digenum
Enumerating the contents of your router history
If you want to reach websites on the Internet, all network traffic is usually routed through routers. Because no one can remember IP addresses for countless websites, DNS servers ("Domain Name System") are used to assign an IP address to a host name. A DNS server translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocol.
In order to load web pages faster upon later visit and to avoid having to query an external DNS server every time, a router caches the IP addresses of visited websites. This is what a router does for all devices connected to it. Since only one cache is used for all devices and users, it is partially possible to retrieve the visited web pages from all connected devices with a simple command.
For example, to find out if an user has accessed the website google.com through a shared router with the address 192.168.2.1, the following command can be used:
dig @192.168.2.1 google.com +norecurse
The command dig (domain information groper) is a program that can be used to query information from DNS servers. In this case, the cache of the router is queried. To query multiple web pages, a word list with the most common web pages can be used which are then passed to this command.
I developed a convenient tool that does just that. It queries the router's cache using the dig command and determines which web pages were visited. Either a single web page to be checked can be passed to the script
digenum.sh -ip 192.168.2.1 -u google.com
or a word list can be passed:
digenum.sh -ip 192.168.2.1 -w wordlist.txt
In either case the script determines if an IP address was cached by the router and presents the result in a clear way. The tool can be found on my github repository: https://github.com/MKesenheimer/digenum
