-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathreallybadactors.py
107 lines (84 loc) · 3.15 KB
/
reallybadactors.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/usr/bin/env python
# Name: reallybadactors.py
# Purpose: Creates a list of Bad Actors from IP Blacklist
# By: Jerry Gamblin
# Date: 16.05.15
# Modified 16.05.15
# Rev Level 0.5
# -----------------------------------------------
from contextlib import closing
from urllib import urlopen
import os
import re
import time
import sys
def color(text, color_code):
if sys.platform == "win32" and os.getenv("TERM") != "xterm":
return text
return '\x1b[%dm%s\x1b[0m' % (color_code, text)
def red(text):
return color(text, 31)
def blue(text):
return color(text, 34)
try:
os.remove('reallybadactors.txt')
except OSError:
pass
fo = open('badactorsunclean.txt', 'w+')
print'\n'
urlss = ["http://rules.emergingthreats.net/blockrules/compromised-ips.txt",
"http://www.blocklist.de/lists/bruteforcelogin.txt",
"http://dragonresearchgroup.org/insight/sshpwauth.txt",
"http://dragonresearchgroup.org/insight/vncprobe.txt",
"http://www.openbl.org/lists/base.txt",
"http://www.nothink.org/blacklist/blacklist_malware_http.txt",
"http://www.nothink.org/blacklist/blacklist_ssh_all.txt",
"http://antispam.imp.ch/spamlist",
"http://www.dshield.org/ipsascii.html?limit=10000",
"http://malc0de.com/bl/IP_Blacklist.txt",
"http://hosts-file.net/rss.asp",
"https://feodotracker.abuse.ch/blocklist/?download=ipblocklist",
"http://reputation.alienvault.com/reputation.data",
"http://www.binarydefense.com/banlist.txt",
"http://www.talosintelligence.com/feeds/ip-filter.blf"]
for urls in urlss:
copy = urlopen(urls)
ips = []
count = 0
start = time.time()
print ('Checking %s') % (urls)
with closing(copy):
for text in copy.readlines():
text = text.rstrip()
regex = re.findall(r'(?:\d{1,3}\.){3}\d{1,3}', text)
if regex is not None and regex not in ips:
ips.append(regex)
for ip in ips:
ipaddress = "".join(ip)
if ipaddress is not '':
count = count+1
#print (ipaddress)
fo.write(ipaddress)
fo.write("\n")
fo.write("\n")
end = time.time()
elpased = end-start
print(blue("\t\t Found %s addresses in %.2f seconds.")) %(count,elpased)
fo.close()
print('\nRemoving duplicates from the list!')
lines_seen = set() # holds lines already seen
outfile = open("reallybadactors.txt", "w+")
for line in open("badactorsunclean.txt", "r"):
if line not in lines_seen: # not a duplicate
outfile.write(line)
lines_seen.add(line)
outfile.close()
with open('badactorsunclean.txt') as ucips:
ucbadips = sum(1 for _ in ucips)
with open('reallybadactors.txt') as ips:
badips = sum(1 for _ in ips)
dupeips = (ucbadips-badips)
print ("\nFound and removed %s duplicate IP addresses \n") %dupeips
print ('The are %s bad ip addresses in reallybadactors.txt') % badips
os.remove("badactorsunclean.txt")
os.system("open " + "reallybadactors.txt")