55 lines
1.3 KiB
Bash
55 lines
1.3 KiB
Bash
#!/bin/bash
|
|
|
|
get_tool_name() {
|
|
echo "DNS Query Analyzer"
|
|
}
|
|
|
|
get_tool_description() {
|
|
echo "Analyze DNS queries and responses for slow responses"
|
|
}
|
|
|
|
execute_tool() {
|
|
if ! command -v tcpdump &> /dev/null || ! command -v tshark &> /dev/null; then
|
|
echo "Required tools (tcpdump and tshark) are not available."
|
|
exit 1
|
|
fi
|
|
|
|
result=""
|
|
if [ -n "$domain" ]; then
|
|
if [[ "$domain" == *$'\n'* ]]; then
|
|
for single_domain in $domain; do
|
|
analyze_dns "$single_domain"
|
|
done
|
|
else
|
|
analyze_dns "$domain"
|
|
fi
|
|
else
|
|
result="No domains specified."
|
|
fi
|
|
|
|
echo -e "$result"
|
|
}
|
|
|
|
analyze_dns() {
|
|
local single_domain="$1"
|
|
|
|
result+="\e[1mAnalyzing DNS queries for $single_domain:\e[0m\n"
|
|
|
|
# Capture DNS traffic with tcpdump
|
|
tcpdump -i any -n -s0 -w dns_traffic.pcap udp port 53 &> /dev/null &
|
|
sleep 5
|
|
pkill tcpdump
|
|
|
|
# Analyze captured traffic with tshark
|
|
slow_queries=$(tshark -r dns_traffic.pcap -Y "dns.qry.name contains $single_domain && dns.a" -T fields -e dns.time -e dns.qry.name)
|
|
|
|
if [ -n "$slow_queries" ]; then
|
|
result+="$slow_queries\n"
|
|
else
|
|
result+="No slow queries found.\n"
|
|
fi
|
|
|
|
# Cleanup captured traffic file
|
|
rm -f dns_traffic.pcap
|
|
}
|