Pentest Tools

Published on May 11th, 2016 📆 | 2462 Views ⚑


grimd — Fast Golang DNS Proxy

Fast golang dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers

Incoming requests spawn a goroutine and are served concurrently, and the block cache resides in-memory to allow for rapid lookups, allowing grimd to serve thousands of queries at once while maintaining a memory footprint of under 15mb for 100,000 blocked domains! Grimd requires golang 1.6 and you build grimd like any other golang application, for example to build for linux x64

env GOOS=linux GOARCH=amd64 go build -v

A restful json api is exposed by default on the local interface, allowing you to build web applications that visualize requests, blocks and the cache. reaper is the default grimd web frontend, and will likely get a makeover when the Buoy framework releases later this year.


Installing grimd

Installing grimd is the easiest when you simply download a release from the GitHub releases page.

mkdir ~/grim
cd ~/grim
wget <grimd release>

This will download the binary to ~/grim which will be grimd’s working directory. First, setup file permissions for grimd, by running the following.

chmod a+x ./grimd_linux_x64

Setup is pretty much complete, the only thing left to do is run grimd and let it generate the default configuration and download the blocklists. You wil need to set up as a systemd service so it automatically restarts and updates when starting.

[adsense size='1']

Setting up the service

Create the grimd service by running the following,

nano /etc/systemd/system/grimd.service

Now paste in the code for the service below,

Description=grimd dns proxy

ExecStart=/root/grim/grimd_linux_x64 -update


Save, and now you can start, stop, restart and run status commands on the grimd service like follows

service grimd start

The only thing left to do is setup your clients to use your grimd dns server.

grimd server should only allow connections from clients you trust, mainly because public dns servers are hit by penetration testers and hackers regularly to scout for vulnerabilities. There are many blocklist resources online that you can use but by default grimd is configured to use some of the more popular ones from around the internet for blocking ads and malware domains – like SteveBlack’s hosts file repo. Some services exist that will allow you to regularly get blocklist updates automatically from feeds.

source& Download

Leave a Reply

Your email address will not be published.