📄 is_spammer.bash
字号:
#!/bin/bash# $Id: is_spammer.bash,v 1.12.2.11 2004/10/01 21:42:33 mszick Exp $# Above line is RCS info.# The latest version of this script is available from http://www.morethan.org.## Spammer-identification# by Michael S. Zick# Used in the ABS Guide with permission.######################################################## Documentation# See also "Quickstart" at end of script.#######################################################:<<-'__is_spammer_Doc_' Copyright (c) Michael S. Zick, 2004 License: Unrestricted reuse in any form, for any purpose. Warranty: None -{Its a script; the user is on their own.}-Impatient? Application code: goto "# # # Hunt the Spammer' program code # # #" Example output: ":<<-'_is_spammer_outputs_'" How to use: Enter script name without arguments. Or goto "Quickstart" at end of script.Provides Given a domain name or IP(v4) address as input: Does an exhaustive set of queries to find the associated network resources (short of recursing into TLDs). Checks the IP(v4) addresses found against Blacklist nameservers. If found to be a blacklisted IP(v4) address, reports the blacklist text records. (Usually hyper-links to the specific report.)Requires A working Internet connection. (Exercise: Add check and/or abort if not on-line when running script.) Bash with arrays (2.05b+). The external program 'dig' -- a utility program provided with the 'bind' set of programs. Specifically, the version which is part of Bind series 9.x See: http://www.isc.org All usages of 'dig' are limited to wrapper functions, which may be rewritten as required. See: dig_wrappers.bash for details. ("Additional documentation" -- below)Usage Script requires a single argument, which may be: 1) A domain name; 2) An IP(v4) address; 3) A filename, with one name or address per line. Script accepts an optional second argument, which may be: 1) A Blacklist server name; 2) A filename, with one Blacklist server name per line. If the second argument is not provided, the script uses a built-in set of (free) Blacklist servers. See also, the Quickstart at the end of this script (after 'exit').Return Codes 0 - All OK 1 - Script failure 2 - Something is BlacklistedOptional environment variables SPAMMER_TRACE If set to a writable file, script will log an execution flow trace. SPAMMER_DATA If set to a writable file, script will dump its discovered data in the form of GraphViz file. See: http://www.research.att.com/sw/tools/graphviz SPAMMER_LIMIT Limits the depth of resource tracing. Default is 2 levels. A setting of 0 (zero) means 'unlimited' . . . Caution: script might recurse the whole Internet! A limit of 1 or 2 is most useful when processing a file of domain names and addresses. A higher limit can be useful when hunting spam gangs.Additional documentation Download the archived set of scripts explaining and illustrating the function contained within this script. http://personal.riverusers.com/mszick_clf.tar.bz2Study notes This script uses a large number of functions. Nearly all general functions have their own example script. Each of the example scripts have tutorial level comments.Scripting project Add support for IP(v6) addresses. IP(v6) addresses are recognized but not processed.Advanced project Add the reverse lookup detail to the discovered information. Report the delegation chain and abuse contacts. Modify the GraphViz file output to include the newly discovered information.__is_spammer_Doc_########################################################### Special IFS settings used for string parsing. ##### Whitespace == :Space:Tab:Line Feed:Carriage Return:WSP_IFS=$'\x20'$'\x09'$'\x0A'$'\x0D'# No Whitespace == Line Feed:Carriage ReturnNO_WSP=$'\x0A'$'\x0D'# Field separator for dotted decimal IP addressesADR_IFS=${NO_WSP}'.'# Array to dotted string conversionsDOT_IFS='.'${WSP_IFS}# # # Pending operations stack machine # # ## This set of functions described in func_stack.bash.# (See "Additional documentation" above.)# # ## Global stack of pending operations.declare -f -a _pending_# Global sentinel for stack runnersdeclare -i _p_ctrl_# Global holder for currently executing functiondeclare -f _pend_current_# # # Debug version only - remove for regular use # # ### The function stored in _pend_hook_ is called# immediately before each pending function is# evaluated. Stack clean, _pend_current_ set.## This thingy demonstrated in pend_hook.bash.declare -f _pend_hook_# # ## The do nothing functionpend_dummy() { : ; }# Clear and initialize the function stack.pend_init() { unset _pending_[@] pend_func pend_stop_mark _pend_hook_='pend_dummy' # Debug only.}# Discard the top function on the stack.pend_pop() { if [ ${#_pending_[@]} -gt 0 ] then local -i _top_ _top_=${#_pending_[@]}-1 unset _pending_[$_top_] fi}# pend_func function_name [$(printf '%q\n' arguments)]pend_func() { local IFS=${NO_WSP} set -f _pending_[${#_pending_[@]}]=$@ set +f}# The function which stops the release:pend_stop_mark() { _p_ctrl_=0}pend_mark() { pend_func pend_stop_mark}# Execute functions until 'pend_stop_mark' . . .pend_release() { local -i _top_ # Declare _top_ as integer. _p_ctrl_=${#_pending_[@]} while [ ${_p_ctrl_} -gt 0 ] do _top_=${#_pending_[@]}-1 _pend_current_=${_pending_[$_top_]} unset _pending_[$_top_] $_pend_hook_ # Debug only. eval $_pend_current_ done}# Drop functions until 'pend_stop_mark' . . .pend_drop() { local -i _top_ local _pd_ctrl_=${#_pending_[@]} while [ ${_pd_ctrl_} -gt 0 ] do _top_=$_pd_ctrl_-1 if [ "${_pending_[$_top_]}" == 'pend_stop_mark' ] then unset _pending_[$_top_] break else unset _pending_[$_top_] _pd_ctrl_=$_top_ fi done if [ ${#_pending_[@]} -eq 0 ] then pend_func pend_stop_mark fi}#### Array editors ##### This function described in edit_exact.bash.# (See "Additional documentation," above.)# edit_exact <excludes_array_name> <target_array_name>edit_exact() { [ $# -eq 2 ] || [ $# -eq 3 ] || return 1 local -a _ee_Excludes local -a _ee_Target local _ee_x local _ee_t local IFS=${NO_WSP} set -f eval _ee_Excludes=\( \$\{$1\[@\]\} \) eval _ee_Target=\( \$\{$2\[@\]\} \) local _ee_len=${#_ee_Target[@]} # Original length. local _ee_cnt=${#_ee_Excludes[@]} # Exclude list length. [ ${_ee_len} -ne 0 ] || return 0 # Can't edit zero length. [ ${_ee_cnt} -ne 0 ] || return 0 # Can't edit zero length. for (( x = 0; x < ${_ee_cnt} ; x++ )) do _ee_x=${_ee_Excludes[$x]} for (( n = 0 ; n < ${_ee_len} ; n++ )) do _ee_t=${_ee_Target[$n]} if [ x"${_ee_t}" == x"${_ee_x}" ] then unset _ee_Target[$n] # Discard match. [ $# -eq 2 ] && break # If 2 arguments, then done. fi done done eval $2=\( \$\{_ee_Target\[@\]\} \) set +f return 0}# This function described in edit_by_glob.bash.# edit_by_glob <excludes_array_name> <target_array_name>edit_by_glob() { [ $# -eq 2 ] || [ $# -eq 3 ] || return 1 local -a _ebg_Excludes local -a _ebg_Target local _ebg_x local _ebg_t local IFS=${NO_WSP} set -f eval _ebg_Excludes=\( \$\{$1\[@\]\} \) eval _ebg_Target=\( \$\{$2\[@\]\} \) local _ebg_len=${#_ebg_Target[@]} local _ebg_cnt=${#_ebg_Excludes[@]} [ ${_ebg_len} -ne 0 ] || return 0 [ ${_ebg_cnt} -ne 0 ] || return 0 for (( x = 0; x < ${_ebg_cnt} ; x++ )) do _ebg_x=${_ebg_Excludes[$x]} for (( n = 0 ; n < ${_ebg_len} ; n++ )) do [ $# -eq 3 ] && _ebg_x=${_ebg_x}'*' # Do prefix edit if [ ${_ebg_Target[$n]:=} ] #+ if defined & set. then _ebg_t=${_ebg_Target[$n]/#${_ebg_x}/} [ ${#_ebg_t} -eq 0 ] && unset _ebg_Target[$n] fi done done eval $2=\( \$\{_ebg_Target\[@\]\} \) set +f return 0}# This function described in unique_lines.bash.# unique_lines <in_name> <out_name>unique_lines() { [ $# -eq 2 ] || return 1 local -a _ul_in local -a _ul_out local -i _ul_cnt local -i _ul_pos local _ul_tmp local IFS=${NO_WSP} set -f eval _ul_in=\( \$\{$1\[@\]\} \) _ul_cnt=${#_ul_in[@]} for (( _ul_pos = 0 ; _ul_pos < ${_ul_cnt} ; _ul_pos++ )) do if [ ${_ul_in[${_ul_pos}]:=} ] # If defined & not empty then _ul_tmp=${_ul_in[${_ul_pos}]} _ul_out[${#_ul_out[@]}]=${_ul_tmp} for (( zap = _ul_pos ; zap < ${_ul_cnt} ; zap++ )) do [ ${_ul_in[${zap}]:=} ] && [ 'x'${_ul_in[${zap}]} == 'x'${_ul_tmp} ] && unset _ul_in[${zap}] done fi done eval $2=\( \$\{_ul_out\[@\]\} \) set +f return 0}# This function described in char_convert.bash.# to_lower <string>to_lower() { [ $# -eq 1 ] || return 1 local _tl_out _tl_out=${1//A/a} _tl_out=${_tl_out//B/b} _tl_out=${_tl_out//C/c} _tl_out=${_tl_out//D/d} _tl_out=${_tl_out//E/e} _tl_out=${_tl_out//F/f} _tl_out=${_tl_out//G/g} _tl_out=${_tl_out//H/h} _tl_out=${_tl_out//I/i} _tl_out=${_tl_out//J/j} _tl_out=${_tl_out//K/k} _tl_out=${_tl_out//L/l} _tl_out=${_tl_out//M/m} _tl_out=${_tl_out//N/n} _tl_out=${_tl_out//O/o} _tl_out=${_tl_out//P/p} _tl_out=${_tl_out//Q/q} _tl_out=${_tl_out//R/r} _tl_out=${_tl_out//S/s} _tl_out=${_tl_out//T/t} _tl_out=${_tl_out//U/u} _tl_out=${_tl_out//V/v} _tl_out=${_tl_out//W/w} _tl_out=${_tl_out//X/x} _tl_out=${_tl_out//Y/y} _tl_out=${_tl_out//Z/z} echo ${_tl_out} return 0}#### Application helper functions ##### Not everybody uses dots as separators (APNIC, for example).# This function described in to_dot.bash# to_dot <string>to_dot() { [ $# -eq 1 ] || return 1 echo ${1//[#|@|%]/.} return 0}# This function described in is_number.bash.# is_number <input>is_number() { [ "$#" -eq 1 ] || return 1 # is blank? [ x"$1" == 'x0' ] && return 0 # is zero? local -i tst let tst=$1 2>/dev/null # else is numeric! return $?}# This function described in is_address.bash.# is_address <input>is_address() { [ $# -eq 1 ] || return 1 # Blank ==> false local -a _ia_input local IFS=${ADR_IFS} _ia_input=( $1 ) if [ ${#_ia_input[@]} -eq 4 ] && is_number ${_ia_input[0]} && is_number ${_ia_input[1]} && is_number ${_ia_input[2]} && is_number ${_ia_input[3]} && [ ${_ia_input[0]} -lt 256 ] && [ ${_ia_input[1]} -lt 256 ] && [ ${_ia_input[2]} -lt 256 ] && [ ${_ia_input[3]} -lt 256 ] then return 0 else return 1 fi}# This function described in split_ip.bash.# split_ip <IP_address> <array_name_norm> [<array_name_rev>]split_ip() { [ $# -eq 3 ] || # Either three [ $# -eq 2 ] || return 1 #+ or two arguments local -a _si_input local IFS=${ADR_IFS} _si_input=( $1 ) IFS=${WSP_IFS} eval $2=\(\ \$\{_si_input\[@\]\}\ \) if [ $# -eq 3 ]⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -