Passive DNS Collection for PacketEngine

PacketEngine Collect lets you easily send subdomains to PacketEngine. Use our CLI tool to listen for DNS queries on your computer, or integrate our API into your own tools.

PacketEngine Collect CLI

The PacketEngine Collect CLI tool listens for DNS queries your computer makes and sends them to PacketEngine Collect automatically.

To get started, install the CLI using Go.

~$

go install -v github.com/PacketEngine/packetengine-collect@latest

After installing you can run sudo packetengine-collect and subdomains will automatically be sent to PacketEngine as you browse.

API

You can also use the API directly to ingest subdomains from other sources in your own tools.

~$

curl -X POST https://collect.packetengine.co.uk/ingest -H "Content-Type: application/json" -d "{\"answer\": \"test.example.com\"}"

Please feel free to integrate this into your own scripts and tools.

Awesome Plugins

PacketEngine for Caido

We built the PacketEngine Caido plugin to make it easy to send subdomains from Caido to PacketEngine Collect.

Check it out on Github.

PacketEngine for Burp Suite

We're still working on our official Burp plugin. It's coming!

Frequently asked questions

How much does PacketEngine Collect cost?

PacketEngine Collect is included with all PacketEngine subscriptions. In fact, you don't even need an account to contribute data! Simply run sudo packetengine-collect on any device and we'll start collecting.

What data does the CLI tool collect?

The PacketEngine Collect CLI tool listens for DNS queries your computer makes and sends those subdomains to PacketEngine Collect. The collection process is completely anonymous, and we don't link DNS information to individual users.

Why does the CLI tool need sudo?

While it's possible to run without sudo, sniffing packets generally requires higher privileges than a standard user has.

I sent some subdomains but they didn't appear in PacketEngine!

PacketEngine periodically checks if there are any new subdomains in PacketEngine Collect. If you don't see them immediately, don't worry! They'll be added soon.

I'm using Chrome/Firefox/Edge but I'm not seeing any subdomains in the command output.

Modern browsers use DNS over HTTPS to encrypt your DNS queries for additional privacy. To use PacketEngine Collect with your browser, you'll need to disable this feature.

Google Chrome

DoH is enabled by default on Google Chrome version 83 and later. It can be disabled as follows:

  1. Click the menu button and then click Settings.
  2. Go to Privacy and security and then Security.
  3. Scroll to Use Secure DNS and uncheck the option.
  4. Restart the browser.

Microsoft Edge

For Microsoft Edge, follow these steps:

  1. Click the menu button and then click Settings.
  2. Search for 'Secure DNS'.
  3. Scroll to Use secure DNS to specify how to lookup the network address for websites and uncheck the option.
  4. Restart the browser.

Mozilla Firefox

DoH is enabled by default on Firefox. Disable it as follows:

  1. Click the menu button and then click Settings.
  2. Search for Secure DNS and select Off.

For Firefox prior to version 116:

  1. Click the menu button and then click Settings.
  2. Scroll to Network Settings and click Settings.
  3. Scroll to Enable DNS over HTTPS and uncheck the box.
  4. Click OK to save your settings.