149 lines
4.1 KiB
Bash
149 lines
4.1 KiB
Bash
|
#!/bin/bash
|
||
|
#
|
||
|
# Check if an IP address is listed on one of the
|
||
|
# following blacklists. The format is chosen to
|
||
|
# make it easy to add or delete. The shell script
|
||
|
# will strip multiple white spaces.
|
||
|
|
||
|
BLISTS="
|
||
|
aspews.ext.sorbs.net
|
||
|
b.barracudacentral.org
|
||
|
bl.deadbeef.com
|
||
|
bl.spamcop.net
|
||
|
blackholes.five-ten-sg.com
|
||
|
blacklist.woody.ch
|
||
|
bogons.cymru.com
|
||
|
cbl.abuseat.org
|
||
|
cdl.anti-spam.org.cn
|
||
|
combined.abuse.ch
|
||
|
combined.rbl.msrbl.net
|
||
|
db.wpbl.info
|
||
|
dnsbl.cyberlogic.net
|
||
|
dnsbl.dronebl.org
|
||
|
dnsbl.inps.de
|
||
|
dnsbl.njabl.org
|
||
|
dnsbl.sorbs.net
|
||
|
drone.abuse.ch
|
||
|
duinv.aupads.org
|
||
|
dul.dnsbl.sorbs.net
|
||
|
dul.ru
|
||
|
dyna.spamrats.com
|
||
|
dynip.rothen.com
|
||
|
http.dnsbl.sorbs.net
|
||
|
images.rbl.msrbl.net
|
||
|
ips.backscatterer.org
|
||
|
ix.dnsbl.manitu.net
|
||
|
korea.services.net
|
||
|
misc.dnsbl.sorbs.net
|
||
|
noptr.spamrats.com
|
||
|
ohps.dnsbl.net.au
|
||
|
omrs.dnsbl.net.au
|
||
|
orvedb.aupads.org
|
||
|
osps.dnsbl.net.au
|
||
|
osrs.dnsbl.net.au
|
||
|
owfs.dnsbl.net.au
|
||
|
owps.dnsbl.net.au
|
||
|
pbl.spamhaus.org
|
||
|
phishing.rbl.msrbl.net
|
||
|
probes.dnsbl.net.au
|
||
|
proxy.bl.gweep.ca
|
||
|
proxy.block.transip.nl
|
||
|
psbl.surriel.com
|
||
|
rdts.dnsbl.net.au
|
||
|
relays.bl.gweep.ca
|
||
|
relays.bl.kundenserver.de
|
||
|
relays.nether.net
|
||
|
residential.block.transip.nl
|
||
|
ricn.dnsbl.net.au
|
||
|
rmst.dnsbl.net.au
|
||
|
sbl.spamhaus.org
|
||
|
short.rbl.jp
|
||
|
smtp.dnsbl.sorbs.net
|
||
|
socks.dnsbl.sorbs.net
|
||
|
spam.abuse.ch
|
||
|
spam.dnsbl.sorbs.net
|
||
|
spam.rbl.msrbl.net
|
||
|
spam.spamrats.com
|
||
|
spamlist.or.kr
|
||
|
spamrbl.imp.ch
|
||
|
t3direct.dnsbl.net.au
|
||
|
tor.dnsbl.sectoor.de
|
||
|
torserver.tor.dnsbl.sectoor.de
|
||
|
ubl.lashback.com
|
||
|
ubl.unsubscore.com
|
||
|
virbl.bit.nl
|
||
|
virus.rbl.jp
|
||
|
virus.rbl.msrbl.net
|
||
|
web.dnsbl.sorbs.net
|
||
|
wormrbl.imp.ch
|
||
|
xbl.spamhaus.org
|
||
|
zen.spamhaus.org
|
||
|
zombie.dnsbl.sorbs.net
|
||
|
dnsbl.httpbl.org
|
||
|
combined.njabl.org
|
||
|
dnsbl.spfbl.net
|
||
|
"
|
||
|
# register at http://www.projecthoneypot.org/httpbl_api.php to
|
||
|
# obtain an API-key
|
||
|
HTTPbl_API_KEY="[your_api_key]"
|
||
|
# simple shell function to show an error message and exit
|
||
|
# $0 : the name of shell script, $1 is the string passed as argument
|
||
|
# >&2 : redirect/send the message to stderr
|
||
|
ERROR() {
|
||
|
echo $0 ERROR: $1 >&2
|
||
|
exit 2
|
||
|
}
|
||
|
|
||
|
# -- Sanity check on parameters
|
||
|
[ $# -ne 1 ] && ERROR 'Please specify a single IP address'
|
||
|
# -- if the address consists of 4 groups of minimal 1, maximal digits,
|
||
|
# separated by '.'
|
||
|
# -- reverse the order
|
||
|
# -- if the address does not match these criteria the variable
|
||
|
# 'reverse will be empty'
|
||
|
reverse=$(echo $1 |
|
||
|
sed -ne "s~^\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)$~\4.\3.\2.\1~p")
|
||
|
if [ "x${reverse}" = "x" ] ; then
|
||
|
ERROR "IMHO '$1' doesn't look like a valid IP address"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
# Assuming an IP address of 11.22.33.44 as parameter or argument
|
||
|
# If the IP address in $0 passes our crude regular expression
|
||
|
# check, the variable ${reverse} will contain 44.33.22.11
|
||
|
# In this case the test will be:
|
||
|
# [ "x44.33.22.11" = "x" ]
|
||
|
# This test will fail and the program will continue
|
||
|
# An empty '${reverse}' means that shell argument $1 doesn't pass our
|
||
|
# simple IP address check. In that case the test will be:
|
||
|
# [ "x" = "x" ]
|
||
|
# This evaluates to true, so the script will call the ERROR function
|
||
|
# and quit
|
||
|
# -- do a reverse ( address -> name) DNS lookup
|
||
|
REVERSE_DNS=$(dig +short -x $1)
|
||
|
echo IP $1 NAME ${REVERSE_DNS:----}
|
||
|
|
||
|
# -- cycle through all the blacklists
|
||
|
for BL in ${BLISTS} ; do
|
||
|
# print the UTC date (without linefeed)
|
||
|
printf $(env TZ=UTC date "+%Y-%m-%d_%H:%M:%S")
|
||
|
# show the reversed IP and append the name of the blacklist
|
||
|
if [ "$BL" == "dnsbl.httpbl.org" ];
|
||
|
then
|
||
|
printf "%-50s" " ${HTTPbl_API_KEY}.${reverse}.${BL}."
|
||
|
else
|
||
|
printf "%-50s" " ${reverse}.${BL}."
|
||
|
fi
|
||
|
# use dig to lookup the name in the blacklist
|
||
|
# echo "$(dig +short -t a ${reverse}.${BL}. | tr 'n' ' ')"
|
||
|
if [ "$BL" == "dnsbl.httpbl.org" ];
|
||
|
then
|
||
|
LISTED="$(dig +short -t a ${HTTPbl_API_KEY}.${reverse}.${BL}.)"
|
||
|
echo ${LISTED:----}
|
||
|
else
|
||
|
LISTED="$(dig +short -t a ${reverse}.${BL}.)"
|
||
|
echo ${LISTED:----}
|
||
|
fi
|
||
|
done
|
||
|
# --- EOT ------
|