⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 sb-getipdomain-old.rc

📁 这是一个从音频信号里提取特征参量的程序
💻 RC
📖 第 1 页 / 共 4 页
字号:
🔍
1234 
# EXTRACT EXTERNAL IP ADDRESSES AND DOMAINS FROM EMAIL## This section extracts the external IP addresses and domains found in the# headers and body text of this email, information that later recipes use.## First, declare your variables.:0{ FIRSTEXDOMAIN="example.com" }:0{ FIRSTEXTODOMAIN="example.com" }:0{ FIRSTEXIP="000.000.000.000" }:0{ FIRSTEXREVIP="000.000.000.000" }:0{ FIRSTEXTOIP="000.000.000.000" }:0{ SECONDEXDOMAIN="example.com" }:0{ SECONDEXTODOMAIN="example.com" }:0{ SECONDEXIP="000.000.000.000" }:0{ SECONDEXREVIP="000.000.000.000" }:0{ SECONDEXTOIP="000.000.000.000" }:0{ THIRDEXDOMAIN="example.com" }:0{ THIRDEXTODOMAIN="example.com" }:0{ THIRDEXIP="000.000.000.000" }:0{ THIRDEXREVIP="000.000.000.000" }:0{ THIRDEXTOIP="000.000.000.000" }:0{ FOURTHEXDOMAIN="example.com" }:0{ FOURTHEXTODOMAIN="example.com" }:0{ FOURTHEXIP="000.000.000.000" }:0{ FOURTHEXREVIP="000.000.000.000" }:0{ FOURTHEXTOIP="000.000.000.000" }:0{ FROMDOMAIN="example.com" }:0{ REPLYTODOMAIN="example.com" }:0{ FIRSTBODYDOMAIN="example.com" }:0{ FIRSTBODYIP="000.000.000.000" }:0{ FIRSTBODYREVIP="000.000.000.000" }:0{ SECONDBODYDOMAIN="example.com" }:0{ SECONDBODYIP="000.000.000.000" }:0{ SECONDBODYREVIP="000.000.000.000" }:0{ THIRDBODYDOMAIN="example.com" }:0{ THIRDBODYIP="000.000.000.000" }:0{ THIRDBODYREVIP="000.000.000.000" }:0{ FOURTHBODYDOMAIN="example.com" }:0{ FOURTHBODYIP="000.000.000.000" }:0{ FOURTHBODYREVIP="000.000.000.000" }:0{ FIFTHBODYDOMAIN="example.com" }:0{ FIFTHBODYIP="000.000.000.000" }:0{ FIFTHBODYREVIP="000.000.000.000" }:0{ SIXTHBODYDOMAIN="example.com" }:0{ SIXTHBODYIP="000.000.000.000" }:0{ SIXTHBODYREVIP="000.000.000.000" }# Now, extract the sending IP addresses from the Received: headers, first checking# each Received: header to be sure that the IP you're extracting isn't from your# own system.  Examine only the first eight Received: headers, and extract only the# first four external IP addresses, since anything beyond that is probably# forged, and email with excessive Received: headers is dealt with later in the# SpamBouncer.# Set variables:0{ CHKLOCALTO=no }:0{ CHKLOCALFROM=no }:0{ CHKNONROUTABLE=no }# Check to see if the email is from a local IP or domain.:0* ^Received: \/from.*\[.*\]{ :0 { CHECK=${MATCH} } :0 * ? ${TEST} -f ${LOCALHOSTFILE} && (${ECHO} "${CHECK}" | ${GREP} -i -f ${LOCALHOSTFILE}) { CHKLOCALFROM=yes }}:0* $ ^Received: from.*${DOMAIN}\[.*\]{ CHKLOCALFROM=yes }:0* $ ^Received: from.*${THISISP}\[.*\]{ CHKLOCALFROM=yes }# Check to see that the email is to a local IP or domain.:0* ^Received: from.*\[.*\].*\/by.*{ :0 { CHECK=${MATCH} } :0 * ? ${TEST} -f ${LOCALHOSTFILE} && (${ECHO} "${CHECK}" | ${GREP} -i -f ${LOCALHOSTFILE}) { CHKLOCALTO=yes }}:0* $ ^Received: from.*\[.*\].*by.*${DOMAIN}{ CHKLOCALTO=yes }:0* $ ^Received: from.*\[.*\].*by.*${THISISP}{ CHKLOCALTO=yes }# Check to ensure that the IP you're looking at is not an ICANN non-routable IP address.:0* ^Received: from.*\[(0\.[0-9]+\.[0-9]+\.[0-9]+|\                 1\.[0-9]+\.[0-9]+\.[0-9]+|\                 10\.[0-9]+\.[0-9]+\.[0-9]+|\                 127\.[0-9]+\.[0-9]+\.[0-9]+|\                 169\.254\.[0-9]+\.[0-9]+|\                 172\.16\.[0-9]+\.[0-9]+|\                 192\.0\.[0-9]+\.[0-9]+|\                 192\.168\.[0-9]+\.[0-9]+|\                 204\.152\.6[4-5]\.[0-9]+|\                 22[4-9]\.[0-9]+\.[0-9]+\.[0-9]+|\                 23[0-1]\.[0-9]+\.[0-9]+\.[0-9]+|\                 255\.255\.255\.255)\]{ CHKNONROUTABLE=yes }# Now, check the Received: line to ensure that it is not from a local address, is# to a local address, and is not a non-routable address.  If it meets these criteria,# extract the IP address and domain.:0* CHKLOCALFROM ?? no* CHKLOCALTO ?? yes* CHKNONROUTABLE ?? no{ :0 * ^Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?[a-z0-9][-_a-z0-9]+\.(aero|biz|com|coop|edu|exp|geek|gov|info|int|llc|lnx|ltd|med|mil|museum|name|net|nic|noc|null|org|porn|pro|to|tv|ws|xxx)[ ]\( {  :0  * ^Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?\/[a-z0-9][-_a-z0-9]+\.[a-z][a-z][a-z]*[ ]\(  {   :0   { STRING=${MATCH} }   :0   { FIRSTEXDOMAIN=`${ECHO} "${STRING}" | ${SED} -e 's/..$//g'` }  } } :0 E {  :0  * ^Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?\/[a-z0-9][-_a-z0-9]+\.[a-z0-9][-_a-z0-9]+\.[a-z][a-z][a-z]*[ ]\(  {   :0   { STRING=${MATCH} }   :0   { FIRSTEXDOMAIN=`${ECHO} "${STRING}" | ${SED} -e 's/..$//g'` }  } } :0 * ^Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ { FIRSTEXIP=${MATCH} }}# Check second Received: line:0* FIRSTEXIP ?? 000.000.000.000{ :0 { CHKLOCALTO=no } :0 { CHKLOCALFROM=no } :0 { CHKNONROUTABLE=no } :0 * ^Received: from(.*$)+Received: \/from.*\[.*\] {  :0  { CHECK=${MATCH} }  :0  * ? ${TEST} -f ${LOCALHOSTFILE} && (${ECHO} "${CHECK}" | ${GREP} -i -f ${LOCALHOSTFILE})  { CHKLOCALFROM=yes } } :0 * $ ^Received: from(.*$)+Received: from.*${DOMAIN}\[.*\] { CHKLOCALFROM=yes } :0 * $ ^Received: from(.*$)+Received: from.*${THISISP}\[.*\] { CHKLOCALFROM=yes } :0 * ^Received: from(.*$)+Received: from.*\[.*\].*\/by.* {  :0  { CHECK=${MATCH} }  :0  * ? ${TEST} -f ${LOCALHOSTFILE} && (${ECHO} "${CHECK}" | ${GREP} -i -f ${LOCALHOSTFILE})  { CHKLOCALTO=yes } } :0 * $ ^Received: from(.*$)+Received: from.*\[.*\].*by.*${DOMAIN} { CHKLOCALTO=yes } :0 * $ ^Received: from(.*$)+Received: from.*\[.*\].*by.*${THISISP} { CHKLOCALTO=yes } # Check to ensure that the IP you're looking at is not an ICANN non-routable IP address. :0 * ^Received: from(.*$)+Received: from.*\[(0\.[0-9]+\.[0-9]+\.[0-9]+|\                  1\.[0-9]+\.[0-9]+\.[0-9]+|\                  10\.[0-9]+\.[0-9]+\.[0-9]+|\                  127\.[0-9]+\.[0-9]+\.[0-9]+|\                  169\.254\.[0-9]+\.[0-9]+|\                  172\.16\.[0-9]+\.[0-9]+|\                  192\.0\.[0-9]+\.[0-9]+|\                  192\.168\.[0-9]+\.[0-9]+|\                  204\.152\.6[4-5]\.[0-9]+|\                  22[4-9]\.[0-9]+\.[0-9]+\.[0-9]+|\                  23[0-1]\.[0-9]+\.[0-9]+\.[0-9]+|\                  255\.255\.255\.255)\] { CHKNONROUTABLE=yes } :0 * CHKLOCALFROM ?? no * CHKLOCALTO ?? yes * CHKNONROUTABLE ?? no {  :0  * ^Received: from(.*$)+Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?[a-z0-9][-_a-z0-9]+\.(aero|biz|com|coop|edu|exp|geek|gov|info|int|llc|lnx|ltd|med|mil|museum|name|net|nic|noc|null|org|porn|pro|to|tv|ws|xxx)[ ]\(  {   :0   * ^Received: from(.*$)+Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?\/[a-z0-9][-_a-z0-9]+\.[a-z][a-z][a-z]*[ ]\(   {    :0    { STRING=${MATCH} }    :0    { FIRSTEXDOMAIN=`${ECHO} "${STRING}" | ${SED} -e 's/..$//g'` }   }  }  :0 E  {   :0   * ^Received: from(.*$)+Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?\/[a-z0-9][-_a-z0-9]+\.[a-z0-9][-_a-z0-9]+\.[a-z][a-z][a-z]*[ ]\(   {    :0    { STRING=${MATCH} }    :0    { FIRSTEXDOMAIN=`${ECHO} "${STRING}" | ${SED} -e 's/..$//g'` }   }  }  :0  * ^Received: from(.*$)+Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+  { FIRSTEXIP=${MATCH} } }}# If not non-local from/local to, then move on....:0E{ :0 * ^Received: from(.*$)+Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?[a-z0-9][-_a-z0-9]+\.(aero|biz|com|coop|edu|exp|geek|gov|info|int|llc|lnx|ltd|med|mil|museum|name|net|nic|noc|null|org|porn|pro|to|tv|ws|xxx)[ ]\( {  :0  * ^Received: from(.*$)+Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?\/[a-z0-9][-_a-z0-9]+\.[a-z][a-z][a-z]*[ ]\(  {   :0   { STRING=${MATCH} }   :0   { SECONDEXDOMAIN=`${ECHO} "${STRING}" | ${SED} -e 's/..$//g'` }  } } :0 E {  :0  * ^Received: from(.*$)+Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?\/[a-z0-9][-_a-z0-9]+\.[a-z0-9][-_a-z0-9]+\.[a-z][a-z][a-z]*[ ]\(  {   :0   { STRING=${MATCH} }   :0   { SECONDEXDOMAIN=`${ECHO} "${STRING}" | ${SED} -e 's/..$//g'` }  } } :0 * ^Received: from(.*$)+Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ { SECONDEXIP=${MATCH} }}# Check third Received: line:0* FIRSTEXIP ?? 000.000.000.000{ :0 { CHKLOCALTO=no } :0 { CHKLOCALFROM=no } :0 { CHKNONROUTABLE=no } :0 * ^Received: from(.*$)+Received: from(.*$)+Received: \/from.*\[.*\] {  :0  { CHECK=${MATCH} }  :0  * ? ${TEST} -f ${LOCALHOSTFILE} && (${ECHO} "${CHECK}" | ${GREP} -i -f ${LOCALHOSTFILE})  { CHKLOCALFROM=yes } } :0 * $ ^Received: from(.*$)+Received: from(.*$)+Received: from.*${DOMAIN}\[.*\] { CHKLOCALFROM=yes } :0 * $ ^Received: from(.*$)+Received: from(.*$)+Received: from.*${THISISP}\[.*\] { CHKLOCALFROM=yes } :0 * ^Received: from(.*$)+Received: from(.*$)+Received: from.*\[.*\].*\/by.* {  :0  { CHECK=${MATCH} }  :0  * ? ${TEST} -f ${LOCALHOSTFILE} && (${ECHO} "${CHECK}" | ${GREP} -i -f ${LOCALHOSTFILE})  { CHKLOCALTO=yes } } :0 * $ ^Received: from(.*$)+Received: from(.*$)+Received: from.*\[.*\].*by.*${DOMAIN} { CHKLOCALTO=yes } :0 * $ ^Received: from(.*$)+Received: from(.*$)+Received: from.*\[.*\].*by.*${THISISP} { CHKLOCALTO=yes } # Check to ensure that the IP you're looking at is not an ICANN non-routable IP address. :0 * ^Received: from(.*$)+Received: from(.*$)+Received: from.*\[(0\.[0-9]+\.[0-9]+\.[0-9]+|\                  1\.[0-9]+\.[0-9]+\.[0-9]+|\                  10\.[0-9]+\.[0-9]+\.[0-9]+|\                  127\.[0-9]+\.[0-9]+\.[0-9]+|\                  169\.254\.[0-9]+\.[0-9]+|\                  172\.16\.[0-9]+\.[0-9]+|\                  192\.0\.[0-9]+\.[0-9]+|\                  192\.168\.[0-9]+\.[0-9]+|\                  204\.152\.6[4-5]\.[0-9]+|\                  22[4-9]\.[0-9]+\.[0-9]+\.[0-9]+|\                  23[0-1]\.[0-9]+\.[0-9]+\.[0-9]+|\                  255\.255\.255\.255)\] { CHKNONROUTABLE=yes } :0 * CHKLOCALFROM ?? no * CHKLOCALTO ?? yes * CHKNONROUTABLE ?? no {  :0  * ^Received: from(.*$)+Received: from(.*$)+Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?[a-z0-9][-_a-z0-9]+\.(aero|biz|com|coop|edu|exp|geek|gov|info|int|llc|lnx|ltd|med|mil|museum|name|net|nic|noc|null|org|porn|pro|to|tv|ws|xxx)[ ]\(  {   :0   * ^Received: from(.*$)+Received: from(.*$)+Received: from[ ]([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?([a-z0-9][-_a-z0-9]+\.)?\/[a-z0-9][-_a-z0-9]+\.[a-z][a-z][a-z]*[ ]\(   {    :0    { STRING=${MATCH} }    :0    { FIRSTEXDOMAIN=`${ECHO} "${STRING}" | ${SED} -e 's/..$//g'` }
1234

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -