Judas DNS – Nameserver DNS Poisoning Attack Tool


Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain.

Judas DNS - Nameserver DNS Poisoning Attack Tool


The magic comes with Judas’s rule configurations which allow you to change DNS responses depending on source IP or DNS query type. This allows an attacker to configure a malicious nameserver to do things like selectively re-route inbound email coming from specified source IP ranges (via modified MX records), set extremely long TTLs to keep poisoned records cached, and more.

How to use Judas DNS Nameserver DNS Poisoning Attack Tool

The following is an example configuration for Judas for an example scenario where an attacker has compromised/taken over one of Apple’s authoritative nameservers (for apple.com):

The above configuration value purposes are the following:

  • version: The configuration file format version (for now is always 1.0.0).
  • port: The port Judas should run on.
  • dns_query_timeout: How long to wait in milliseconds before giving up on a reply from the upstream target nameserver.
  • target_nameservers: The legit nameservers for your target domain, all DNS queries will be sent here from Judas on behalf of all requesting clients.
  • rules: A list of rules with modifications to the DNS response to apply if matched.
    • name: Name of a given rule.
    • query_type_matches: List of query types to match on such as CNAME, A, etc. A wildcard (*) can also be specified to match any query type.
    • ip_range_matches: List of IP ranges to match on. For selectively spoofing responses to a specific range of IPs.
    • modifications: See the “Modifications” section of this README.

You can download Judas DNS here:

JudasDNS-master.zip

Or read more here.

Posted in: Hacking Tools


Latest Posts:


Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.


Comments are closed.