Skip to content

z0mbiehunt3r/pffdetect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
geoliteasn
geoliteasn
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
pffdetect.py
pffdetect.py
 
 

Repository files navigation

pffdetect

pffdetect is a simple python script to check if a given domain, or list of them, looks like fast-fluxed domain. Can also be easily used as an external python module.

WARNING: A positive result doesn't mean that is fast-fluxed, only that it looks like fast-fluxed domains. (Have in mind thinks like GSLB, multiple IPS, and so).

It's based on https://pi1.informatik.uni-mannheim.de/filepool/research/publications/fast-flux-ndss08.pdf paper written by Thorsten Holz,Christian Gorecki, Konrad Rieck and Felix C. Freiling.

To check AS number of an IP address it uses Team Cymru's service IP TO ASN MAPPING (http://www.team-cymru.org/Services/ip-to-asn.html) and support following methods:

alt text

Thanks to:

  • Original researchers
  • Écija and buguroo team
  • Team Cymru
  • MaxMind

About

Python fast-fluxed domain detector

Resources

Readme

License

GPL-2.0 license
Activity

Stars

13 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages