Kyle Schomp - Tools

data_tools

Working from the command line is the easiest way to explore a new dataset of text files, such as logs. However, many tasks require more advanced tools than are commonly available. So, I wrote a bunch of python scripts for exploring data to complement the standard command-line utilities. The scripts vary from general (e.g., binning log lines by a common column value or values) to domain specific (e.g., computing the stack distance between values in the file).

DNS Vulnerability Scanner

The Domain Name System (DNS) is responsible for converting domain names, e.g., www.google.com, into Internet Protocol addresses that are used to route traffic on the Internet. To convert a domain name, your computer issues a DNS resolution request which is performed on your behalf by a set of servers known as DNS resolvers.

This tool is designed to help you learn about how your DNS resolutions are being handled. It works by sending specifically designed DNS resolution requests that cause the DNS infrastructure to interact with a server under our control. In addition to discovering the DNS resolvers that you are using, we also test the resolvers for vulnerabilities to several well known attacks. Go here to test your resolver now.

DNS Experimental Nameserver

To investigate questions around how your DNS recursive resolvers are behaving, I've created an experimental nameserver that will echo back useful information about the queries it receives. Sending queries of the form [random].examine.exp.schomp.info IN TXT with a tool such as dig will generate a response containing a JSON blob filled with details about the query:


{
  "time": "2020-11-20 22:19:34.129852",
  "dns": {
    "payload": 1400,
    "edns": 0,
    "flags": "10000",
    "options": [
      {
        "type": 8,
        "data": "u0000u0001u0018u00004,0"
      }
    ],
    "id": 50025,
    "ednsflags": "1000000000000000",
    "qname": "a1.examine.exp.schomp.info."
  },
  "udp": {
    "len": 74,
    "src_port": 56181,
    "cs": 29177
  },
  "ip": {
    "len": 94,
    "id": 61226,
    "proto": 17,
    "tos": 128,
    "cs": 6415,
    "ttl": 118,
    "off": 0,
    "src_ip": "74.125.18.69"
  }
}

Example usage: