Created
May 10, 2019 11:09
-
-
Save amitsdalal/c32329ae3075634e0941ba46b5b9c4f0 to your computer and use it in GitHub Desktop.
Revisions
-
amitsdalal created this gist
May 10, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,142 @@ #!/bin/sh # Check if an IP address is listed on one of the following blacklists # The format is chosen to make it easy to add or delete # The shell will strip multiple whitespace BLISTS=" dnsbl.justspam.org bl.score.senderscore.com bl.mailspike.net bl.spameatingmonkey.net b.barracudacentral.org bl.deadbeef.com bl.emailbasura.org bl.spamcannibal.org bl.spamcop.net blackholes.five-ten-sg.com blacklist.woody.ch bogons.cymru.com cbl.abuseat.org cdl.anti-spam.org.cn combined.abuse.ch combined.rbl.msrbl.net db.wpbl.info dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net dnsbl.ahbl.org dnsbl.inps.de dnsbl.sorbs.net drone.abuse.ch drone.abuse.ch duinv.aupads.org dul.dnsbl.sorbs.net dul.ru dyna.spamrats.com dynip.rothen.com http.dnsbl.sorbs.net images.rbl.msrbl.net ips.backscatterer.org ix.dnsbl.manitu.net korea.services.net misc.dnsbl.sorbs.net noptr.spamrats.com ohps.dnsbl.net.au omrs.dnsbl.net.au orvedb.aupads.org osps.dnsbl.net.au osrs.dnsbl.net.au owfs.dnsbl.net.au owps.dnsbl.net.au pbl.spamhaus.org phishing.rbl.msrbl.net probes.dnsbl.net.au proxy.bl.gweep.ca proxy.block.transip.nl psbl.surriel.com rbl.interserver.net rdts.dnsbl.net.au relays.bl.gweep.ca relays.bl.kundenserver.de relays.nether.net residential.block.transip.nl ricn.dnsbl.net.au rmst.dnsbl.net.au sbl.spamhaus.org short.rbl.jp smtp.dnsbl.sorbs.net socks.dnsbl.sorbs.net spam.abuse.ch spam.dnsbl.sorbs.net spam.rbl.msrbl.net spam.spamrats.com spamlist.or.kr spamrbl.imp.ch t3direct.dnsbl.net.au tor.ahbl.org tor.dnsbl.sectoor.de torserver.tor.dnsbl.sectoor.de ubl.lashback.com ubl.unsubscore.com virbl.bit.nl virus.rbl.jp virus.rbl.msrbl.net web.dnsbl.sorbs.net wormrbl.imp.ch xbl.spamhaus.org zen.spamhaus.org zombie.dnsbl.sorbs.net " # simple shell function to show an error message and exit # $0 : the name of shell script, $1 is the string passed as argument # >&2 : redirect/send the message to stderr ERROR() { echo $0 ERROR: $1 >&2 exit 2 } # -- Sanity check on parameters [ $# -ne 1 ] && ERROR 'Please specify a single IP address' # -- if the address consists of 4 groups of minimal 1, maximal digits, separated by '.' # -- reverse the order # -- if the address does not match these criteria the variable 'reverse will be empty' reverse=$(echo $1 | sed -ne "s~^\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)$~\4.\3.\2.\1~p") if [ "x${reverse}" = "x" ] ; then ERROR "IMHO '$1' doesn't look like a valid IP address" exit 1 fi # Assuming an IP address of 11.22.33.44 as parameter or argument # If the IP address in $0 passes our crude regular expression check, # the variable ${reverse} will contain 44.33.22.11 # In this case the test will be: # [ "x44.33.22.11" = "x" ] # This test will fail and the program will continue # An empty '${reverse}' means that shell argument $1 doesn't pass our simple IP address check # In that case the test will be: # [ "x" = "x" ] # This evaluates to true, so the script will call the ERROR function and quit # -- do a reverse ( address -> name) DNS lookup REVERSE_DNS=$(dig +short -x $1) echo IP $1 NAME ${REVERSE_DNS:----} # -- cycle through all the blacklists for BL in ${BLISTS} ; do # show the reversed IP and append the name of the blacklist printf "%-60s" " ${reverse}.${BL}." # use dig to lookup the name in the blacklist #echo "$(dig +short -t a ${reverse}.${BL}. | tr '\n' ' ')" LISTED="$(dig +short -t a ${reverse}.${BL}.)" echo ${LISTED:----} done