alphasoc · kmroz · Sep 10, 2021 · Sep 22, 2021 · Nov 6, 2021 · Nov 6, 2021
diff --git a/README.md b/README.md
@@ -36,6 +36,8 @@ Cheatsheet:
     flightsim run c2                Simulate C2 traffic
     flightsim run c2:trickbot       Simulate C2 traffic for the TrickBot family
     flightsim run ssh-transfer:1GB  Simulate a 1GB SSH/SFTP file transfer
+    flightsim run encrypted-dns     Simulate encrypted DNS traffic via DNS-over-HTTPS, DNS-over-TLS and DNSCrypt
+    flightsim run encrypted-dns:doh Simulate encrypted DNS traffic via a specific protocol (DNS-over-HTTPS in this case)
 
     flightsim get families:c2       Get a list of all c2 families
 ```
@@ -58,7 +60,7 @@ To run all available modules, call:
 
 Available modules:
 
-        c2, dga, imposter, miner, scan, sink, spambot, ssh-exfil, ssh-transfer, tunnel-dns, tunnel-icmp
+        c2, dga, encrypted-dns, imposter, miner, scan, sink, spambot, ssh-exfil, ssh-transfer, tunnel-dns, tunnel-icmp
 
 Available flags:
   -dry
@@ -138,16 +140,17 @@ All done!
 
 The modules packaged with the utility are listed in the table below.
 
-| Module        | Description                                                                   |
-| ------------- | ----------------------------------------------------------------------------- |
-| `c2`          | Generates both DNS and IP traffic to a random list of known C2 destinations   |
-| `dga`         | Simulates DGA traffic using random labels and top-level domains               |
-| `imposter`    | Generates DNS traffic to a list of imposter domains                           |
-| `miner`       | Generates Stratum mining protocol traffic to known cryptomining pools         |
-| `scan`        | Performs a port scan of random RFC 5737 addresses using common TCP ports      |
-| `sink`        | Connects to known sinkholed destinations run by security researchers          |
-| `spambot`     | Resolves and connects to random Internet SMTP servers to simulate a spam bot  |
-| `ssh-exfil`   | Simulates an SSH file transfer to a service running on a non-standard SSH port|
-| `ssh-transfer`| Simulates an SSH file transfer to a service running on an SSH port            |
-| `tunnel-dns`  | Generates DNS tunneling requests to \*.sandbox.alphasoc.xyz                   |
-| `tunnel-icmp` | Generates ICMP tunneling traffic to an Internet service operated by AlphaSOC  |
+| Module          | Description                                                                      |
+| -------------   | -----------------------------------------------------------------------------    |
+| `c2`            | Generates both DNS and IP traffic to a random list of known C2 destinations      |
+| `dga`           | Simulates DGA traffic using random labels and top-level domains                  |
+| `encrypted-dns` | Simulates encrypted DNS traffic via DNS-over-HTTPS, DNS-over-TLS and/or DNSCrypt |
+| `imposter`      | Generates DNS traffic to a list of imposter domains                              |
+| `miner`         | Generates Stratum mining protocol traffic to known cryptomining pools            |
+| `scan`          | Performs a port scan of random RFC 5737 addresses using common TCP ports         |
+| `sink`          | Connects to known sinkholed destinations run by security researchers             |
+| `spambot`       | Resolves and connects to random Internet SMTP servers to simulate a spam bot     |
+| `ssh-exfil`     | Simulates an SSH file transfer to a service running on a non-standard SSH port   |
+| `ssh-transfer`  | Simulates an SSH file transfer to a service running on an SSH port               |
+| `tunnel-dns`    | Generates DNS tunneling requests to \*.sandbox.alphasoc.xyz                      |
+| `tunnel-icmp`   | Generates ICMP tunneling traffic to an Internet service operated by AlphaSOC     |
diff --git a/cmd/run/run.go b/cmd/run/run.go
@@ -251,6 +251,16 @@ var allModules = []Module{
 		HostMsg: "Simulating DNS tunneling via *.%s",
 		Timeout: 10 * time.Second,
 	},
+	Module{
+		Module:     simulator.NewEncryptedDNS(),
+		Name:       "encrypted-dns",
+		Pipeline:   PipelineDNS,
+		NumOfHosts: 1,
+		// HeaderMsg:  "Preparing DNS tunnel hostnames",
+		HostMsg: "Simulating Encrypted DNS via *.%s",
+		Timeout: 10 * time.Second,
+	},
+
 	Module{
 		Module:     simulator.CreateModule(wisdom.NewWisdomHosts("cryptomining", wisdom.HostTypeIP), simulator.NewStratumMiner()),
 		Name:       "miner",

diff --git a/go.mod b/go.mod
@@ -3,9 +3,11 @@ module github.com/alphasoc/flightsim
 go 1.13
 
 require (
+	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da
 	github.com/cretz/bine v0.2.0
-	github.com/inhies/go-bytesize v0.0.0-20201103132853-d0aed0d254f8 // indirect
-	github.com/pkg/errors v0.8.1
-	golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e // indirect
+	github.com/inhies/go-bytesize v0.0.0-20201103132853-d0aed0d254f8
+	github.com/jedisct1/go-dnsstamps v0.0.0-20210810213811-61cc83d2a354
+	github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7
+	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
 	golang.org/x/net v0.0.0-20210525063256-abc453219eb5
 )