# DNS Cache Monitor - GUI Version # No API required - helps you get DNS cache to Claude easily # Handle command line arguments for scheduled task param([switch]$AutoCollect) Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing # Configuration $LogDir = "$env:USERPROFILE\DNSMonitor" $CurrentCacheFile = "$LogDir\current_dns_cache.txt" # Ensure log directory exists if (!(Test-Path $LogDir)) { New-Item -ItemType Directory -Path $LogDir -Force | Out-Null } function Write-Log { param([string]$Message) $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" "$timestamp - $Message" | Out-File -FilePath "$LogDir\monitor.log" -Append } function Collect-DNSCache { Write-Log "Collecting DNS cache..." # Show progress $form.Text = "DNS Monitor - Collecting cache..." $statusLabel.Text = "Collecting DNS cache data..." $statusLabel.ForeColor = [System.Drawing.Color]::Blue $form.Refresh() try { # Collect DNS cache $dnsOutput = ipconfig /displaydns $dnsOutput | Out-File -FilePath $CurrentCacheFile -Encoding UTF8 # Update status $statusLabel.Text = "SUCCESS: DNS cache collected successfully!" $statusLabel.ForeColor = [System.Drawing.Color]::Green $form.Text = "DNS Monitor - Ready for Analysis" # Enable analysis buttons $openClaudeBtn.Enabled = $true $openFileBtn.Enabled = $true $copyPathBtn.Enabled = $true $viewCacheBtn.Enabled = $true $quickAnalysisBtn.Enabled = $true # Show file info $fileInfo = Get-Item $CurrentCacheFile $fileInfoLabel.Text = "File: $($fileInfo.Name) | Size: $([math]::Round($fileInfo.Length/1KB, 1)) KB | Modified: $($fileInfo.LastWriteTime.ToString('HH:mm:ss'))" Write-Log "DNS cache saved to: $CurrentCacheFile" } catch { $statusLabel.Text = "ERROR: Error collecting DNS cache: $($_.Exception.Message)" $statusLabel.ForeColor = [System.Drawing.Color]::Red Write-Log "Error: $($_.Exception.Message)" } } function Open-Claude { $statusLabel.Text = "Opening Claude web interface..." $statusLabel.ForeColor = [System.Drawing.Color]::Blue Start-Process "https://claude.ai" $statusLabel.Text = "SUCCESS: Claude opened - upload your DNS cache file there" $statusLabel.ForeColor = [System.Drawing.Color]::Green } function Open-CacheFile { if (Test-Path $CurrentCacheFile) { Start-Process "notepad.exe" -ArgumentList $CurrentCacheFile $statusLabel.Text = "SUCCESS: DNS cache file opened in Notepad" $statusLabel.ForeColor = [System.Drawing.Color]::Green } } function Copy-FilePath { if (Test-Path $CurrentCacheFile) { $CurrentCacheFile | Set-Clipboard $statusLabel.Text = "SUCCESS: File path copied to clipboard" $statusLabel.ForeColor = [System.Drawing.Color]::Green } } function Show-QuickAnalysis { if (!(Test-Path $CurrentCacheFile)) { [System.Windows.Forms.MessageBox]::Show("Please collect DNS cache first!", "No Data", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Warning) return } $statusLabel.Text = "Performing quick local analysis..." $statusLabel.ForeColor = [System.Drawing.Color]::Blue $form.Refresh() # Read DNS cache $cacheContent = Get-Content $CurrentCacheFile -Raw # Basic analysis $domains = @() $suspiciousDomains = @() $maliciousPatterns = @( "\.tk$", "\.ml$", "\.ga$", "\.cf$", # Suspicious TLDs "^\d+\.\d+\.\d+\.\d+$", # Direct IP connections "[a-z0-9]{8,}\.com$", # Long random domains "bit\.ly", "tinyurl", "t\.co" # URL shorteners ) # Extract domain names $lines = $cacheContent -split "`n" foreach ($line in $lines) { if ($line -match "Record Name\s+\.\s+\.\s+\.\s+:\s+(.+)") { $domain = $matches[1].Trim() if ($domain -and $domain -ne "localhost" -and $domains -notcontains $domain) { $domains += $domain # Check for suspicious patterns foreach ($pattern in $maliciousPatterns) { if ($domain -match $pattern) { $suspiciousDomains += $domain break } } } } } # Generate report $report = @" Quick DNS Cache Analysis Report Generated: $(Get-Date) Computer: $env:COMPUTERNAME SUMMARY: - Total unique domains: $($domains.Count) - Suspicious domains found: $($suspiciousDomains.Count) "@ if ($suspiciousDomains.Count -gt 0) { $report += @" WARNING: SUSPICIOUS DOMAINS DETECTED: $($suspiciousDomains -join "`n") RECOMMENDATIONS: 1. Review these domains carefully 2. Upload full cache to Claude for detailed analysis 3. Run antivirus scan if concerned 4. Consider blocking suspicious domains "@ } else { $report += @" SUCCESS: NO OBVIOUS THREATS DETECTED The quick scan didn't find any obviously suspicious domains. For a more thorough analysis, upload the cache file to Claude. "@ } $report += @" TOP DOMAINS (first 10): $($domains | Select-Object -First 10 | ForEach-Object { "- $_" } | Out-String) NOTE: This is a basic local analysis. For comprehensive threat detection, upload the DNS cache file to Claude for AI analysis. "@ # Show results in popup $resultForm = New-Object System.Windows.Forms.Form $resultForm.Text = "Quick Analysis Results" $resultForm.Size = New-Object System.Drawing.Size(600, 500) $resultForm.StartPosition = "CenterParent" $resultForm.FormBorderStyle = "FixedDialog" $resultForm.MaximizeBox = $false $textBox = New-Object System.Windows.Forms.TextBox $textBox.Multiline = $true $textBox.ScrollBars = "Vertical" $textBox.ReadOnly = $true $textBox.Dock = "Fill" $textBox.Font = New-Object System.Drawing.Font("Consolas", 10) $textBox.Text = $report $resultForm.Controls.Add($textBox) $resultForm.ShowDialog() | Out-Null $statusLabel.Text = "SUCCESS: Quick analysis complete" $statusLabel.ForeColor = [System.Drawing.Color]::Green } function Setup-ScheduledTask { $choice = [System.Windows.Forms.MessageBox]::Show( "This will create a scheduled task to collect DNS cache daily and show a notification when new data is available.`n`nYou can adjust the frequency in Task Scheduler after creation.`n`nProceed?", "Setup Scheduled Task", [System.Windows.Forms.MessageBoxButtons]::YesNo, [System.Windows.Forms.MessageBoxIcon]::Question ) if ($choice -eq "Yes") { try { # Create a simple daily task (user can adjust timing manually if needed) $taskCommand = "-WindowStyle Hidden -ExecutionPolicy Bypass -File `"$PSCommandPath`" -AutoCollect" $action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument $taskCommand $trigger = New-ScheduledTaskTrigger -Daily -At (Get-Date) $principal = New-ScheduledTaskPrincipal -UserId $env:USERNAME $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries $task = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -Settings $settings -Description "DNS Cache Security Monitor - Collects DNS cache daily" Register-ScheduledTask -TaskName "DNSCacheMonitor" -InputObject $task -Force [System.Windows.Forms.MessageBox]::Show("Scheduled task created successfully!`n`nTask runs daily. To change frequency:`n1. Open Task Scheduler`n2. Find 'DNSCacheMonitor'`n3. Adjust trigger timing as needed", "Success", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Information) } catch { [System.Windows.Forms.MessageBox]::Show("Failed to create scheduled task: $($_.Exception.Message)", "Error", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error) } } } # Running from scheduled task - just collect and notify if ($AutoCollect) { Collect-DNSCache # Show notification Add-Type -AssemblyName System.Windows.Forms $notification = New-Object System.Windows.Forms.NotifyIcon $notification.Icon = [System.Drawing.SystemIcons]::Information $notification.BalloonTipIcon = [System.Windows.Forms.ToolTipIcon]::Info $notification.BalloonTipTitle = "DNS Cache Updated" $notification.BalloonTipText = "New DNS cache collected. Run DNS Monitor to analyze." $notification.Visible = $true $notification.ShowBalloonTip(5000) Start-Sleep 6 $notification.Dispose() exit } # Create main form $form = New-Object System.Windows.Forms.Form $form.Text = "DNS Cache Security Monitor" $form.Size = New-Object System.Drawing.Size(500, 400) $form.StartPosition = "CenterScreen" $form.FormBorderStyle = "FixedSingle" $form.MaximizeBox = $false # Title label $titleLabel = New-Object System.Windows.Forms.Label $titleLabel.Text = "DNS Cache Security Monitor" $titleLabel.Font = New-Object System.Drawing.Font("Arial", 14, [System.Drawing.FontStyle]::Bold) $titleLabel.Location = New-Object System.Drawing.Point(20, 20) $titleLabel.Size = New-Object System.Drawing.Size(450, 30) $titleLabel.TextAlign = "MiddleCenter" $form.Controls.Add($titleLabel) # Status label $statusLabel = New-Object System.Windows.Forms.Label $statusLabel.Text = "Ready to collect DNS cache data" $statusLabel.Location = New-Object System.Drawing.Point(20, 60) $statusLabel.Size = New-Object System.Drawing.Size(450, 20) $statusLabel.ForeColor = [System.Drawing.Color]::Black $form.Controls.Add($statusLabel) # File info label $fileInfoLabel = New-Object System.Windows.Forms.Label $fileInfoLabel.Text = "No cache file collected yet" $fileInfoLabel.Location = New-Object System.Drawing.Point(20, 85) $fileInfoLabel.Size = New-Object System.Drawing.Size(450, 20) $fileInfoLabel.ForeColor = [System.Drawing.Color]::Gray $fileInfoLabel.Font = New-Object System.Drawing.Font("Arial", 8) $form.Controls.Add($fileInfoLabel) # Collect DNS button $collectBtn = New-Object System.Windows.Forms.Button $collectBtn.Text = "COLLECT DNS Cache" $collectBtn.Location = New-Object System.Drawing.Point(50, 120) $collectBtn.Size = New-Object System.Drawing.Size(180, 40) $collectBtn.Font = New-Object System.Drawing.Font("Arial", 10) $collectBtn.BackColor = [System.Drawing.Color]::LightBlue $collectBtn.Add_Click({ Collect-DNSCache }) $form.Controls.Add($collectBtn) # Quick analysis button $quickAnalysisBtn = New-Object System.Windows.Forms.Button $quickAnalysisBtn.Text = "QUICK Analysis" $quickAnalysisBtn.Location = New-Object System.Drawing.Point(250, 120) $quickAnalysisBtn.Size = New-Object System.Drawing.Size(180, 40) $quickAnalysisBtn.Font = New-Object System.Drawing.Font("Arial", 10) $quickAnalysisBtn.BackColor = [System.Drawing.Color]::LightGreen $quickAnalysisBtn.Enabled = $false $quickAnalysisBtn.Add_Click({ Show-QuickAnalysis }) $form.Controls.Add($quickAnalysisBtn) # Open Claude button $openClaudeBtn = New-Object System.Windows.Forms.Button $openClaudeBtn.Text = "OPEN Claude.ai" $openClaudeBtn.Location = New-Object System.Drawing.Point(50, 180) $openClaudeBtn.Size = New-Object System.Drawing.Size(180, 40) $openClaudeBtn.Font = New-Object System.Drawing.Font("Arial", 10) $openClaudeBtn.BackColor = [System.Drawing.Color]::Orange $openClaudeBtn.Enabled = $false $openClaudeBtn.Add_Click({ Open-Claude }) $form.Controls.Add($openClaudeBtn) # View cache file button $viewCacheBtn = New-Object System.Windows.Forms.Button $viewCacheBtn.Text = "VIEW Cache File" $viewCacheBtn.Location = New-Object System.Drawing.Point(250, 180) $viewCacheBtn.Size = New-Object System.Drawing.Size(180, 40) $viewCacheBtn.Font = New-Object System.Drawing.Font("Arial", 10) $viewCacheBtn.BackColor = [System.Drawing.Color]::LightGray $viewCacheBtn.Enabled = $false $viewCacheBtn.Add_Click({ Open-CacheFile }) $form.Controls.Add($viewCacheBtn) # Open file location button $openFileBtn = New-Object System.Windows.Forms.Button $openFileBtn.Text = "OPEN File Location" $openFileBtn.Location = New-Object System.Drawing.Point(50, 240) $openFileBtn.Size = New-Object System.Drawing.Size(180, 35) $openFileBtn.Enabled = $false $openFileBtn.Add_Click({ Start-Process "explorer.exe" -ArgumentList "/select,`"$CurrentCacheFile`"" }) $form.Controls.Add($openFileBtn) # Copy path button $copyPathBtn = New-Object System.Windows.Forms.Button $copyPathBtn.Text = "COPY File Path" $copyPathBtn.Location = New-Object System.Drawing.Point(250, 240) $copyPathBtn.Size = New-Object System.Drawing.Size(180, 35) $copyPathBtn.Enabled = $false $copyPathBtn.Add_Click({ Copy-FilePath }) $form.Controls.Add($copyPathBtn) # Setup scheduled task button $taskBtn = New-Object System.Windows.Forms.Button $taskBtn.Text = "SETUP Auto-Collection" $taskBtn.Location = New-Object System.Drawing.Point(150, 290) $taskBtn.Size = New-Object System.Drawing.Size(180, 35) $taskBtn.Add_Click({ Setup-ScheduledTask }) $form.Controls.Add($taskBtn) # Instructions $instructionsLabel = New-Object System.Windows.Forms.Label $instructionsLabel.Text = @" Instructions: 1. Click 'Collect DNS Cache' to gather current data 2. Use 'Quick Analysis' for basic local checks 3. Click 'Open Claude.ai' and upload the cache file for detailed AI analysis 4. Optionally setup auto-collection (daily by default, adjustable in Task Scheduler) "@ $instructionsLabel.Location = New-Object System.Drawing.Point(20, 335) $instructionsLabel.Size = New-Object System.Drawing.Size(450, 60) $instructionsLabel.Font = New-Object System.Drawing.Font("Arial", 8) $instructionsLabel.ForeColor = [System.Drawing.Color]::DarkBlue $form.Controls.Add($instructionsLabel) # Check if we already have a recent cache file if (Test-Path $CurrentCacheFile) { $fileAge = (Get-Date) - (Get-Item $CurrentCacheFile).LastWriteTime if ($fileAge.TotalHours -lt 4) { $openClaudeBtn.Enabled = $true $openFileBtn.Enabled = $true $copyPathBtn.Enabled = $true $viewCacheBtn.Enabled = $true $quickAnalysisBtn.Enabled = $true $statusLabel.Text = "SUCCESS: Recent DNS cache file available" $statusLabel.ForeColor = [System.Drawing.Color]::Green $fileInfo = Get-Item $CurrentCacheFile $fileInfoLabel.Text = "File: $($fileInfo.Name) | Size: $([math]::Round($fileInfo.Length/1KB, 1)) KB | Modified: $($fileInfo.LastWriteTime.ToString('HH:mm:ss'))" } } # Show the form Write-Log "DNS Cache Monitor GUI started" $form.ShowDialog() | Out-Null <# .SYNOPSIS DNS Cache Security Monitor - GUI Version (No API Required) .DESCRIPTION A simple Windows GUI that helps you collect DNS cache data and get it to Claude for security analysis. No API keys or complex setup required. Features: - One-click DNS cache collection - Quick local analysis for obvious threats - Easy upload to Claude web interface - Optional scheduled collection - File management helpers .EXAMPLE Just run the script: .\DNSMonitor.ps1 #>