📄 is_spammer.bash
字号:
# Domain name of service provider if _den_str=$(name_fixup ${_den_tmp[5]}) then _den_name[${#_den_name[@]}]=${_den_str} _den_ref[${#_den_ref[@]}]=${_den_who}' '${_den_str}' MXH' _den_ns[${#_den_ns[@]}]=${_den_str}' MX' _den_pc[${#_den_pc[@]}]=${_den_who}' '${_den_str} fi ;; PTR) # Reverse address record # Special name if _den_str=$(name_fixup ${_den_tmp[0]}) then _den_ref[${#_den_ref[@]}]=${_den_who}' '${_den_str}' PTR' # Host name (not a CNAME) if _den_str2=$(name_fixup ${_den_tmp[4]}) then _den_rev[${#_den_rev[@]}]=${_den_str}' '${_den_str2} _den_ref[${#_den_ref[@]}]=${_den_who}' '${_den_str2}' PTRH' _den_pc[${#_den_pc[@]}]=${_den_who}' '${_den_str} fi fi ;; AAAA) # IP(v6) Address Record if _den_str=$(name_fixup ${_den_tmp[0]}) then _den_name[${#_den_name[@]}]=${_den_str} _den_pair[${#_den_pair[@]}]=${_den_tmp[4]}' '${_den_str} _den_na[${#_den_na[@]}]=${_den_str}' '${_den_tmp[4]} _den_ref[${#_den_ref[@]}]=${_den_who}' '${_den_str}' AAAA' else _den_pair[${#_den_pair[@]}]=${_den_tmp[4]}' unknown.domain' _den_na[${#_den_na[@]}]='unknown.domain '${_den_tmp[4]} _den_ref[${#_den_ref[@]}]=${_den_who}' unknown.domain' fi # No processing for IPv6 addresses _den_pc[${#_den_pc[@]}]=${_den_who}' '${_den_tmp[4]} ;; CNAME) # Alias name record # Nickname if _den_str=$(name_fixup ${_den_tmp[0]}) then _den_name[${#_den_name[@]}]=${_den_str} _den_ref[${#_den_ref[@]}]=${_den_who}' '${_den_str}' CNAME' _den_pc[${#_den_pc[@]}]=${_den_who}' '${_den_str} fi # Hostname if _den_str=$(name_fixup ${_den_tmp[4]}) then _den_name[${#_den_name[@]}]=${_den_str} _den_ref[${#_den_ref[@]}]=${_den_who}' '${_den_str}' CHOST' _den_pc[${#_den_pc[@]}]=${_den_who}' '${_den_str} fi ;;# TXT)# ;; esac fi done else # Lookup error == 'A' record 'unknown address' _den_pair[${#_den_pair[@]}]='0.0.0.0 '${_den_who} fi done # Control dot array growth. unique_lines _den_achn _den_achn # Works best, all the same. edit_exact auth_chain _den_achn # Works best, unique items. if [ ${#_den_achn[@]} -gt 0 ] then IFS=${NO_WSP} auth_chain=( ${auth_chain[@]} ${_den_achn[@]} ) IFS=${WSP_IFS} fi unique_lines _den_ref _den_ref # Works best, all the same. edit_exact ref_chain _den_ref # Works best, unique items. if [ ${#_den_ref[@]} -gt 0 ] then IFS=${NO_WSP} ref_chain=( ${ref_chain[@]} ${_den_ref[@]} ) IFS=${WSP_IFS} fi unique_lines _den_na _den_na edit_exact name_address _den_na if [ ${#_den_na[@]} -gt 0 ] then IFS=${NO_WSP} name_address=( ${name_address[@]} ${_den_na[@]} ) IFS=${WSP_IFS} fi unique_lines _den_ns _den_ns edit_exact name_srvc _den_ns if [ ${#_den_ns[@]} -gt 0 ] then IFS=${NO_WSP} name_srvc=( ${name_srvc[@]} ${_den_ns[@]} ) IFS=${WSP_IFS} fi unique_lines _den_nr _den_nr edit_exact name_resource _den_nr if [ ${#_den_nr[@]} -gt 0 ] then IFS=${NO_WSP} name_resource=( ${name_resource[@]} ${_den_nr[@]} ) IFS=${WSP_IFS} fi unique_lines _den_pc _den_pc edit_exact parent_child _den_pc if [ ${#_den_pc[@]} -gt 0 ] then IFS=${NO_WSP} parent_child=( ${parent_child[@]} ${_den_pc[@]} ) IFS=${WSP_IFS} fi # Update list known_pair (Address and Name). unique_lines _den_pair _den_pair edit_exact known_pair _den_pair if [ ${#_den_pair[@]} -gt 0 ] # Anything new? then IFS=${NO_WSP} known_pair=( ${known_pair[@]} ${_den_pair[@]} ) IFS=${WSP_IFS} fi # Update list of reverse pairs. unique_lines _den_rev _den_rev edit_exact reverse_pair _den_rev if [ ${#_den_rev[@]} -gt 0 ] # Anything new? then IFS=${NO_WSP} reverse_pair=( ${reverse_pair[@]} ${_den_rev[@]} ) IFS=${WSP_IFS} fi # Check indirection limit -- give up if reached. if ! _den_lmt=$(limit_chk ${1}) then return 0 fi # Execution engine is LIFO. Order of pend operations is important. # Did we define any new addresses? unique_lines _den_address _den_address # Scrub duplicates. edit_exact known_address _den_address # Scrub already processed. edit_exact un_address _den_address # Scrub already waiting. if [ ${#_den_address[@]} -gt 0 ] # Anything new? then uc_address=( ${uc_address[@]} ${_den_address[@]} ) pend_func expand_input_address ${_den_lmt} _trace_log[${#_trace_log[@]}]='# # # Added '${#_den_address[@]}' unchecked address(s). # # #' fi # Did we find any new names? unique_lines _den_name _den_name # Scrub duplicates. edit_exact known_name _den_name # Scrub already processed. edit_exact uc_name _den_name # Scrub already waiting. if [ ${#_den_name[@]} -gt 0 ] # Anything new? then uc_name=( ${uc_name[@]} ${_den_name[@]} ) pend_func expand_input_name ${_den_lmt} _trace_log[${#_trace_log[@]}]='# # # Added '${#_den_name[@]}' unchecked name(s). # # #' fi return 0}# The parse-it-yourself delegation reply# Input is the chk_address list.# detail_each_address <indirection_limit>detail_each_address() { [ ${#chk_address[@]} -gt 0 ] || return 0 unique_lines chk_address chk_address edit_exact known_address chk_address if [ ${#chk_address[@]} -gt 0 ] then known_address=( ${known_address[@]} ${chk_address[@]} ) unset chk_address[@] fi return 0}# # # Application specific output functions # # ## Pretty print the known pairs.report_pairs() { echo echo 'Known network pairs.' col_print known_pair 2 5 30 if [ ${#auth_chain[@]} -gt 0 ] then echo echo 'Known chain of authority.' col_print auth_chain 2 5 30 55 fi if [ ${#reverse_pair[@]} -gt 0 ] then echo echo 'Known reverse pairs.' col_print reverse_pair 2 5 55 fi return 0}# Check an address against the list of blacklist servers.# A good place to capture for GraphViz: address->status(server(reports))# check_lists <ip_address>check_lists() { [ $# -eq 1 ] || return 1 local -a _cl_fwd_addr local -a _cl_rev_addr local -a _cl_reply local -i _cl_rc local -i _ls_cnt local _cl_dns_addr local _cl_lkup split_ip ${1} _cl_fwd_addr _cl_rev_addr _cl_dns_addr=$(dot_array _cl_rev_addr)'.' _ls_cnt=${#list_server[@]} echo ' Checking address '${1} for (( _cl = 0 ; _cl < _ls_cnt ; _cl++ )) do _cl_lkup=${_cl_dns_addr}${list_server[${_cl}]} if short_text ${_cl_lkup} _cl_reply then if [ ${#_cl_reply[@]} -gt 0 ] then echo ' Records from '${list_server[${_cl}]} address_hits[${#address_hits[@]}]=${1}' '${list_server[${_cl}]} _hs_RC=2 for (( _clr = 0 ; _clr < ${#_cl_reply[@]} ; _clr++ )) do echo ' '${_cl_reply[${_clr}]} done fi fi done return 0}# # # The usual application glue # # ## Who did it?credits() { echo echo 'Advanced Bash Scripting Guide: is_spammer.bash, v2, 2004-msz'}# How to use it?# (See also, "Quickstart" at end of script.)usage() { cat <<-'_usage_statement_' The script is_spammer.bash requires either one or two arguments. arg 1) May be one of: a) A domain name b) An IPv4 address c) The name of a file with any mix of names and addresses, one per line. arg 2) May be one of: a) A Blacklist server domain name b) The name of a file with Blacklist server domain names, one per line. c) If not present, a default list of (free) Blacklist servers is used. d) If a filename of an empty, readable, file is given, Blacklist server lookup is disabled. All script output is written to stdout. Return codes: 0 -> All OK, 1 -> Script failure, 2 -> Something is Blacklisted. Requires the external program 'dig' from the 'bind-9' set of DNS programs. See: http://www.isc.org The domain name lookup depth limit defaults to 2 levels. Set the environment variable SPAMMER_LIMIT to change. SPAMMER_LIMIT=0 means 'unlimited' Limit may also be set on the command line. If arg#1 is an integer, the limit is set to that value and then the above argument rules are applied. Setting the environment variable 'SPAMMER_DATA' to a filename will cause the script to write a GraphViz graphic file. For the development version; Setting the environment variable 'SPAMMER_TRACE' to a filename will cause the execution engine to log a function call trace._usage_statement_}# The default list of Blacklist servers:# Many choices, see: http://www.spews.org/lists.htmldeclare -a default_servers# See: http://www.spamhaus.org (Conservative, well maintained)default_servers[0]='sbl-xbl.spamhaus.org'# See: http://ordb.org (Open mail relays)default_servers[1]='relays.ordb.org'# See: http://www.spamcop.net/ (You can report spammers here)default_servers[2]='bl.spamcop.net'# See: http://www.spews.org (An 'early detect' system)default_servers[3]='l2.spews.dnsbl.sorbs.net'# See: http://www.dnsbl.us.sorbs.net/using.shtmldefault_servers[4]='dnsbl.sorbs.net'# See: http://dsbl.org/usage (Various mail relay lists)default_servers[5]='list.dsbl.org'default_servers[6]='multihop.dsbl.org'default_servers[7]='unconfirmed.dsbl.org'# User input argument #1setup_input() { if [ -e ${1} ] && [ -r ${1} ] # Name of readable file then file_to_array ${1} uc_name echo 'Using filename >'${1}'< as input.' else if is_address ${1} # IP address? then uc_address=( ${1} ) echo 'Starting with address >'${1}'<' else # Must be a name. uc_name=( ${1} ) echo 'Starting with domain name >'${1}'<' fi fi return 0}# User input argument #2setup_servers() { if [ -e ${1} ] && [ -r ${1} ] # Name of a readable file then file_to_array ${1} list_server echo 'Using filename >'${1}'< as blacklist server list.' else list_server=( ${1} ) echo 'Using blacklist server >'${1}'<' fi return 0}# User environment variable SPAMMER_TRACElive_log_die() { if [ ${SPAMMER_TRACE:=} ] # Wants trace log? then if [ ! -e ${SPAMMER_TRACE} ] then if ! touch ${SPAMMER_TRACE} 2>/dev/null then pend_func echo $(printf '%q\n' \ 'Unable to create log file >'${SPAMMER_TRACE}'<') pend_release exit 1 fi _log_file=${SPAMMER_TRACE} _pend_hook_=trace_logger _log_dump=dump_log else if [ ! -w ${SPAMMER_TRACE} ] then pend_func echo $(printf '%q\n' \ 'Unable to write log file >'${SPAMMER_TRACE}'<') pend_release exit 1 fi _log_file=${SPAMMER_TRACE} echo '' > ${_log_file} _pend_hook_=trace_logger _log_dump=dump_log fi fi return 0}# User environment variable SPAMMER_DATAdata_capture() { if [ ${SPAMMER_DATA:=} ] # Wants a data dump? then if [ ! -e ${SPAMMER_DATA} ] then if ! touch ${SPAMMER_DATA} 2>/dev/null then pend_func echo $(printf '%q]n' \ 'Unable to create data output file >'${SPAMMER_DATA}'<') pend_release exit 1 fi _dot_file=${SPAMMER_DATA} _dot_dump=dump_dot else if [ ! -w ${SPAMMER_DATA} ] then pend_func echo $(printf '%q\n' \ 'Unable to write data output file >'${SPAMMER_DATA}'<') pend_release exit 1 fi _dot_file=${SPAMMER_DATA} _dot_dump=dump_dot fi fi return 0}# Grope user specified arguments.do_user_args() { if [ $# -gt 0 ] && is_number $1 then indirect=$1 shift fi case $# in # Did user treat us well? 1) if ! setup_input $1 # Needs error checking. then pend_release $_log_dump exit 1 fi⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -