I am trying to set up a malware analysis lab. It would be made up of two VMs (Linux and Windows) the Windows one would be for running malware and the Linux VM would monitor network traffic. Linux VM would act like a router but instead of routing to WAN it’d simply take in the requests and resend fake data (for example if the Windows VM requests a webpage it’d return some html). It would be nice if it’d also (if possible) translate IP addresses to domains. I’m looking for a CLI tool that would do that. But so far I hadn’t found any that would match my needs.
