Skip to content

Instantly share code, notes, and snippets.

@crashdump

crashdump/check-dnsrbl.py

Last active December 17, 2015 22:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save crashdump/5685096 to your computer and use it in GitHub Desktop.
Save crashdump/5685096 to your computer and use it in GitHub Desktop.
Download ZIP
Check a hostname (or an ip) against a list of dnsrbls. * dns roundrobin aware: If the domain have multiples ips, then the check is ran for all of them. I've also provided a template if you want to use it with Zabbix as an External Check: - Configure ExternalScripts variable in zabbix_server.conf - Put the script (check-dnsrbl.py and check-dnsrbl…
Raw
check-dnsrbl.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
import time, socket, sys, argparse
from multiprocessing.pool import ThreadPool
DNSRBL_LIST='/etc/zabbix/externalscripts/check-dnsrbl.txt'
result_list = []
def reverse_host(host, separator='.'):
host_list = host.split(separator)
host_list_reversed = []
n = len(host_list)
while n != 0:
host_list_reversed.append(host_list[n-1])
n -= 1
continue
return separator.join(host_list_reversed)
def dns_req(dnsrbl, host, args):
req_start_time = time.time()
try:
if socket.gethostbyname("%s.%s" % (reverse_host(host), dnsrbl)).startswith("127"):
if not args.count:
sys.stdout.write("%s listed on %s (request time: %.2f)\n" % (host, dnsrbl, time.time() - req_start_time))
return (host, dnsrbl)
except socket.gaierror:
if args.verbose:
sys.stdout.write("%s not listed on %s (request time: %.2f)\n" % (host, dnsrbl, time.time() - req_start_time))
return False
def log_result(is_listed):
if is_listed:
result_list.append(is_listed)
def main():
parser = argparse.ArgumentParser()
parser.add_argument('host', help='The host or hostname you want to check')
parser.add_argument('-v', '--verbose', action='store_true', help='Verbose output')
parser.add_argument('-c', '--count', action='store_true', help='Count results only')
parser.add_argument('-l', '--list', action='store_true', help='Lists the DNS blacklists in use')
args = parser.parse_args()
try:
socket.gethostbyname_ex(args.host)
except socket.gaierror:
sys.exit("Cannot resolve host !")
with open(DNSRBL_LIST, 'r') as f:
dnsrbl_list = [line.strip() for line in f]
if args.list:
for dnsrbl in dnsrbl_list:
print dnsrbl
exit(0)
pool = ThreadPool(processes=12)
for host in socket.gethostbyname_ex(args.host)[2]:
for dnsrbl in dnsrbl_list:
async_result = pool.apply_async(dns_req, (dnsrbl, host, args), callback=log_result)
pool.close()
pool.join()
if args.count:
sys.stdout.write("%s\n" % len(result_list))
if __name__ == "__main__":
main()
Raw
check-dnsrbl.template.xml
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>2.0</version>
<date>2013-06-03T12:26:17Z</date>
<groups>
<group>
<name>Templates</name>
</group>
</groups>
<templates>
<template>
<template>Template External Check - DNSRBL</template>
<name>Template External Check - DNSRBL</name>
<groups>
<group>
<name>Templates</name>
</group>
</groups>
<applications>
<application>
<name>DNSRBL</name>
</application>
</applications>
<items>
<item>
<name>List of checked DNS blacklists</name>
<type>10</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>check-dnsrbl.py[&quot;-l&quot;,&quot;{HOST.NAME}&quot;]</key>
<delay>14400</delay>
<history>90</history>
<trends>365</trends>
<status>0</status>
<value_type>4</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authpassphrase/>
<snmpv3_privpassphrase/>
<formula>1</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>DNSRBL</name>
</application>
</applications>
<valuemap/>
</item>
<item>
<name>List of DNS blacklists where server IP is defined</name>
<type>10</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>check-dnsrbl.py[&quot;{HOST.NAME}&quot;]</key>
<delay>14400</delay>
<history>90</history>
<trends>365</trends>
<status>0</status>
<value_type>4</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authpassphrase/>
<snmpv3_privpassphrase/>
<formula>1</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>DNSRBL</name>
</application>
</applications>
<valuemap/>
</item>
<item>
<name>Number of DNS blacklists where server IP is defined</name>
<type>10</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>check-dnsrbl.py[&quot;-c&quot;,&quot;{HOST.NAME}&quot;]</key>
<delay>8200</delay>
<history>90</history>
<trends>365</trends>
<status>0</status>
<value_type>0</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authpassphrase/>
<snmpv3_privpassphrase/>
<formula>1</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>DNSRBL</name>
</application>
</applications>
<valuemap/>
</item>
</items>
<discovery_rules/>
<macros/>
<templates/>
<screens/>
</template>
</templates>
<triggers>
<trigger>
<expression>{Template External Check - DNSRBL:check-dnsrbl.py[&quot;-c&quot;,&quot;{HOST.NAME}&quot;].last(0)}&gt;0</expression>
<name>{HOSTNAME} exist in {ITEM.LASTVALUE} blacklist !</name>
<url/>
<status>0</status>
<priority>2</priority>
<description/>
<type>0</type>
<dependencies/>
</trigger>
</triggers>
</zabbix_export>
Raw
check-dnsrbl.txt
b.barracudacentral.org
blackholes.five-ten-sg.com
blacklist.woody.ch
bl.deadbeef.com
bl.emailbasura.org
bl.spamcannibal.org
bl.spamcop.net
bogons.cymru.com
cbl.abuseat.org
cdl.anti-spam.org.cn
combined.abuse.ch
db.wpbl.info
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
dnsbl.ahbl.org
dnsbl.inps.de
dnsbl.sorbs.net
drone.abuse.ch
duinv.aupads.org
dul.dnsbl.sorbs.net
dul.ru
dyna.spamrats.com
http.dnsbl.sorbs.net
ips.backscatterer.org
ix.dnsbl.manitu.net
korea.services.net
misc.dnsbl.sorbs.net
noptr.spamrats.com
orvedb.aupads.org
pbl.spamhaus.org
proxy.bl.gweep.ca
proxy.block.transip.nl
rbl.interserver.net
relays.bl.gweep.ca
relays.bl.kundenserver.de
relays.nether.net
residential.block.transip.nl
sbl.spamhaus.org
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.abuse.ch
spam.dnsbl.sorbs.net
spamlist.or.kr
spamrbl.imp.ch
spam.spamrats.com
tor.ahbl.org
tor.dnsbl.sectoor.de
torserver.tor.dnsbl.sectoor.de
ubl.lashback.com
ubl.unsubscore.com
virbl.bit.nl
virus.rbl.jp
web.dnsbl.sorbs.net
wormrbl.imp.ch
xbl.spamhaus.org
zen.spamhaus.org
zombie.dnsbl.sorbs.net
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment