Permalink
Cannot retrieve contributors at this time
Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up
Fetching contributors…
Cannot retrieve contributors at this time
| import json | |
| import datetime | |
| try: | |
| import dns.resolver | |
| resolver = dns.resolver.Resolver() | |
| resolver.timeout = 0.2 | |
| resolver.lifetime = 0.2 | |
| except ImportError: | |
| print("dnspython3 is missing, use 'pip install dnspython3' to install it.") | |
| sys.exit(0) | |
| misperrors = {'error': 'Error'} | |
| mispattributes = {'input': ['ip-src', 'ip-dst'], 'output': ['text']} | |
| moduleinfo = {'version': '0.1', 'author': 'Christian Studer', | |
| 'description': 'Check an IPv4 address against known RBLs.', | |
| 'module-type': ['expansion', 'hover']} | |
| moduleconfig = [] | |
| rbls = { | |
| 'spam.spamrats.com': 'http://www.spamrats.com', | |
| 'spamguard.leadmon.net': 'http://www.leadmon.net/SpamGuard/', | |
| 'rbl-plus.mail-abuse.org': 'http://www.mail-abuse.com/lookup.html', | |
| 'web.dnsbl.sorbs.net': 'http://www.sorbs.net', | |
| 'ix.dnsbl.manitu.net': 'http://www.dnsbl.manitu.net', | |
| 'virus.rbl.jp': 'http://www.rbl.jp', | |
| 'dul.dnsbl.sorbs.net': 'http://www.sorbs.net', | |
| 'bogons.cymru.com': 'http://www.team-cymru.org/Services/Bogons/', | |
| 'psbl.surriel.com': 'http://psbl.surriel.com', | |
| 'misc.dnsbl.sorbs.net': 'http://www.sorbs.net', | |
| 'httpbl.abuse.ch': 'http://dnsbl.abuse.ch', | |
| 'combined.njabl.org': 'http://combined.njabl.org', | |
| 'smtp.dnsbl.sorbs.net': 'http://www.sorbs.net', | |
| 'korea.services.net': 'http://korea.services.net', | |
| 'drone.abuse.ch': 'http://dnsbl.abuse.ch', | |
| 'rbl.efnetrbl.org': 'http://rbl.efnetrbl.org', | |
| 'cbl.anti-spam.org.cn': 'http://www.anti-spam.org.cn/?Locale=en_US', | |
| 'b.barracudacentral.org': 'http://www.barracudacentral.org/rbl/removal-request', | |
| 'bl.spamcannibal.org': 'http://www.spamcannibal.org', | |
| 'xbl.spamhaus.org': 'http://www.spamhaus.org/xbl/', | |
| 'zen.spamhaus.org': 'http://www.spamhaus.org/zen/', | |
| 'rbl.suresupport.com': 'http://suresupport.com/postmaster', | |
| 'db.wpbl.info': 'http://www.wpbl.info', | |
| 'sbl.spamhaus.org': 'http://www.spamhaus.org/sbl/', | |
| 'http.dnsbl.sorbs.net': 'http://www.sorbs.net', | |
| 'csi.cloudmark.com': 'http://www.cloudmark.com/en/products/cloudmark-sender-intelligence/index', | |
| 'rbl.interserver.net': 'http://rbl.interserver.net', | |
| 'ubl.unsubscore.com': 'http://www.lashback.com/blacklist/', | |
| 'dnsbl.sorbs.net': 'http://www.sorbs.net', | |
| 'virbl.bit.nl': 'http://virbl.bit.nl', | |
| 'pbl.spamhaus.org': 'http://www.spamhaus.org/pbl/', | |
| 'socks.dnsbl.sorbs.net': 'http://www.sorbs.net', | |
| 'short.rbl.jp': 'http://www.rbl.jp', | |
| 'dnsbl.dronebl.org': 'http://www.dronebl.org', | |
| 'blackholes.mail-abuse.org': 'http://www.mail-abuse.com/lookup.html', | |
| 'truncate.gbudb.net': 'http://www.gbudb.com/truncate/index.jsp', | |
| 'dyna.spamrats.com': 'http://www.spamrats.com', | |
| 'spamrbl.imp.ch': 'http://antispam.imp.ch', | |
| 'spam.dnsbl.sorbs.net': 'http://www.sorbs.net', | |
| 'wormrbl.imp.ch': 'http://antispam.imp.ch', | |
| 'query.senderbase.org': 'http://www.senderbase.org/about', | |
| 'opm.tornevall.org': 'http://dnsbl.tornevall.org', | |
| 'netblock.pedantic.org': 'http://pedantic.org', | |
| 'access.redhawk.org': 'http://www.redhawk.org/index.php?option=com_wrapper&Itemid=33', | |
| 'cdl.anti-spam.org.cn': 'http://www.anti-spam.org.cn/?Locale=en_US', | |
| 'multi.surbl.org': 'http://www.surbl.org', | |
| 'noptr.spamrats.com': 'http://www.spamrats.com', | |
| 'dnsbl.inps.de': 'http://dnsbl.inps.de/index.cgi?lang=en', | |
| 'bl.spamcop.net': 'http://bl.spamcop.net', | |
| 'cbl.abuseat.org': 'http://cbl.abuseat.org', | |
| 'dsn.rfc-ignorant.org': 'http://www.rfc-ignorant.org/policy-dsn.php', | |
| 'zombie.dnsbl.sorbs.net': 'http://www.sorbs.net', | |
| 'dnsbl.njabl.org': 'http://dnsbl.njabl.org', | |
| 'relays.mail-abuse.org': 'http://www.mail-abuse.com/lookup.html', | |
| 'rbl.spamlab.com': 'http://tools.appriver.com/index.aspx?tool=rbl', | |
| 'all.bl.blocklist.de': 'http://www.blocklist.de/en/rbldns.html' | |
| } | |
| def handler(q=False): | |
| if q is False: | |
| return False | |
| request = json.loads(q) | |
| if request.get('ip-src'): | |
| ip = request['ip-src'] | |
| elif request.get('ip-dst'): | |
| ip = request['ip-dst'] | |
| else: | |
| misperrors['error'] = "Unsupported attributes type" | |
| return misperrors | |
| listed = [] | |
| info = [] | |
| for rbl in rbls: | |
| ipRev = '.'.join(ip.split('.')[::-1]) | |
| query = '{}.{}'.format(ipRev, rbl) | |
| try: | |
| txt = resolver.query(query,'TXT') | |
| listed.append(query) | |
| info.append(str(txt[0])) | |
| except Exception: | |
| continue | |
| result = {} | |
| for l, i in zip(listed, info): | |
| result[l] = i | |
| return {'results': [{'types': mispattributes.get('output'), 'values': json.dumps(result)}]} | |
| def introspection(): | |
| return mispattributes | |
| def version(): | |
| moduleinfo['config'] = moduleconfig | |
| return moduleinfo |