Malware DNS Scraper

The Malware DNS Scraper is a Perl script that will scan the DNS cache of a DNS server for malware-related entries.  The script can be found at:

http://www.mayhemiclabs.com/?q=node/11

The test OS in this example was Ubuntu version 10.04.  Before the script would execute, two additional packages were required:

libnet-dns-perl
libcrypt-ssleay-perl

Both were available via the Synaptic Package Manager within Ubuntu.  The syntax of the script is:

perl script.pl –server IP address of DNS server

Below is an example of when no entries are found:

malwarednsscraper1

If malware-related entries are found, a total number should be displayed as well as details for each.

malwarednsscraper2