mirror of
https://github.com/adulau/multi-rblcheck.git
synced 2024-12-22 08:36:01 +00:00
First version of multi-rblcheck
This commit is contained in:
commit
e54d128bf5
2 changed files with 249 additions and 0 deletions
125
README.md
Normal file
125
README.md
Normal file
|
@ -0,0 +1,125 @@
|
||||||
|
# multi-rblcheck
|
||||||
|
|
||||||
|
multi-rblcheck is a Python script to test a list of IP addresses against RBLs.
|
||||||
|
|
||||||
|
The output is a JSON object per IP address.
|
||||||
|
|
||||||
|
# Usage
|
||||||
|
|
||||||
|
~~~~
|
||||||
|
usage: rbl.py [-h] [-d] [-t] -i IP [-a]
|
||||||
|
|
||||||
|
multi-rblcheck A simple script to test a list of IP addresses against RBLs.
|
||||||
|
The output is a JSON object per IP address.
|
||||||
|
|
||||||
|
optional arguments:
|
||||||
|
-h, --help show this help message and exit
|
||||||
|
-d, --debug Include debug message
|
||||||
|
-t, --test
|
||||||
|
-i IP, --ip IP IPv4 address to check against the RBLs (one or more IP
|
||||||
|
addresses)
|
||||||
|
-a, --all Include unlisted results
|
||||||
|
~~~~
|
||||||
|
|
||||||
|
# Requirements
|
||||||
|
|
||||||
|
- Python 3
|
||||||
|
- dnspython3 library
|
||||||
|
|
||||||
|
# Output
|
||||||
|
|
||||||
|
~~~~
|
||||||
|
{
|
||||||
|
"not_listed": [],
|
||||||
|
"date": "2017-12-25T14:08:58.111259+00:00",
|
||||||
|
"query": "127.0.0.2",
|
||||||
|
"info": [
|
||||||
|
"\"Blocked - see http://www.spamcop.net/bl.shtml?127.0.0.2\"",
|
||||||
|
"\"Sender has sent to LashBack Unsubscribe Probe accounts\"",
|
||||||
|
"\"Sender has sent to LashBack Unsubscribe Probe accounts\"",
|
||||||
|
"\"Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=127.0.0.2\"",
|
||||||
|
"\"Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=127.0.0.2\"",
|
||||||
|
"\"Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=127.0.0.2\"",
|
||||||
|
"\"Spam source - http://wpbl.info/record?ip=127.0.0.2\"",
|
||||||
|
"\"Open SMTP Relay See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"Hijacked/Disused Netblocks See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"Hijacked/Disused Netblocks See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"Testing class.\"",
|
||||||
|
"\"wild.surbl.org permanent test point\"",
|
||||||
|
"\"Test entry, see http://www.dnsbl.manitu.net/lookup.php?value=127.0.0.2\"",
|
||||||
|
"\"Test entry, see http://www.dnsbl.manitu.net/lookup.php?value=127.0.0.2\"",
|
||||||
|
"\"Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"Infected System, see http://www.blocklist.de/en/view.html?ip=127.0.0.2\"",
|
||||||
|
"\"SOCKS Proxy See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"SOCKS Proxy See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"SOCKS Proxy See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"SOCKS Proxy See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"Listed in PSBL, see http://psbl.org/listing?ip=127.0.0.2\"",
|
||||||
|
"\"Misc Proxy/Server See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"Misc Proxy/Server See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"https://www.spamhaus.org/query/ip/127.0.0.2\"",
|
||||||
|
"\"https://www.spamhaus.org/query/ip/127.0.0.2\"",
|
||||||
|
"\"RFC5782 Test Entry\"",
|
||||||
|
"\"Test Record\"",
|
||||||
|
"\"Exploitable Server See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"https://www.spamhaus.org/query/ip/127.0.0.2\"",
|
||||||
|
"\"Blocked - see http://www.abuseat.org/lookup.cgi?ip=127.0.0.2\"",
|
||||||
|
"\"Dial-Up/Cable/DSL IP Range - Use your providers SMTP Gateway\"",
|
||||||
|
"\"Blocked at http://sigs.interserver.net/ip?ip=127.0.0.2\"",
|
||||||
|
"\"HTTP Proxy See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?127.0.0.2\"",
|
||||||
|
"\"Spam Received See: http://www.sorbs.net/lookup.shtml?127.0.0.2\""
|
||||||
|
],
|
||||||
|
"listed": [
|
||||||
|
"2.0.0.127.bl.spamcop.net",
|
||||||
|
"2.0.0.127.ubl.unsubscore.com",
|
||||||
|
"2.0.0.127.zen.spamhaus.org",
|
||||||
|
"2.0.0.127.zen.spamhaus.org",
|
||||||
|
"2.0.0.127.korea.services.net",
|
||||||
|
"2.0.0.127.bogons.cymru.com",
|
||||||
|
"2.0.0.127.bogons.cymru.com",
|
||||||
|
"2.0.0.127.access.redhawk.org",
|
||||||
|
"2.0.0.127.access.redhawk.org",
|
||||||
|
"2.0.0.127.db.wpbl.info",
|
||||||
|
"2.0.0.127.smtp.dnsbl.sorbs.net",
|
||||||
|
"2.0.0.127.zombie.dnsbl.sorbs.net",
|
||||||
|
"2.0.0.127.rbl.efnetrbl.org",
|
||||||
|
"2.0.0.127.rbl.efnetrbl.org",
|
||||||
|
"2.0.0.127.dnsbl.dronebl.org",
|
||||||
|
"2.0.0.127.multi.surbl.org",
|
||||||
|
"2.0.0.127.ix.dnsbl.manitu.net",
|
||||||
|
"2.0.0.127.noptr.spamrats.com",
|
||||||
|
"2.0.0.127.noptr.spamrats.com",
|
||||||
|
"2.0.0.127.dnsbl.sorbs.net",
|
||||||
|
"2.0.0.127.all.bl.blocklist.de",
|
||||||
|
"2.0.0.127.socks.dnsbl.sorbs.net",
|
||||||
|
"2.0.0.127.spam.spamrats.com",
|
||||||
|
"2.0.0.127.spam.spamrats.com",
|
||||||
|
"2.0.0.127.dyna.spamrats.com",
|
||||||
|
"2.0.0.127.dyna.spamrats.com",
|
||||||
|
"2.0.0.127.dnsbl.inps.de",
|
||||||
|
"2.0.0.127.dnsbl.inps.de",
|
||||||
|
"2.0.0.127.psbl.surriel.com",
|
||||||
|
"2.0.0.127.misc.dnsbl.sorbs.net",
|
||||||
|
"2.0.0.127.short.rbl.jp",
|
||||||
|
"2.0.0.127.short.rbl.jp",
|
||||||
|
"2.0.0.127.pbl.spamhaus.org",
|
||||||
|
"2.0.0.127.b.barracudacentral.org",
|
||||||
|
"2.0.0.127.b.barracudacentral.org",
|
||||||
|
"2.0.0.127.wormrbl.imp.ch",
|
||||||
|
"2.0.0.127.truncate.gbudb.net",
|
||||||
|
"2.0.0.127.web.dnsbl.sorbs.net",
|
||||||
|
"2.0.0.127.xbl.spamhaus.org",
|
||||||
|
"2.0.0.127.cbl.abuseat.org",
|
||||||
|
"2.0.0.127.spamguard.leadmon.net",
|
||||||
|
"2.0.0.127.rbl.interserver.net",
|
||||||
|
"2.0.0.127.http.dnsbl.sorbs.net",
|
||||||
|
"2.0.0.127.dul.dnsbl.sorbs.net",
|
||||||
|
"2.0.0.127.sbl.spamhaus.org",
|
||||||
|
"2.0.0.127.sbl.spamhaus.org",
|
||||||
|
"2.0.0.127.spam.dnsbl.sorbs.net"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
~~~~
|
||||||
|
|
124
rbl.py
Normal file
124
rbl.py
Normal file
|
@ -0,0 +1,124 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
# coding=utf-8
|
||||||
|
#
|
||||||
|
# Quick-and-dirty(tm) Python script to check a set of IPv4 addresses against known RBLs
|
||||||
|
#
|
||||||
|
|
||||||
|
__author__ = "Alexandre Dulaunoy"
|
||||||
|
__copyright__ = "Copyright 2017, Alexandre Dulaunoy"
|
||||||
|
__license__ = "AGPL version 3"
|
||||||
|
__version__ = "0.1"
|
||||||
|
|
||||||
|
import sys
|
||||||
|
import argparse
|
||||||
|
import json
|
||||||
|
import datetime
|
||||||
|
|
||||||
|
try:
|
||||||
|
import dns.resolver
|
||||||
|
resolver = dns.resolver.Resolver()
|
||||||
|
resolver.timeout = 0.2
|
||||||
|
resolver.lifetime = 0.2
|
||||||
|
except:
|
||||||
|
print('dnspython3 is missing, pip install dnspython3')
|
||||||
|
sys.exit(0)
|
||||||
|
|
||||||
|
parser = argparse.ArgumentParser(description='multi-rblcheck\nA simple script to test a list of IP addresses against RBLs.\n The output is a JSON object per IP address.')
|
||||||
|
parser.add_argument("-d","--debug", default=False, action='store_true', help='Include debug message')
|
||||||
|
parser.add_argument("-t", "--test", default=False, action='store_true')
|
||||||
|
parser.add_argument("-i", "--ip", default=None, action='append', required=True, help='IPv4 address to check against the RBLs (one or more IP addresses)')
|
||||||
|
parser.add_argument("-a", "--all", default=False, action='store_true', help='Include unlisted results')
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
if args.test:
|
||||||
|
args.ip = ['127.0.0.1']
|
||||||
|
|
||||||
|
rbls = {
|
||||||
|
'spam.spamrats.com': 'http://www.spamrats.com',
|
||||||
|
'spamguard.leadmon.net': 'http://www.leadmon.net/SpamGuard/',
|
||||||
|
'rbl-plus.mail-abuse.org': 'http://www.mail-abuse.com/lookup.html',
|
||||||
|
'web.dnsbl.sorbs.net': 'http://www.sorbs.net',
|
||||||
|
'ix.dnsbl.manitu.net': 'http://www.dnsbl.manitu.net',
|
||||||
|
'virus.rbl.jp': 'http://www.rbl.jp',
|
||||||
|
'dul.dnsbl.sorbs.net': 'http://www.sorbs.net',
|
||||||
|
'bogons.cymru.com': 'http://www.team-cymru.org/Services/Bogons/',
|
||||||
|
'psbl.surriel.com': 'http://psbl.surriel.com',
|
||||||
|
'misc.dnsbl.sorbs.net': 'http://www.sorbs.net',
|
||||||
|
'httpbl.abuse.ch': 'http://dnsbl.abuse.ch',
|
||||||
|
'combined.njabl.org': 'http://combined.njabl.org',
|
||||||
|
'smtp.dnsbl.sorbs.net': 'http://www.sorbs.net',
|
||||||
|
'korea.services.net': 'http://korea.services.net',
|
||||||
|
'drone.abuse.ch': 'http://dnsbl.abuse.ch',
|
||||||
|
'rbl.efnetrbl.org': 'http://rbl.efnetrbl.org',
|
||||||
|
'cbl.anti-spam.org.cn': 'http://www.anti-spam.org.cn/?Locale=en_US',
|
||||||
|
'b.barracudacentral.org': 'http://www.barracudacentral.org/rbl/removal-request',
|
||||||
|
'bl.spamcannibal.org': 'http://www.spamcannibal.org',
|
||||||
|
'xbl.spamhaus.org': 'http://www.spamhaus.org/xbl/',
|
||||||
|
'zen.spamhaus.org': 'http://www.spamhaus.org/zen/',
|
||||||
|
'rbl.suresupport.com': 'http://suresupport.com/postmaster',
|
||||||
|
'db.wpbl.info': 'http://www.wpbl.info',
|
||||||
|
'sbl.spamhaus.org': 'http://www.spamhaus.org/sbl/',
|
||||||
|
'http.dnsbl.sorbs.net': 'http://www.sorbs.net',
|
||||||
|
'csi.cloudmark.com': 'http://www.cloudmark.com/en/products/cloudmark-sender-intelligence/index',
|
||||||
|
'rbl.interserver.net': 'http://rbl.interserver.net',
|
||||||
|
'ubl.unsubscore.com': 'http://www.lashback.com/blacklist/',
|
||||||
|
'dnsbl.sorbs.net': 'http://www.sorbs.net',
|
||||||
|
'virbl.bit.nl': 'http://virbl.bit.nl',
|
||||||
|
'pbl.spamhaus.org': 'http://www.spamhaus.org/pbl/',
|
||||||
|
'socks.dnsbl.sorbs.net': 'http://www.sorbs.net',
|
||||||
|
'short.rbl.jp': 'http://www.rbl.jp',
|
||||||
|
'dnsbl.dronebl.org': 'http://www.dronebl.org',
|
||||||
|
'blackholes.mail-abuse.org': 'http://www.mail-abuse.com/lookup.html',
|
||||||
|
'truncate.gbudb.net': 'http://www.gbudb.com/truncate/index.jsp',
|
||||||
|
'dyna.spamrats.com': 'http://www.spamrats.com',
|
||||||
|
'spamrbl.imp.ch': 'http://antispam.imp.ch',
|
||||||
|
'spam.dnsbl.sorbs.net': 'http://www.sorbs.net',
|
||||||
|
'wormrbl.imp.ch': 'http://antispam.imp.ch',
|
||||||
|
'query.senderbase.org': 'http://www.senderbase.org/about',
|
||||||
|
'opm.tornevall.org': 'http://dnsbl.tornevall.org',
|
||||||
|
'netblock.pedantic.org': 'http://pedantic.org',
|
||||||
|
'access.redhawk.org': 'http://www.redhawk.org/index.php?option=com_wrapper&Itemid=33',
|
||||||
|
'cdl.anti-spam.org.cn': 'http://www.anti-spam.org.cn/?Locale=en_US',
|
||||||
|
'multi.surbl.org': 'http://www.surbl.org',
|
||||||
|
'noptr.spamrats.com': 'http://www.spamrats.com',
|
||||||
|
'dnsbl.inps.de': 'http://dnsbl.inps.de/index.cgi?lang=en',
|
||||||
|
'bl.spamcop.net': 'http://bl.spamcop.net',
|
||||||
|
'cbl.abuseat.org': 'http://cbl.abuseat.org',
|
||||||
|
'dsn.rfc-ignorant.org': 'http://www.rfc-ignorant.org/policy-dsn.php',
|
||||||
|
'zombie.dnsbl.sorbs.net': 'http://www.sorbs.net',
|
||||||
|
'dnsbl.njabl.org': 'http://dnsbl.njabl.org',
|
||||||
|
'relays.mail-abuse.org': 'http://www.mail-abuse.com/lookup.html',
|
||||||
|
'rbl.spamlab.com': 'http://tools.appriver.com/index.aspx?tool=rbl',
|
||||||
|
'all.bl.blocklist.de': 'http://www.blocklist.de/en/rbldns.html'
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def checkAll(ip=None):
|
||||||
|
if ip is None:
|
||||||
|
return None
|
||||||
|
results = {}
|
||||||
|
results['query'] = ip
|
||||||
|
results['date'] = datetime.datetime.utcnow().replace(tzinfo=datetime.timezone.utc).isoformat()
|
||||||
|
results['listed'] = []
|
||||||
|
results['info'] = []
|
||||||
|
results['not_listed'] = []
|
||||||
|
for rbl in rbls:
|
||||||
|
ipRev = '.'.join(ip.split('.')[::-1])
|
||||||
|
query = ipRev+'.'+rbl
|
||||||
|
if args.debug:
|
||||||
|
print ('{}'.format(query))
|
||||||
|
try:
|
||||||
|
resolver.query(query,'A')
|
||||||
|
try:
|
||||||
|
txt = resolver.query(query, 'TXT')
|
||||||
|
except:
|
||||||
|
results['listed'].append(query)
|
||||||
|
results['listed'].append(query)
|
||||||
|
results['info'].append(str(txt[0]))
|
||||||
|
except:
|
||||||
|
if args.all:
|
||||||
|
results['not_listed'].append(query)
|
||||||
|
return results
|
||||||
|
|
||||||
|
for ip in args.ip:
|
||||||
|
print (json.dumps(checkAll(ip=ip)))
|
Loading…
Reference in a new issue