Firepup650/bitbot-3.11-fork
2
0
Fork 0
Code Issues Pull requests Activity Actions

better dronebl descriptions, show category in all list descriptions

Browse source
This commit is contained in:
jesopo 2020-09-08 15:48:14 +00:00
parent c32e073c35
commit b6e8f668c4
1 changed files with 34 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
modules/dnsbl/lists.py
View file

@ -13,41 +13,59 @@ class ZenSpamhaus(DNSBL):
def process(self, result): def process(self, result):
result = result.rsplit(".", 1)[1] result = result.rsplit(".", 1)[1]
if result in ["2", "3", "9"]: if result in ["2", "3", "9"]:
return "spam" desc = "spam"
elif result in ["4", "5", "6", "7"]: elif result in ["4", "5", "6", "7"]:
return "exploits" desc = "exploits"
return f"{result} - {desc}"
class EFNetRBL(DNSBL): class EFNetRBL(DNSBL):
hostname = "rbl.efnetrbl.org" hostname = "rbl.efnetrbl.org"
def process(self, result): def process(self, result):
result = result.rsplit(".", 1)[1] result = result.rsplit(".", 1)[1]
if result == "1": if result == "1":
return "proxy" desc = "proxy"
elif result in ["2", "3"]: elif result in ["2", "3"]:
return "spamtap" desc = "spamtap"
elif result == "4": elif result == "4":
return "tor" desc = "tor"
elif result == "5": elif result == "5":
return "flooding" desc = "flooding"
return f"{result} - {desc}"
DRONEBL_CATEGORIES = {
3: "IRC drone",
5: "bottler",
6: "unknown spambot or drone",
7: "DDoS drone",
8: "open SOCKS proxy",
9: "open HTTP proxy",
10: "proxychain",
11: "web page proxy",
12: "open DNS resolver",
13: "brute force attacker",
14: "open WINGATE proxy",
15: "compromised router/gateway",
16: "autorooting malware",
17: "detected botnet IP",
18: "DNS/MX on IRC",
19: "abused VPN service"
}
class DroneBL(DNSBL): class DroneBL(DNSBL):
hostname = "dnsbl.dronebl.org" hostname = "dnsbl.dronebl.org"
def process(self, result): def process(self, result):
result = result.rsplit(".", 1)[1] result = int(result.rsplit(".", 1)[1])
if result in ["8", "9", "10", "11", "14"]: desc = DRONEBL_CATEGORIES.get(result, "unknown")
return "proxy" return f"{result} - {desc}"
elif result in ["3", "6", "7"]:
return "flooding"
elif result in ["12", "13", "15", "16"]:
return "exploits"
elif result == "19":
return "abused vpn"
class AbuseAtCBL(DNSBL): class AbuseAtCBL(DNSBL):
hostname = "cbl.abuseat.org" hostname = "cbl.abuseat.org"
def process(self, result): def process(self, result):
result = result.rsplit(".", 1)[1] result = result.rsplit(".", 1)[1]
if result == "2": if result == "2":
return "abuse" desc = "abuse"
else:
desc = "unknown"
return f"{result} - {desc}"
DEFAULT_LISTS = [ DEFAULT_LISTS = [
ZenSpamhaus(), ZenSpamhaus(),