-
-
Save agarzon/5554490 to your computer and use it in GitHub Desktop.
| #!/bin/sh | |
| # Check if an IP address is listed on one of the following blacklists | |
| # The format is chosen to make it easy to add or delete | |
| # The shell will strip multiple whitespace | |
| BLISTS=" | |
| b.barracudacentral.org | |
| bb.barracudacentral.org | |
| bl.deadbeef.com | |
| bl.mailspike.net | |
| bl.score.senderscore.com | |
| bl.spamcannibal.org | |
| bl.spamcop.net | |
| bl.spameatingmonkey.net | |
| blackholes.five-ten-sg.com | |
| blacklist.woody.ch | |
| bogons.cymru.com | |
| cbl.abuseat.org | |
| cdl.anti-spam.org.cn | |
| combined.abuse.ch | |
| combined.rbl.msrbl.net | |
| db.wpbl.info | |
| dnsbl-1.uceprotect.net | |
| dnsbl-2.uceprotect.net | |
| dnsbl-3.uceprotect.net | |
| dnsbl.inps.de | |
| dnsbl.sorbs.net | |
| drone.abuse.ch | |
| duinv.aupads.org | |
| dul.dnsbl.sorbs.net | |
| dul.ru | |
| dyna.spamrats.com | |
| dynip.rothen.com | |
| http.dnsbl.sorbs.net | |
| images.rbl.msrbl.net | |
| ips.backscatterer.org | |
| ix.dnsbl.manitu.net | |
| korea.services.net | |
| misc.dnsbl.sorbs.net | |
| noptr.spamrats.com | |
| ohps.dnsbl.net.au | |
| omrs.dnsbl.net.au | |
| orvedb.aupads.org | |
| osps.dnsbl.net.au | |
| osrs.dnsbl.net.au | |
| owfs.dnsbl.net.au | |
| owps.dnsbl.net.au | |
| pbl.spamhaus.org | |
| phishing.rbl.msrbl.net | |
| probes.dnsbl.net.au | |
| proxy.bl.gweep.ca | |
| proxy.block.transip.nl | |
| psbl.surriel.com | |
| rbl.interserver.net | |
| rdts.dnsbl.net.au | |
| relays.bl.gweep.ca | |
| relays.bl.kundenserver.de | |
| relays.nether.net | |
| residential.block.transip.nl | |
| ricn.dnsbl.net.au | |
| rmst.dnsbl.net.au | |
| sbl.spamhaus.org | |
| smtp.dnsbl.sorbs.net | |
| socks.dnsbl.sorbs.net | |
| spam.dnsbl.sorbs.net | |
| spam.rbl.msrbl.net | |
| spam.spamrats.com | |
| spamlist.or.kr | |
| spamrbl.imp.ch | |
| t3direct.dnsbl.net.au | |
| tor.dnsbl.sectoor.de | |
| torserver.tor.dnsbl.sectoor.de | |
| ubl.lashback.com | |
| ubl.unsubscore.com | |
| virbl.bit.nl | |
| virus.rbl.msrbl.net | |
| web.dnsbl.sorbs.net | |
| wormrbl.imp.ch | |
| xbl.spamhaus.org | |
| zen.spamhaus.org | |
| zombie.dnsbl.sorbs.net | |
| " | |
| # simple shell function to show an error message and exit | |
| # $0 : the name of shell script, $1 is the string passed as argument | |
| # >&2 : redirect/send the message to stderr | |
| ERROR() { | |
| echo $0 ERROR: $1 >&2 | |
| exit 2 | |
| } | |
| # -- Sanity check on parameters | |
| [ $# -ne 1 ] && ERROR 'Please specify a single IP address' | |
| # -- if the address consists of 4 groups of minimal 1, maximal digits, separated by '.' | |
| # -- reverse the order | |
| # -- if the address does not match these criteria the variable 'reverse will be empty' | |
| reverse=$(echo $1 | | |
| sed -ne "s~^\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)$~\4.\3.\2.\1~p") | |
| if [ "x${reverse}" = "x" ] ; then | |
| ERROR "IMHO '$1' doesn't look like a valid IP address" | |
| exit 1 | |
| fi | |
| # Assuming an IP address of 11.22.33.44 as parameter or argument | |
| # If the IP address in $0 passes our crude regular expression check, | |
| # the variable ${reverse} will contain 44.33.22.11 | |
| # In this case the test will be: | |
| # [ "x44.33.22.11" = "x" ] | |
| # This test will fail and the program will continue | |
| # An empty '${reverse}' means that shell argument $1 doesn't pass our simple IP address check | |
| # In that case the test will be: | |
| # [ "x" = "x" ] | |
| # This evaluates to true, so the script will call the ERROR function and quit | |
| # -- do a reverse ( address -> name) DNS lookup | |
| REVERSE_DNS=$(dig +short -x $1) | |
| echo IP $1 NAME ${REVERSE_DNS:----} | |
| # -- cycle through all the blacklists | |
| for BL in ${BLISTS} ; do | |
| # show the reversed IP and append the name of the blacklist | |
| printf "%-60s" " ${reverse}.${BL}." | |
| # use dig to lookup the name in the blacklist | |
| #echo "$(dig +short -t a ${reverse}.${BL}. | tr '\n' ' ')" | |
| LISTED="$(dig +short -t a ${reverse}.${BL}.)" | |
| echo ${LISTED:----} | |
| done |
Hello @agarzon,
Thank you for creating this script. I was wondering if it is possible to have this script only output the rbls that have blacklisted the IP adress?
Also, is it possible to have the script run more than 1 IP adress at the same time?
You could also remove bl.spamcannibal.org from the list, as this site has been hijacked, ref: https://www.theregister.co.uk/2018/05/30/spamcannibal_hijack/
For some reason every IP address I check comes back with 92.242.140.21. For example
/dnsbl.sh 119.81.192.242
IP 119.81.192.242 NAME f2.c0.5177.ip4.static.sl-reverse.com.
242.192.81.119.b.barracudacentral.org. 92.242.140.21
242.192.81.119.bb.barracudacentral.org. 92.242.140.21
242.192.81.119.bl.deadbeef.com. 92.242.140.21
242.192.81.119.bl.mailspike.net. 92.242.140.21
242.192.81.119.bl.score.senderscore.com. 92.242.140.21
242.192.81.119.bl.spamcannibal.org. 103.224.212.227
242.192.81.119.bl.spamcop.net. 92.242.140.21
242.192.81.119.bl.spameatingmonkey.net. 92.242.140.21
242.192.81.119.blackholes.five-ten-sg.com. 92.242.140.21
242.192.81.119.blacklist.woody.ch. 92.242.140.21
242.192.81.119.bogons.cymru.com. 92.242.140.21
242.192.81.119.cbl.abuseat.org. 92.242.140.21
242.192.81.119.cdl.anti-spam.org.cn. ---
242.192.81.119.combined.abuse.ch. 92.242.140.21
242.192.81.119.combined.rbl.msrbl.net. 92.242.140.21
242.192.81.119.db.wpbl.info. 92.242.140.21
242.192.81.119.dnsbl-1.uceprotect.net. 92.242.140.21
242.192.81.119.dnsbl-2.uceprotect.net. 92.242.140.21
242.192.81.119.dnsbl-3.uceprotect.net. 92.242.140.21
242.192.81.119.dnsbl.inps.de. 92.242.140.21
242.192.81.119.dnsbl.sorbs.net. 92.242.140.21
242.192.81.119.drone.abuse.ch. 92.242.140.21
242.192.81.119.duinv.aupads.org. 92.242.140.21
242.192.81.119.dul.dnsbl.sorbs.net. 92.242.140.21
242.192.81.119.dul.ru. 92.242.140.21
242.192.81.119.dyna.spamrats.com. 92.242.140.21
242.192.81.119.dynip.rothen.com. 92.242.140.21
242.192.81.119.http.dnsbl.sorbs.net. 92.242.140.21
242.192.81.119.images.rbl.msrbl.net. 92.242.140.21
242.192.81.119.ips.backscatterer.org. 92.242.140.21
242.192.81.119.ix.dnsbl.manitu.net. 92.242.140.21
242.192.81.119.korea.services.net. 92.242.140.21
242.192.81.119.misc.dnsbl.sorbs.net. 92.242.140.21
242.192.81.119.noptr.spamrats.com. 92.242.140.21
242.192.81.119.ohps.dnsbl.net.au. 92.242.140.21
242.192.81.119.omrs.dnsbl.net.au. 92.242.140.21
242.192.81.119.orvedb.aupads.org. 92.242.140.21
242.192.81.119.osps.dnsbl.net.au. 92.242.140.21
242.192.81.119.osrs.dnsbl.net.au. 92.242.140.21
242.192.81.119.owfs.dnsbl.net.au. 92.242.140.21
242.192.81.119.owps.dnsbl.net.au. 92.242.140.21
242.192.81.119.pbl.spamhaus.org. 92.242.140.21
242.192.81.119.phishing.rbl.msrbl.net. 92.242.140.21
242.192.81.119.probes.dnsbl.net.au. 92.242.140.21
242.192.81.119.proxy.bl.gweep.ca. 92.242.140.21
242.192.81.119.proxy.block.transip.nl. 92.242.140.21
242.192.81.119.psbl.surriel.com. 92.242.140.21
242.192.81.119.rbl.interserver.net. 92.242.140.21
242.192.81.119.rdts.dnsbl.net.au. 92.242.140.21
242.192.81.119.relays.bl.gweep.ca. 92.242.140.21
242.192.81.119.relays.bl.kundenserver.de. 92.242.140.21
242.192.81.119.relays.nether.net. 92.242.140.21
242.192.81.119.residential.block.transip.nl. 92.242.140.21
242.192.81.119.ricn.dnsbl.net.au. 92.242.140.21
242.192.81.119.rmst.dnsbl.net.au. 92.242.140.21
242.192.81.119.sbl.spamhaus.org. 92.242.140.21
242.192.81.119.smtp.dnsbl.sorbs.net. 92.242.140.21
242.192.81.119.socks.dnsbl.sorbs.net. 92.242.140.21
242.192.81.119.spam.dnsbl.sorbs.net. 92.242.140.21
242.192.81.119.spam.rbl.msrbl.net. 92.242.140.21
242.192.81.119.spam.spamrats.com. 92.242.140.21
242.192.81.119.spamlist.or.kr. 92.242.140.21
242.192.81.119.spamrbl.imp.ch. 92.242.140.21
242.192.81.119.t3direct.dnsbl.net.au. 92.242.140.21
242.192.81.119.tor.dnsbl.sectoor.de. 92.242.140.21
242.192.81.119.torserver.tor.dnsbl.sectoor.de. 92.242.140.21
242.192.81.119.ubl.lashback.com. 92.242.140.21
242.192.81.119.ubl.unsubscore.com. 92.242.140.21
242.192.81.119.virbl.bit.nl. 92.242.140.21
242.192.81.119.virus.rbl.msrbl.net. 92.242.140.21
242.192.81.119.web.dnsbl.sorbs.net. 92.242.140.21
242.192.81.119.wormrbl.imp.ch. 92.242.140.21
242.192.81.119.xbl.spamhaus.org. 92.242.140.21
242.192.81.119.zen.spamhaus.org. 92.242.140.21
242.192.81.119.zombie.dnsbl.sorbs.net. 92.242.140.21
That script doesnt work for me.
sh ./dnsbl.sh
: not found: dnsbl.sh:
:not found3: dnsbl.sh:
:not found7: dnsbl.sh:
dnsbl.sh: 90: dnsbl.sh: Syntax error: Bad fd number
OK: problem was with copying/pasting windows -> linux, so after that command everything is OK:
Thank you all.
Note: More doesn't means better, in fact there are only a few services that are actually being using out there obviously the most popular ones, this script could easily stick with the only 10 most popular and still making his purpose.
In fact, I just updated the list deleting those that are not active anymore.