support dnsbl TXT records
This commit is contained in:
jesopo
parent
b6e8f668c4
commit
6d99a9fae6
2 changed files with 22 additions and 33 deletions
|
|
@ -43,14 +43,22 @@ class Module(ModuleManager.BaseModule):
|
|||
failed = []
|
||||
for list in lists:
|
||||
record = self._check_list(list.hostname, address)
|
||||
if not record == None:
|
||||
reason = list.process(record) or "unknown"
|
||||
if record is not None:
|
||||
a_record, txt_record = record
|
||||
reason = list.process(a_record, txt_record) or "unknown"
|
||||
failed.append((list.hostname, reason))
|
||||
return failed
|
||||
|
||||
def _check_list(self, list, address):
|
||||
list_address = "%s.%s" % (address, list)
|
||||
try:
|
||||
return dns.resolver.query(list_address, "A")[0].to_text()
|
||||
a_record = dns.resolver.query(list_address, "A")[0].to_text()
|
||||
except dns.resolver.NXDOMAIN:
|
||||
return None
|
||||
|
||||
try:
|
||||
txt_record = dns.resolver.query(list_address, "TXT")[0].to_text()
|
||||
except:
|
||||
txt_record = None
|
||||
|
||||
return (a_record, txt_record)
|
||||
|
|
|
|||
|
|
@ -5,13 +5,16 @@ class DNSBL(object):
|
|||
if not hostname == None:
|
||||
self.hostname = hostname
|
||||
|
||||
def process(self, result: str):
|
||||
return result
|
||||
def process(self, a_record, txt_record):
|
||||
out = a_record
|
||||
if txt_record is not None:
|
||||
out += f" - {txt_record}"
|
||||
return out
|
||||
|
||||
class ZenSpamhaus(DNSBL):
|
||||
hostname = "zen.spamhaus.org"
|
||||
def process(self, result):
|
||||
result = result.rsplit(".", 1)[1]
|
||||
def process(self, a_record, txt_record):
|
||||
result = a_record.rsplit(".", 1)[1]
|
||||
if result in ["2", "3", "9"]:
|
||||
desc = "spam"
|
||||
elif result in ["4", "5", "6", "7"]:
|
||||
|
|
@ -20,8 +23,8 @@ class ZenSpamhaus(DNSBL):
|
|||
|
||||
class EFNetRBL(DNSBL):
|
||||
hostname = "rbl.efnetrbl.org"
|
||||
def process(self, result):
|
||||
result = result.rsplit(".", 1)[1]
|
||||
def process(self, a_record, txt_record):
|
||||
result = a_record.rsplit(".", 1)[1]
|
||||
if result == "1":
|
||||
desc = "proxy"
|
||||
elif result in ["2", "3"]:
|
||||
|
|
@ -32,35 +35,13 @@ class EFNetRBL(DNSBL):
|
|||
desc = "flooding"
|
||||
return f"{result} - {desc}"
|
||||
|
||||
DRONEBL_CATEGORIES = {
|
||||
3: "IRC drone",
|
||||
5: "bottler",
|
||||
6: "unknown spambot or drone",
|
||||
7: "DDoS drone",
|
||||
8: "open SOCKS proxy",
|
||||
9: "open HTTP proxy",
|
||||
10: "proxychain",
|
||||
11: "web page proxy",
|
||||
12: "open DNS resolver",
|
||||
13: "brute force attacker",
|
||||
14: "open WINGATE proxy",
|
||||
15: "compromised router/gateway",
|
||||
16: "autorooting malware",
|
||||
17: "detected botnet IP",
|
||||
18: "DNS/MX on IRC",
|
||||
19: "abused VPN service"
|
||||
}
|
||||
class DroneBL(DNSBL):
|
||||
hostname = "dnsbl.dronebl.org"
|
||||
def process(self, result):
|
||||
result = int(result.rsplit(".", 1)[1])
|
||||
desc = DRONEBL_CATEGORIES.get(result, "unknown")
|
||||
return f"{result} - {desc}"
|
||||
|
||||
class AbuseAtCBL(DNSBL):
|
||||
hostname = "cbl.abuseat.org"
|
||||
def process(self, result):
|
||||
result = result.rsplit(".", 1)[1]
|
||||
def process(self, a_record, txt_record):
|
||||
result = a_record.rsplit(".", 1)[1]
|
||||
if result == "2":
|
||||
desc = "abuse"
|
||||
else:
|
||||
|
|
|
|||
Loading…
Reference in a new issue