forked from BinaryDefense/goatrider
-
Notifications
You must be signed in to change notification settings - Fork 1
/
goatrider.py
194 lines (167 loc) · 5.51 KB
/
goatrider.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
#!/usr/bin/python
##################################################################################################
#
# This tool does a comparison of multiple sites to look for abnormal IP addresses or hostnames
#
# Current list checks:
# Alexa Top 1 Million
# Binary Defense Systems Banlist
# Binary Defense Systems Tor List
# OTX AlienVault
#
# Written by Dave Kennedy @ Binary Defense Systems (@BinaryDefense @HackingDave)
#
###################################################################################################
import urllib
import socket
from zipfile import ZipFile
from StringIO import StringIO
import sys
import os
# unzip something
def download_unzip(input_zip):
url = urllib.urlopen(input_zip)
unzipped_string = ''
zipfile = ZipFile(StringIO(url.read()))
for name in zipfile.namelist():
unzipped_string += zipfile.open(name).read()
return unzipped_string
# download something
def download_list(url):
response = urllib.urlopen(url)
return response.read()
# pulls the alexa top 1 million
def pull_alexa(hostlist):
url = ("http://s3.amazonaws.com/alexa-static/top-1m.csv.zip")
domains = download_unzip(url)
hostfile = hostlist.split("\n")
for hosts in hostfile:
hosts = hosts.rstrip()
if not hosts in domains:
if hosts != "":
print(("ALEXA_NOT_FOUND_HIT_HOST: %s" % (hosts)))
# pulls the binary defense banlist
def pull_binarybanlist(hostlist):
url = ("https://www.binarydefense.com/banlist.txt")
banlist = download_list(url)
hostfile = hostlist.split("\n")
for hosts in hostfile:
hosts = hosts.rstrip()
if hosts in banlist:
if hosts != "":
print(("ARTILLERY_BANLIST_HIT_IP: %s" % (hosts)))
# pulls the binary defense torlist
def pull_binarytorlist(hostlist):
url = ("https://www.binarydefense.com/tor.txt")
tor = download_list(url)
hostfile = hostlist.split("\n")
for hosts in hostfile:
hosts = hosts.rstrip()
if hosts in tor:
if hosts != "":
print(("ARTILLERY_TOR_HIT_IP: %s" % (hosts)))
# get associated otx list
def pull_otx(hostlist):
url = ("https://reputation.alienvault.com/reputation.unix")
otx = download_list(url)
# FORMAT: ALL: 46.4.123.15 # Malicious Host
hostfile = hostlist.split("\n")
for hosts in hostfile:
hosts = hosts.rstrip()
if hosts in otx:
if hosts != "":
print(("AV_OTX_HIT_IP: %s" % (hosts)))
# get the associated IP address to hostname
def get_ip(hostname):
ips = ""
for host in hostname:
host = host.rstrip()
try:
addr = socket.gethostbyname(host)
ips = (ips + str(addr) + "\n")
except:
pass
return ips
# get associated ip address from hostname
def get_host(ip):
ips = ""
for host in ip:
host = host.rstrip()
try:
addr = socket.gethostbyaddr(host)
addr = addr[0]
addr = addr.replace(
"https://", "").replace("http://", "").replace("www.", "")
ips = ips + str(addr + "\n")
except:
pass
return ips
try:
fileinput = sys.argv[1]
if os.path.isfile(fileinput):
# get IP or host list from file
filename = open(fileinput, "r").readlines()
print("[*] This part might take a bit... Converting hostnames to IPs or IPs to hostnames. Be patient...")
# determine if host file
counter = 0
for line in filename:
try:
socket.inet_aton(line)
# using hostnames
except:
counter = 1
break
# if we are using hostnames
if counter == 1:
host = ""
for hosts in filename:
hosts = hosts.replace(
"https://", "").replace("http://", "").replace("www.", "")
host = host + hosts + "\n"
hostlist = host
iplist = get_ip(filename)
# else we are using iplists
if counter == 0:
# get hostname list from file
hostlist = get_host(filename)
ips = ""
for ip in filename:
ips = ips + ip + "\n"
iplist = ips
print("[*] Checking Alexa, Artillery, TOR, and OTX...")
# check ips to banlist
pull_binarybanlist(iplist)
# check tor to banlist
pull_binarytorlist(iplist)
# check OTX
pull_otx(iplist)
# check alexa hostnames
pull_alexa(hostlist)
# if the file isnt there
else:
print ("Filename was not found, please specify the right path and try again.")
sys.exit()
except:
print (r""" /) (\
)\.:::::::::./(
\( o o )/
'-./ / _.-'`-.
( oo ) / _ \
|'--'/\/ ( \ \
\''/ \| \ \ \
ww | ' ) \
|.' .' |
.' .'==|==|
/ .'\ [_]
.-(/\) | /
/.-''''/| |
|| / | |
// | | |
|| |__|___/
\\ [__[___]
// .-'.-' (
||(__(__.-._)""")
print ("\n\nGoatRider is a simple tool for doing a comparison of IP addresses or hostnames to BDS Artillery Feeds, OTX, Alexa Top 1M, and TOR.")
print ("\nINSTRUCTIONS: Pass a file that has a list of hostnames or IP addresses and wait for the output to see if there are any matches")
print ("Written by: Dave Kennedy (@HackingDave) from Binary Defense (@BinaryDefense)")
print ("\nUsage: python goatrider.py <hostnames_or_ips.txt>")