Nmap Development mailing list archives
Re: [NSE] New script dns-blacklist
From: Duarte Silva <duarte.silva () serializing me>
Date: Mon, 02 Jan 2012 11:31:09 +0000
Hi Patrik, I added two new DNSBL providers, one for TOR nodes [1] and another for malware attacks [2]. I ended up stumbling on http:BL [3], which I wanted to add since it has some nice functionality. The problem is that this provider needs the user to provide a API key. Currently the library doesn't support user provided arguments. I already have some ideas on how to tackle the problem in a generic way (support for other providers) but I was wondering if you think the functionality the provider has, makes up for the trouble of changing the dnsbl library? [1] https://www.dan.me.uk/dnsbl [2] http://www.blocklist.de/en/api.html#dns [3] http://www.projecthoneypot.org/httpbl_api.php Regards, Duarte Silva On Monday 26 December 2011 15:30:53 Patrik Karlsson wrote:
Hi list, I just committed a new script called dns-blacklist which checks given or scanned IP addresses against a bunch of different DNSBL services. It groups services into categories and currently supports SPAM and PROXY checking for known spam IP's and open proxies. Services may be limited by category or names through script arguments and by default all categories and all services are checked. Here's some sample output: Pre-scan script results: | dns-blacklist: | 1.2.3.4 | | PROXY | | dnsbl.ahbl.org - PROXY | dnsbl.tornevall.org - PROXY | | IP marked as "abusive host". | Proxy is working | Proxy has been scanned | | SPAM | | dnsbl.inps.de - SPAM | | Spam Received See: http://www.sorbs.net/lookup.shtml?1.2.3.4 | | l2.apews.org - SPAM | list.quorum.to - SPAM | bl.spamcop.net - SPAM | |_ spam.dnsbl.sorbs.net - SPAM We initially discussed creating one script per category and if we want that there's no problem to go down that path as I see it. Cheers, Patrik
Attachment:
smime.p7s
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 03)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
- Re: [NSE] New script dns-blacklist Arne Martin Wandsvig (Jan 07)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)