Skip to content

Instantly share code, notes, and snippets.

@faststeak

faststeak/gist:7b2cfdfef51492144ee8bd3c0ae4e375

Last active March 21, 2019 16:22
Show Gist options
  • Save faststeak/7b2cfdfef51492144ee8bd3c0ae4e375 to your computer and use it in GitHub Desktop.
Save faststeak/7b2cfdfef51492144ee8bd3c0ae4e375 to your computer and use it in GitHub Desktop.
Download ZIP
DNS Search looking for mixed case queries
Raw
gistfile1.txt
index=<your dns index> NOT (query=_ldap* OR query=_gc* OR query=_kerberos* OR query=1B* OR query=Coordinator* ) | eval mixed_case=if(match(query, "[a-z][A-Z]|[A-Z][a-z]|[A-Z]\.[a-z]|[a-z]\.[A-Z]"),"true","false") | search mixed_case=true |eval norm_query=lower(query) | stats count values(query) as query values(host) as dns_servers by dest norm_query
Raw
gistfile2.txt
index=infoblox NOT (query=_ldap* OR query=_gc* OR query=_kerberos* OR query=1B* OR query=Coordinator* OR query=_VLMCS* ) | eval mixed_case=if(match(query, "[a-z][A-Z]|[A-Z][a-z]|[A-Z]\.[a-z]|[a-z]\.[A-Z]"),"true","false") | search mixed_case=true | eval norm_query=lower(query) | stats count values(query) as query values(host) as dns_servers by dest norm_query
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment