Add: dns leak detection

README.md

@@ -7,8 +7,10 @@ WTFnet is a pure CLI toolbox for diagnosing network problems on Linux and Window
 - Ports, neighbors, and trusted root certificates.
 - Probing: ping, tcping, traceroute (best-effort).
 - DNS: query/detect/watch with GeoIP, DoT/DoH, and SOCKS5 support.
+- DNS leak detection with policy profiles and privacy modes (best-effort).
 - GeoIP offline lookup via GeoLite2 Country/ASN.
 - Subnet calculator: subnet/contains/overlap/summarize.
+- Discover: mDNS/SSDP plus LLMNR/NBNS.
 
 ## Quickstart
 ```bash
@@ -44,6 +46,9 @@ wtfn dns query example.com A --transport doh --server 1.1.1.1 --tls-name cloudfl
 wtfn dns query example.com A --transport dot --server 1.1.1.1 --tls-name cloudflare-dns.com --socks5 socks5://127.0.0.1:9909
 wtfn dns detect example.com --transport doh --servers 1.1.1.1 --tls-name cloudflare-dns.com
 wtfn dns watch --duration 10s --filter example.com
+wtfn dns leak status
+wtfn dns leak watch --duration 10s --profile proxy-stub
+wtfn dns leak report report.json
 
 # TLS
 wtfn tls handshake example.com:443
@@ -55,6 +60,8 @@ wtfn tls alpn example.com:443 --alpn h2,http/1.1
 # Discover
 wtfn discover mdns --duration 3s
 wtfn discover ssdp --duration 3s
+wtfn discover llmnr --duration 3s
+wtfn discover nbns --duration 3s
 
 # Diag
 wtfn diag --out report.json --json
@@ -90,10 +97,16 @@ Command flags (implemented):
 - `dns query`: `--server <ip[:port]>`, `--transport <udp|tcp|dot|doh>`, `--tls-name <name>`, `--socks5 <url>`, `--prefer-ipv4`, `--timeout-ms <n>`
 - `dns detect`: `--servers <csv>`, `--transport <udp|tcp|dot|doh>`, `--tls-name <name>`, `--socks5 <url>`, `--prefer-ipv4`, `--repeat <n>`, `--timeout-ms <n>`
 - `dns watch`: `--duration <Ns|Nms>`, `--iface <name>`, `--filter <pattern>`
+- `dns leak status`: `--profile <full-tunnel|proxy-stub|split>`, `--policy <path>`
+- `dns leak watch`: `--duration <Ns|Nms>`, `--iface <name>`, `--profile <full-tunnel|proxy-stub|split>`, `--policy <path>`, `--privacy <full|redacted|minimal>`, `--out <path>`, `--summary-only`
+- `dns leak watch`: `--iface-diag` (prints capture-capable interfaces)
+- `dns leak report`: `<path>`, `--privacy <full|redacted|minimal>`
 - `http head|get`: `--timeout-ms <n>`, `--follow-redirects <n>`, `--show-headers`, `--show-body`, `--max-body-bytes <n>`, `--http1-only`, `--http2-only`, `--http3` (feature `http3`), `--http3-only` (feature `http3`), `--geoip`, `--socks5 <url>`
 - `tls handshake|cert|verify|alpn`: `--sni <name>`, `--alpn <csv>`, `--timeout-ms <n>`, `--insecure`, `--socks5 <url>`, `--prefer-ipv4`, `--show-extensions`, `--ocsp`
 - `discover mdns`: `--duration <Ns|Nms>`, `--service <type>`
 - `discover ssdp`: `--duration <Ns|Nms>`
+- `discover llmnr`: `--duration <Ns|Nms>`, `--name <host>`
+- `discover nbns`: `--duration <Ns|Nms>`
 - `diag`: `--out <path>`, `--bundle <path>`, `--dns-detect <domain>`, `--dns-timeout-ms <n>`, `--dns-repeat <n>`
 
 ## GeoIP data files
@@ -149,6 +162,11 @@ cargo run -p wtfnet-cli --features wtfnet-http/http3 -- http head https://cloudf
 - optional LLMNR/NBNS discovery
 - optional HTTP/3 (feature-gated; experimental, incomplete)
 
+### v0.4 (current requirements)
+- dns leak detection (passive watch + report)
+- process attribution (best-effort)
+- policy profiles + privacy modes
+
 ## Current stage
 Implemented:
 - Core CLI with JSON output and logging.
@@ -157,14 +175,16 @@ Implemented:
 - http head/get with timing and GeoIP.
 - tls handshake/verify/cert/alpn.
 - DoT/DoH + SOCKS5 proxy support.
-- discover mdns/ssdp.
+- discover mdns/ssdp/llmnr/nbns.
+- dns leak detection (status/watch/report).
 - diag report + bundle.
 - calc subcrate with subnet/contains/overlap/summarize.
 - CMake/Makefile build + package + install targets.
 - Basic unit tests for calc and TLS parsing.
 
 In progress:
-- none.
+- dns leak: DoH heuristic classification (optional).
+- dns leak: Leak-D mismatch correlation (optional).
 
 See `docs/implementation_status.md` for a design-vs-implementation view.