# Nadzoring Nadzoring is a free and open source command-line tool for network analysis, DNS diagnostics, and security monitoring. It provides comprehensive functionality for detecting website blocks, monitoring service availability, analyzing network configurations, and detecting potential security threats like ARP spoofing and DNS poisoning. The tool is organized into three main command groups: `dns` for DNS resolution and analysis, `network-base` for network diagnostics and port scanning, and `arp` for ARP cache management and spoofing detection. All commands support multiple output formats (table, JSON, CSV, HTML) and can save results to files for further analysis. ## DNS Commands ### dns resolve - Resolve DNS Records Resolves DNS records for one or more domains with support for multiple record types including A, AAAA, CNAME, MX, NS, TXT, and ALL. ```bash # Basic A record lookup nadzoring dns resolve google.com # Multiple record types for a domain nadzoring dns resolve -t A -t MX -t TXT example.com # All record types with specific nameserver and TTL display nadzoring dns resolve -t ALL -n 8.8.8.8 --show-ttl github.com # Multiple domains with short output format nadzoring dns resolve --short --type ALL google.com cloudflare.com # Save results as JSON nadzoring dns resolve -t ALL -o json --save dns_records.json example.com ``` ### dns reverse - Reverse DNS Lookup Performs reverse DNS lookup (PTR records) to resolve IP addresses to their associated hostnames. ```bash # Basic reverse lookup nadzoring dns reverse 8.8.8.8 # Multiple IPs with specific nameserver nadzoring dns reverse -n 208.67.222.222 1.1.1.1 8.8.8.8 9.9.9.9 # Export results to CSV nadzoring dns reverse -o csv --save reverse_dns.csv 8.8.8.8 1.1.1.1 ``` ### dns check - Comprehensive DNS Validation Validates DNS configuration including MX priority uniqueness, SPF policy checks, and DKIM key presence. ```bash # Complete DNS check for a domain nadzoring dns check example.com # Check specific record types nadzoring dns check -t MX -t TXT gmail.com # Multiple domains with custom nameserver nadzoring dns check -n 9.9.9.9 google.com cloudflare.com github.com # Save validation report as HTML nadzoring dns check -o html --save dns_validation.html example.com ``` ### dns trace - DNS Resolution Path Tracing Traces the full DNS resolution path from root servers to authoritative nameservers, showing each hop with timing information. ```bash # Trace from root servers nadzoring dns trace example.com # Trace starting from specific nameserver with verbose output nadzoring dns trace -n 8.8.8.8 -v google.com # Save trace as HTML report nadzoring dns trace -o html --save dns_trace.html cloudflare.com ``` ### dns compare - Compare DNS Responses Compares DNS responses from multiple nameservers to detect discrepancies or inconsistencies. ```bash # Compare A records across default servers (Google, Cloudflare, Quad9) nadzoring dns compare example.com # Compare MX records with custom servers nadzoring dns compare -t MX -s 8.8.8.8 -s 208.67.222.222 -s 9.9.9.9 gmail.com # Multiple record types comparison nadzoring dns compare -t A -t AAAA -t NS cloudflare.com # Save comparison results nadzoring dns compare -o json --save dns_comparison.json github.com ``` ### dns health - DNS Health Check with Scoring Performs comprehensive DNS health check with a scoring system (0-100) evaluating record presence, MX priorities, SPF completeness, and DKIM configuration. ```bash # Basic health check nadzoring dns health example.com # Health check with custom nameserver nadzoring dns health -n 1.1.1.1 google.com # Verbose health report saved as JSON nadzoring dns health -v -o json --save health_report.json github.com ``` ### dns benchmark - DNS Server Performance Testing Benchmarks DNS server performance with configurable queries, measuring average, minimum, and maximum response times. ```bash # Benchmark default public DNS servers nadzoring dns benchmark # Benchmark specific servers with 20 queries each nadzoring dns benchmark -s 8.8.8.8 -s 1.1.1.1 -s 9.9.9.9 --queries 20 # Benchmark MX records sequentially nadzoring dns benchmark -t MX -d gmail.com --sequential # Save benchmark results nadzoring dns benchmark -o json --save dns_benchmark.json ``` ### dns poisoning - DNS Poisoning Detection Detects DNS poisoning, censorship, or CDN-based routing variations by comparing responses from control and test servers. ```bash # Basic poisoning check nadzoring dns poisoning example.com # Check with custom control server and additional record types nadzoring dns poisoning -c 1.1.1.1 -a MX -a TXT google.com # Generate detailed HTML report nadzoring dns poisoning -v -o html --save poisoning_report.html twitter.com # Test against specific servers nadzoring dns poisoning -t 208.67.222.222 -t 9.9.9.9 github.com ``` ## Network Commands ### network-base port-scan - TCP/UDP Port Scanner Scans for open ports on targets with support for fast, full, and custom scan modes, multi-threading, and banner grabbing. ```bash # Fast scan of common ports nadzoring network-base port-scan example.com # Full port scan (1-65535) nadzoring network-base port-scan --mode full 192.168.1.1 # Custom port range with UDP protocol nadzoring network-base port-scan --mode custom --ports 1-1024 --protocol udp example.com # Custom specific ports with increased workers nadzoring network-base port-scan --mode custom --ports 22,80,443,3306,5432 --workers 100 example.com # Multiple targets with banner grabbing disabled nadzoring network-base port-scan --no-banner 192.168.1.1 192.168.1.2 192.168.1.3 # Show closed ports and save results nadzoring network-base port-scan --show-closed -o json --save scan_results.json example.com ``` ### network-base ping - Address Reachability Check Pings one or more addresses to check network reachability and availability. ```bash # Ping single address nadzoring network-base ping 8.8.8.8 # Multiple addresses nadzoring network-base ping google.com cloudflare.com 1.1.1.1 # JSON output for scripting nadzoring network-base ping -o json github.com ``` ### network-base geolocation - IP Geolocation Retrieves geographic location information for IP addresses including coordinates, country, and city. ```bash # Geolocate single IP nadzoring network-base geolocation 8.8.8.8 # Multiple IPs nadzoring network-base geolocation 8.8.8.8 1.1.1.1 9.9.9.9 # Save results as JSON nadzoring network-base geolocation --save locations.json -o json 8.8.8.8 ``` ### network-base params - Network Configuration Display Displays detailed network configuration parameters including interface, IP addresses, router, and MAC address. ```bash # Display network parameters nadzoring network-base params # JSON output for scripting nadzoring network-base params -o json # Save configuration nadzoring network-base params --save network_config.json ``` ### network-base host-to-ip - Hostname Resolution Resolves hostnames to IP addresses with IPv4/IPv6 availability checking and router information. ```bash # Resolve multiple domains nadzoring network-base host-to-ip google.com github.com cloudflare.com # CSV output for analysis nadzoring network-base host-to-ip -o csv --save resolutions.csv example.com ``` ### network-base port-service - Service Identification Identifies which service typically runs on specified port numbers. ```bash # Check common ports nadzoring network-base port-service 80 443 22 53 3306 # JSON output nadzoring network-base port-service -o json 8080 5432 27017 ``` ### network-base http-ping - HTTP/HTTPS Timing Analysis Measures HTTP/HTTPS response timing including DNS resolution, time-to-first-byte (TTFB), and total download time. ```bash # Basic HTTP ping nadzoring network-base http-ping https://example.com # Multiple URLs with header inspection nadzoring network-base http-ping --show-headers https://google.com https://github.com # Custom timeout with SSL verification disabled nadzoring network-base http-ping --timeout 5 --no-ssl-verify https://self-signed.badssl.com # Don't follow redirects nadzoring network-base http-ping --no-redirects https://http.cat # Save timing metrics as CSV nadzoring network-base http-ping -o csv --save http_metrics.csv https://api.github.com ``` ### network-base whois - WHOIS Lookup Retrieves WHOIS registration information for domains or IP addresses. ```bash # WHOIS lookup for domain nadzoring network-base whois example.com # Multiple targets nadzoring network-base whois google.com cloudflare.com 8.8.8.8 # JSON output for automation nadzoring network-base whois -o json --save whois_data.json github.com ``` ### network-base connections - Active Connections List Lists active network connections (TCP/UDP) with process information, similar to `ss` or `netstat`. ```bash # List all connections nadzoring network-base connections # Show only listening TCP ports nadzoring network-base connections --protocol tcp --state LISTEN # UDP connections without process info nadzoring network-base connections --protocol udp --no-process # Save as CSV nadzoring network-base connections -o csv --save connections.csv ``` ### network-base traceroute - Network Path Tracing Traces the network path to hosts showing each hop with timing information. ```bash # Basic traceroute nadzoring network-base traceroute google.com # Multiple targets with custom max hops nadzoring network-base traceroute --max-hops 20 github.com cloudflare.com # With sudo on Linux (for raw socket access) nadzoring network-base traceroute --sudo example.com # HTML report nadzoring network-base traceroute -o html --save trace_report.html 8.8.8.8 ``` ### network-base route - Routing Table Display Displays the system IP routing table including destinations, gateways, and interfaces. ```bash # Display routing table nadzoring network-base route # JSON output nadzoring network-base route -o json # Save routing table nadzoring network-base route --save routing_table.json ``` ## ARP Commands ### arp cache - ARP Cache Display Shows the current ARP cache table with IP addresses, MAC addresses, interfaces, and states. ```bash # Display ARP cache nadzoring arp cache # Save as CSV nadzoring arp cache -o csv --save arp_cache.csv # JSON output nadzoring arp cache -o json ``` ### arp detect-spoofing - ARP Spoofing Detection Detects potential ARP spoofing attacks by analyzing the ARP cache for duplicate IPs, duplicate MACs, and invalid MAC addresses. ```bash # Check all interfaces nadzoring arp detect-spoofing # Check specific interfaces nadzoring arp detect-spoofing eth0 wlan0 # Save detection results nadzoring arp detect-spoofing -o json --save spoofing_alerts.json ``` ### arp monitor-spoofing - Real-time ARP Monitoring Monitors network for ARP spoofing attacks in real-time by capturing and analyzing ARP packets. ```bash # Monitor all interfaces (default: 10 packets, 30 second timeout) nadzoring arp monitor-spoofing # Monitor specific interface for 100 packets nadzoring arp monitor-spoofing --interface eth0 --count 100 # Monitor with 60 second timeout nadzoring arp monitor-spoofing --timeout 60 # Save captured alerts nadzoring arp monitor-spoofing -o json --save arp_alerts.json ``` ## Python API Usage ### DNS Resolution with Timer ```python from nadzoring.dns_lookup import resolve_dns, RECORD_TYPES # Basic A record resolution result = resolve_dns("example.com", record_type="A") if not result["error"]: print(f"Records: {result['records']}") print(f"Response time: {result['response_time']}ms") # MX records with TTL and custom nameserver result = resolve_dns( "gmail.com", record_type="MX", nameserver="8.8.8.8", include_ttl=True, timeout=3.0 ) print(f"MX Records: {result['records']}") print(f"TTL: {result['ttl']}") ``` ### Port Scanning ```python from nadzoring.network_base.port_scanner import ScanConfig, scan_ports, COMMON_PORTS # Configure and run a port scan config = ScanConfig( targets=["example.com"], mode="fast", protocol="tcp", timeout=2.0, max_workers=50, grab_banner=True ) results = scan_ports(config) for result in results: print(f"Target: {result.target} ({result.target_ip})") print(f"Open ports: {result.open_ports}") print(f"Scan duration: {result.duration:.2f}s") for port in result.open_ports: port_result = result.results[port] print(f" Port {port}: {port_result.service} - {port_result.banner or 'No banner'}") ``` ### ARP Cache and Spoofing Detection ```python from nadzoring.arp import ARPCache, ARPSpoofingDetector # Get ARP cache entries cache = ARPCache() entries = cache.get_cache() for entry in entries: print(f"{entry.ip_address} -> {entry.mac_address} ({entry.interface})") # Detect spoofing detector = ARPSpoofingDetector(cache) for interface in set(e.interface for e in entries): interface_entries = [e for e in entries if e.interface == interface] alerts = detector.detect_on_interface(interface_entries, interface) for alert in alerts: print(f"ALERT: {alert.alert_type} - {alert.description}") ``` ## Summary Nadzoring is designed for network administrators, security professionals, and developers who need comprehensive network diagnostics and monitoring capabilities. Its main use cases include troubleshooting connectivity issues, detecting DNS manipulation or censorship, performing security audits through port scanning, and monitoring for ARP-based attacks on local networks. The tool integrates seamlessly into automation workflows through its JSON, CSV, and HTML output formats, making it easy to incorporate into monitoring scripts, CI/CD pipelines, or security dashboards. The Python API provides programmatic access to all functionality, enabling custom integrations and extended analysis workflows beyond the CLI interface.