README.md in rogue_one-0.2.0 vs README.md in rogue_one-0.3.0
- old
+ new
@@ -3,21 +3,24 @@
[](https://badge.fury.io/rb/rogue_one)
[](https://travis-ci.org/ninoseki/rogue_one)
[](https://www.codefactor.io/repository/github/ninoseki/rogue_one)
[](https://coveralls.io/github/ninoseki/rogue_one?branch=master)
-A tiny tool for detecting a rogue DNS server and extracting landing pages from the rogue DNS server.
+A PoC tool for analyzing a rogue DNS server.
+This tool could be used for checking maliciousness of a DNS server and extracting landing pages.
+
## How it works
IPv4 space is vast. But an attacker could secure a few numbers of IP addresses for landing pages.
It means you can (probably) find malicious landing pages by using the following methods.
-- Resolving a bunch of domains by using a rogue DNS.
+- Resolving a bunch of domains by using a DNS server.
- Finding frequent IPv4s from the resolutions. They might be landing pages.
+- If a DNS server has landing pages, it might be a rogue one.
## Installation
```bash
gem install rogue_one
@@ -35,10 +38,11 @@
Usage:
rogue_one report [DNS_SERVER]
Options:
[--custom-list=CUSTOM_LIST] # A path to a custom list of domains
+ [--threshold=N] # Threshold value for determining malicious or not
[--verbose], [--no-verbose]
Show a report of a given DNS server
$ rogue_one report 1.1.1.1
@@ -69,10 +73,10 @@
}
# Note: a custom list should be an array of domains in YAML format.
```
| Key | Desc. |
-|---------------|--------------------------------------------------------------------------|
+| ------------- | ------------------------------------------------------------------------ |
| verdict | A detection result (`rogue one` or `benign one`) |
| landing_pages | An array of IP of landing pages |
| results | DNS resolution results (only available if --verbose option is specified) |
## Notes