You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Alexandre Dulaunoy 18e42e827e
Merge pull request #7 from axtux/master
5 months ago
bin only remove extrema dots 5 months ago
etc create db directory and correct path 5 months ago
LICENSE chg: [doc] Basic README added 1 year ago chg: [doc] minimal install guide added 1 year ago create db directory and correct path 5 months ago fix: [launcher] Removed hardcoded paths 10 months ago
requirements chg: [requirements] for the cof server added 1 year ago


analyzer-d4-passivedns is an analyzer for a D4 network sensor. The analyser can process data produced by D4 sensors (in passivedns CSV format (more to come)) and ingest these into a Passive DNS server which can be queried later to search for the Passive DNS records.




  • Python 3
  • Redis >5.0
  • Tornado
  • iptools



All the Python 3 code will be installed in a virtualenv (PDNSENV).


Start the redis server

Don't forget to set the DB directory in the redis.conf configuration. By default, the redis for Passive DNS is running on TCP port 6400

./redis/src/redis-server ./etc/redis.conf

Start the Passive DNS COF server

. ./PDNSENV/bin/activate
cd ./bin/
python3 ./

Configure and start the D4 analyzer

cd ./etc
cp analyzer.conf.sample analyzer.conf

Edit the analyzer.conf to match the UUID of the analyzer queue from your D4 server.

my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715
d4-server =
logging-level = INFO

then you can start the analyzer which will fetch the data from the analyzer, parse it and populate the Passive DNS database.

. ./PDNSENV/bin/activate/
cd ./bin/


The software is free software/open source released under the GNU Affero General Public License version 3.