Author Topic: Feature request  (Read 5851 times)

0 Members and 1 Guest are viewing this topic.

February 20, 2008, 05:25:01 pm
Read 5851 times

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
I was wondering if it would be possible to have something along the lines of the following;

1. URL to determine if site listed or not (returning a yes/no only)
2. URL to identify other site's on the same IP that are in your database

My reason for asking is that I'd like to include an option in a couple of my app's, to have your database queried, alongside the DB's already queried (hpHosts, StopForumSpam, fSpamList). For example, the URL I use in my app's for querying the hpHosts database is;

http://verify.hosts-file.net/?s={DOMAIN_OR_IP}

Example:

http://verify.hosts-file.net/?s=smileycentral.com

My reason for asking for the second, is so I could apply it in conjunction with existing features within hpHosts Online.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

February 20, 2008, 10:16:27 pm
Reply #1

Drusepth

  • Special Members
  • Full Member

  • Offline
  • *

  • 57
  • Personal Text
    Drusepth
    • Drusepth.net
Here's a perl script that'll do it for you: ;)
Code: [Select]
#!/usr/bin/perl
# isurlmdl.pl
# by Drusepth
# Pass this script a URL and it'll query it's status according to the Malware Domain List
# at malwaredomainlist.com.  It will return a simple 'yes' or 'no' depending on whether
# or not the IP or domain shows up.
use LWP::UserAgent;

$questionable_url = shift || die "Usage: perl $0 URL\n";
# Query MDL
$source = &get($questionable_url);
# Check the source code
@lines = split(/\n/, $source);
foreach $line (@lines) {
# First, we'll find the start of the table of results:
if (index($line, "<table border='1' cellpadding='4'>") > -1) {
# Once we find it, we'll start looking for <td> tags.
# Because John coded <th> tags for the headers, any <td> tag hereafter will
# be a result.  If we find one, we'll quit with a 'yes'.
$flag{'table'} = 1; # Simple flag variable
}
if (($flag{'table'} == 1) and (index($line, "<td>") > -1)) {
# If we've passed over the table headers and find a <td> tag, we've stumbled
# upon a result from the MDL database query.  We can quit now.  We don't have
# to worry about how many results there are, since a simple boolean is being
# returned on whether or not it's in the database.
die "yes\n";
}
}
# If we've gone through all the lines of the code and not found a <td> tag, there were no
# results.  We can just quit now.
die "no\n";

sub get() {
# Usage: &get($url);
# Returns source code to the page
my $page = 'http://malwaredomainlist.com/mdl.php?search=' . $_[0] . '&colsearch=All&quantity=50';
        my $ua = LWP::UserAgent->new;
        my $req = HTTP::Request->new(GET => $page);
        my $res = $ua->request($req);
        if ($res->is_success) {
                my $source = $res->as_string;
return $source;
        } else {
                die "MDL Query Failed: " . $res->status_line . "\n";
        }
}

I also modified the code to work as a CGI script, so you can send GET requests to http://drusepth.net/mdl.cgi.
For example, http://drusepth.net/mdl.cgi?ip=66.6.10.1

To John: if you would like, feel free to host the page on malwaredomainlist.com somewhere.  I attached the modified source below:
Code: [Select]
#!/usr/bin/perl
# mdl.cgi
# by Drusepth
# CGI version of isurlmdl.pl
use CGI qw(:standard);
use LWP::UserAgent;
print "Content-type: text/html\n\n";
if (length(param('ip')) > 0) {
&mdl(param('ip'));
} else {
print "<h1>How to use this page:</h1>\nYou can send a get request to this page with the parameter";
print " 'ip' sent (append ?ip=127.0.0.1 to the url), and it will check if that IP is listed in ";
print "<a href='http://www.malwaredomainlist.com'>Malware Domain List</a>'s database. \n";
print "You can also use domains (?ip=www.yoursite.com) or words (?ip=zlob).<br>\n";
}

sub mdl() {
$questionable_url = $_[0];
# Query MDL
$source = &get($questionable_url);
# Check the source code
@lines = split(/\n/, $source);
foreach $line (@lines) {
# First, we'll find the start of the table of results:
if (index($line, "<table border='1' cellpadding='4'>") > -1) {
# Once we find it, we'll start looking for <td> tags.
# Because John coded <th> tags for the headers, any <td> tag hereafter will
# be a result.  If we find one, we'll quit with a 'yes'.
$flag{'table'} = 1; # Simple flag variable
}
if (($flag{'table'} == 1) and (index($line, "<td>") > -1)) {
# If we've passed over the table headers and find a <td> tag, we've stumbled
# upon a result from the MDL database query.  We can quit now.  We don't have
# to worry about how many results there are, since a simple boolean is being
# returned on whether or not it's in the database.
print "yes\n";
die;
}
}
# If we've gone through all the lines of the code and not found a <td> tag, there were no
# results.  We can just quit now.
print "no\n";
die;
}

sub get() {
# Usage: &get($url);
# Returns source code to the page
my $page = 'http://malwaredomainlist.com/mdl.php?search=' . $_[0] . '&colsearch=All&quantity=50';
        my $ua = LWP::UserAgent->new;
        my $req = HTTP::Request->new(GET => $page);
        my $res = $ua->request($req);
        if ($res->is_success) {
                my $source = $res->as_string;
return $source;
        } else {
                die "MDL Query Failed: " . $res->status_line . "\n";
        }

}

I didn't know for sure what you meant by
Quote
2. URL to identify other site's on the same IP that are in your database
so I'll leave that to the big boys and let them answer.  :D

February 20, 2008, 10:35:38 pm
Reply #2

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Already sorted but cheers :)
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net