mercoledì, Febbraio 1, 2023

Spamhaus Drop List Alerter – 2a versione

Gianluca Linihttp://www.gianlucalini.it
Technology Enthusiast. I'm a System Engineer and sometimes an independent Security Researcher. IEEE member.

In seguito potete trovare la seconda versione dello script “Spamhaus Drop List Alerter” pubblicato alcuni giorni fa. Questo aggiornamento corregge un accesso negato nel download delle liste.
Queste sono le modifiche apportate rispetto alla prima versione:

def download(self):
try:
opener = urllib2.build_opener()
opener.addheaders = [('User-agent', 'Mozilla/5.0')]
sock = opener.open("http://www.spamhaus.org/drop/drop.lasso")
droplist = sock.read()
sock.close()
self.savefile(droplist)
return 1
except:
return 0

Qui di seguito, invece, la nuova versione completa dello script:

#!/usr/bin/python
import urllib2
import os
import re
import smtplib

class DROP:
 global netmask
 netmask = {"/0" : "0.0.0.0","/1" : "128.0.0.0","/2" : "192.0.0.0","/3" : "224.0.0.0","/4" : "240.0.0.0","/5" : "248.0.0.0","/6" : 
"252.0.0.0","/7" : "254.0.0.0","/8" : "255.0.0.0","/9" : "255.128.0.0","/10" : "255.192.0.0","/11" 
: "255.224.0.0","/12" : "255.240.0.0","/13" : "255.248.0.0","/14" : 
"255.252.0.0","/15" : "255.254.0.0","/16" : "255.255.0.0","/17" : 
"255.255.128.0","/18" : "255.255.192.0","/19" : "255.255.224.0","/20" : 
"255.255.240.0","/21" : "255.255.248.0","/22" : "255.255.252.0","/23" : 
"255.255.254.0","/24" : "255.255.255.0","/25" : "255.255.255.128","/26" : 
"255.255.255.192","/27" : "255.255.255.224","/28" : "255.255.255.240","/29" : 
"255.255.255.248","/30" : "255.255.255.252","/31" : "255.255.255.254","/32" : 
"255.255.255.255"
}
 def savefile(self, data):
    dlist = open("droplist.new", "w")
    dlist.write(data)
    dlist.close()
    return 1
 def readfile(self,name):
    list = open(name, "r")
    file = list.read()
    list.close()
    return file
 def download(self):
  try:
    opener = urllib2.build_opener()
    opener.addheaders = [('User-agent', 'Mozilla/5.0')]
    sock = opener.open("http://www.spamhaus.org/drop/drop.lasso")
    droplist = sock.read()
    sock.close()
    self.savefile(droplist)
    return 1
  except:
   return 0
 def savebckup(self, data):
    dlist = open("droplist.bkp", "w")
    dlist.write(data)
    dlist.close()
    return 1
 def prepare(self, data):
    matcher = re.compile('\d+\.\d+\.\d+\.\d+.\d+')
    matched = matcher.findall(data)
    #print matched
    return matched
 def route2insert(self, newlist,oldlist):
    com =  filter( lambda x: x in oldlist, newlist)
    return filter( lambda x: x not in com, newlist)
 def route2delete(self, newlist,oldlist):
    com =  filter( lambda x: x in oldlist, newlist)
    return filter( lambda x: x not in com, oldlist)
 def sendmail(self, to, msg):
    fromaddr = "[email protected]"
    toaddrs  = to
    subject = "SpamHaus DropList Automated Alert"
    headers = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, toaddrs, subject)
    message = headers + msg
    server = smtplib.SMTP('localhost')
    #debug level 
    #server.set_debuglevel(1)
    server.sendmail(fromaddr, toaddrs, message)
    server.quit()
 def sendmailauth(self, to, msg, login, passwd):
    fromaddr = "[email protected]"
    toaddrs  = to
    subject = "SpamHaus DropList Automated Alert"
    headers = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, toaddrs, subject)
    message = headers + msg
    server = smtplib.SMTP('localhost')
    #debug level 
    #server.set_debuglevel(1)
    server.login(login,passwd)
    server.sendmail(fromaddr, toaddrs, message)
    server.quit()
 def rotteadd(self, data):
  strrotte = ""
  for i in data:
    matcher = re.compile('\/\d+')
    matched = matcher.search(i)
    nmask = netmask[matched.group()]
    matcher = re.compile('\d+\.\d+\.\d+\.\d+')
    matched = matcher.search(i)
    strrotte +=  "ip route " + matched.group() + " " + nmask + " Null0\n"
  return strrotte
 def rottedel(self, data):
  strrotte = ""
  for i in data:
    matcher = re.compile('\/\d+')
    matched = matcher.search(i)
    nmask = netmask[matched.group()]
    matcher = re.compile('\d+\.\d+\.\d+\.\d+')
    matched = matcher.search(i)
    strrotte +=  "no ip route " + matched.group() + " " + nmask + " Null0\n"
  return strrotte

null0 = DROP()
null0.download()
if not os.path.isfile('droplist.bkp'):
 null0.savebckup("")
newlist = null0.prepare(null0.readfile('droplist.new'))
oldlist = null0.prepare(null0.readfile('droplist.bkp'))
r2in = null0.route2insert(newlist,oldlist)
r2del = null0.route2delete(newlist,oldlist)
mailbody = null0.rotteadd(r2in) + null0.rottedel(r2del)
#print mailbody
if not mailbody:
 mailbody = "Nessuna modifica alla lista"
 null0.sendmail("[email protected]", mailbody)
else:
 null0.sendmail("[email protected]", mailbody)
null0.savebckup(null0.readfile('droplist.new'))

Articoli correlati

Il Dark web e la Cybersecurity

Cos’è esattamente il Dark Web? Ultimamente i termini Deep Web e Dark Web vengono spesso confusi, creando così un caos che provoca l’interscambiabilità dei due...

Digital Transformation


 

Noleggia una Tesla per il tuo evento ICT!

Categorie