Nmap Development mailing list archives

Re: [NSE] New script dns-blacklist

From: Duarte Silva <duarte.silva () serializing me>
Date: Mon, 02 Jan 2012 11:31:09 +0000

Hi Patrik,

I added two new DNSBL providers, one for TOR nodes [1] and another for malware 
attacks [2].

I ended up stumbling on http:BL [3], which I wanted to add since it has some 
nice functionality. The problem is that this provider needs the user to 
provide a API key. Currently the library doesn't support user provided 
arguments. I already have some ideas on how to tackle the problem in a generic 
way (support for other providers) but I was wondering if you think the 
functionality the provider has, makes up for the trouble of changing the dnsbl 
library?

[1] https://www.dan.me.uk/dnsbl
[2] http://www.blocklist.de/en/api.html#dns
[3] http://www.projecthoneypot.org/httpbl_api.php

Regards,
Duarte Silva

On Monday 26 December 2011 15:30:53 Patrik Karlsson wrote:

Hi list,

I just committed a new script called dns-blacklist which checks given or
scanned IP addresses against a bunch of different DNSBL services.
It groups services into categories and currently supports SPAM and PROXY
checking for known spam IP's and open proxies.
Services may be limited by category or names through script arguments and
by default all categories and all services are checked.
Here's some sample output:

Pre-scan script results:
| dns-blacklist:
| 1.2.3.4
| 
|   PROXY
|   
|     dnsbl.ahbl.org - PROXY
|     dnsbl.tornevall.org - PROXY
|     
|       IP marked as "abusive host".
|       Proxy is working
|       Proxy has been scanned
|   
|   SPAM
|   
|     dnsbl.inps.de - SPAM
|     
|       Spam Received See: http://www.sorbs.net/lookup.shtml?1.2.3.4
|     
|     l2.apews.org - SPAM
|     list.quorum.to - SPAM
|     bl.spamcop.net - SPAM
|
|_    spam.dnsbl.sorbs.net - SPAM

We initially discussed creating one script per category and if we want that
there's no problem to go down that path as I see it.

Cheers,
Patrik

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
- Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
  - Re: [NSE] New script dns-blacklist Duarte Silva (Jan 02)
    - Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 02)
    - Re: [NSE] New script dns-blacklist Duarte Silva (Jan 03)
    - Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
    - Re: [NSE] New script dns-blacklist Duarte Silva (Jan 06)
- Re: [NSE] New script dns-blacklist David Fifield (Jan 07)
  - Re: [NSE] New script dns-blacklist Arne Martin Wandsvig (Jan 07)
    - Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)
  - Re: [NSE] New script dns-blacklist Patrik Karlsson (Jan 08)

(Thread continues...)