file
+    rm -f dns_traffic.pcap
+}