martedì, Marzo 19, 2024

Spamhaus Drop List Alerter – 2a versione

Gianluca Lini
Gianluca Linihttp://www.gianlucalini.it
Technology Enthusiast. I'm a System Engineer and sometimes an independent Security Researcher. IEEE member.

In seguito potete trovare la seconda versione dello script “Spamhaus Drop List Alerter” pubblicato alcuni giorni fa. Questo aggiornamento corregge un accesso negato nel download delle liste.
Queste sono le modifiche apportate rispetto alla prima versione:

def download(self):
try:
opener = urllib2.build_opener()
opener.addheaders = [('User-agent', 'Mozilla/5.0')]
sock = opener.open("http://www.spamhaus.org/drop/drop.lasso")
droplist = sock.read()
sock.close()
self.savefile(droplist)
return 1
except:
return 0

Qui di seguito, invece, la nuova versione completa dello script:

#!/usr/bin/python
import urllib2
import os
import re
import smtplib

class DROP:
 global netmask
 netmask = {"/0" : "0.0.0.0","/1" : "128.0.0.0","/2" : "192.0.0.0","/3" : "224.0.0.0","/4" : "240.0.0.0","/5" : "248.0.0.0","/6" : 
"252.0.0.0","/7" : "254.0.0.0","/8" : "255.0.0.0","/9" : "255.128.0.0","/10" : "255.192.0.0","/11" 
: "255.224.0.0","/12" : "255.240.0.0","/13" : "255.248.0.0","/14" : 
"255.252.0.0","/15" : "255.254.0.0","/16" : "255.255.0.0","/17" : 
"255.255.128.0","/18" : "255.255.192.0","/19" : "255.255.224.0","/20" : 
"255.255.240.0","/21" : "255.255.248.0","/22" : "255.255.252.0","/23" : 
"255.255.254.0","/24" : "255.255.255.0","/25" : "255.255.255.128","/26" : 
"255.255.255.192","/27" : "255.255.255.224","/28" : "255.255.255.240","/29" : 
"255.255.255.248","/30" : "255.255.255.252","/31" : "255.255.255.254","/32" : 
"255.255.255.255"
}
 def savefile(self, data):
    dlist = open("droplist.new", "w")
    dlist.write(data)
    dlist.close()
    return 1
 def readfile(self,name):
    list = open(name, "r")
    file = list.read()
    list.close()
    return file
 def download(self):
  try:
    opener = urllib2.build_opener()
    opener.addheaders = [('User-agent', 'Mozilla/5.0')]
    sock = opener.open("http://www.spamhaus.org/drop/drop.lasso")
    droplist = sock.read()
    sock.close()
    self.savefile(droplist)
    return 1
  except:
   return 0
 def savebckup(self, data):
    dlist = open("droplist.bkp", "w")
    dlist.write(data)
    dlist.close()
    return 1
 def prepare(self, data):
    matcher = re.compile('\d+\.\d+\.\d+\.\d+.\d+')
    matched = matcher.findall(data)
    #print matched
    return matched
 def route2insert(self, newlist,oldlist):
    com =  filter( lambda x: x in oldlist, newlist)
    return filter( lambda x: x not in com, newlist)
 def route2delete(self, newlist,oldlist):
    com =  filter( lambda x: x in oldlist, newlist)
    return filter( lambda x: x not in com, oldlist)
 def sendmail(self, to, msg):
    fromaddr = "[email protected]"
    toaddrs  = to
    subject = "SpamHaus DropList Automated Alert"
    headers = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, toaddrs, subject)
    message = headers + msg
    server = smtplib.SMTP('localhost')
    #debug level 
    #server.set_debuglevel(1)
    server.sendmail(fromaddr, toaddrs, message)
    server.quit()
 def sendmailauth(self, to, msg, login, passwd):
    fromaddr = "[email protected]"
    toaddrs  = to
    subject = "SpamHaus DropList Automated Alert"
    headers = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, toaddrs, subject)
    message = headers + msg
    server = smtplib.SMTP('localhost')
    #debug level 
    #server.set_debuglevel(1)
    server.login(login,passwd)
    server.sendmail(fromaddr, toaddrs, message)
    server.quit()
 def rotteadd(self, data):
  strrotte = ""
  for i in data:
    matcher = re.compile('\/\d+')
    matched = matcher.search(i)
    nmask = netmask[matched.group()]
    matcher = re.compile('\d+\.\d+\.\d+\.\d+')
    matched = matcher.search(i)
    strrotte +=  "ip route " + matched.group() + " " + nmask + " Null0\n"
  return strrotte
 def rottedel(self, data):
  strrotte = ""
  for i in data:
    matcher = re.compile('\/\d+')
    matched = matcher.search(i)
    nmask = netmask[matched.group()]
    matcher = re.compile('\d+\.\d+\.\d+\.\d+')
    matched = matcher.search(i)
    strrotte +=  "no ip route " + matched.group() + " " + nmask + " Null0\n"
  return strrotte

null0 = DROP()
null0.download()
if not os.path.isfile('droplist.bkp'):
 null0.savebckup("")
newlist = null0.prepare(null0.readfile('droplist.new'))
oldlist = null0.prepare(null0.readfile('droplist.bkp'))
r2in = null0.route2insert(newlist,oldlist)
r2del = null0.route2delete(newlist,oldlist)
mailbody = null0.rotteadd(r2in) + null0.rottedel(r2del)
#print mailbody
if not mailbody:
 mailbody = "Nessuna modifica alla lista"
 null0.sendmail("yourmail@yourdomain", mailbody)
else:
 null0.sendmail("yourmail@yourdomain", mailbody)
null0.savebckup(null0.readfile('droplist.new'))

Articoli correlati

Il caso “Medusa Ransomware”

I ransomware stanno diventando sempre più una minaccia di rilevanza importante, quasi da non far dormire sonni tranquilli ad aziende sia pubbliche che private,...

Digital Transformation


 

Noleggia una Tesla per il tuo evento ICT!

Categorie