toantran-ea/sample_blip.py

## sample_blip.py
import socket

def get_list():
        s ="""
        Deny from 208.50.101.
        Deny from 78.234.5.2
        Deny from 98.150.108.228
        Deny from 69.41.14.215
        Deny from 64.124.98.10
        Deny from 64.125.188.25
        Deny from 64.124.203.72
        Deny from 8.28.16.
        Deny from 91.121.
        Deny from 77.222.61.
        Deny from 74.63.250.
        Deny from 27.159.223.
        Deny from 94.23.
        Deny from 89.185.228.
        Deny from 95.87.220.
        Deny from 69.94.34.
        Deny from 221.132.34.
        Deny from 114.33.237.
        Deny from 184.169.163.
        Deny from 69.162.68.
        Deny from 91.102.118.
        Deny from 27.54.93.
        Deny from 198.57.208.
        Deny from 142.4.215.
        Deny from 79.142.67.
        Deny from 65.111.165.
        Deny from 69.175.78.
        Deny from 37.59.47.
        Deny from 201.10.113.
        Deny from 1.234.27.
        Deny from 123.30.50.
        Deny from 89.221.250.
        Deny from 202.43.169.
        Deny from 41.210.123.
        Deny from 173.54.107.
        Deny from 69.169.94.
        Deny from 188.165.
        Deny from 93.185.106.
        Deny from 118.98.223.
        Deny from 200.63.102.
        Deny from 84.127.22.
        Deny from 151.28.208.
        Deny from 176.194.133.
        Deny from 213.184.242.
        Deny from 27.153.229.
        Deny from 72.47.196.
        Deny from 109.199.242.214
        Deny from 208.27.69.9
        Deny from 86.83.234.160
        Deny from 103.3.223.91
        Deny from 81.149.190.176
        Deny from 213.125.223.202
        Deny from 46.120.100.248
        Deny from 188.49.63.110
        Deny from 199.229.249.187
        Deny from 37.77.162.130
        Deny from 80.192.66.108
        Deny from 84.25.70.100
        Deny from 37.221.160.158
        Deny from 209.140.28.124
        Deny from 212.227.18.17
        Deny from 178.119.213.35
        Deny from 85.246.12.149
        Deny from 91.236.116.119
        Deny from 81.157.96.215
        Deny from 213.100.101.109
        Deny from 112.198.77.40
        Deny from 216.38.8.177
        Deny from 204.45.133.74
        Deny from 71.245.243.98
        Deny from 212.227.18.17
        Deny from 188.223.209.72
        Deny from 109.255.36.134
        Deny from 86.19.152.228
        Deny from 71.6.203.27
        Deny from 184.168.116.128
        Deny from 151.27.123.198
        Deny from 65.55.24.237
        Deny from 157.
        Deny from 81.144.138.34
        Deny from 111.73.46.4
        Deny from 186.222.83.11
        Deny from 60.234.45.151
        Deny from 157.
        Deny from 82.170.182.160
        Deny from 82.169.246.22
        Deny from 64.14.78.96
        Deny from 86.156.146.50
        Deny from 85.59.38.177
        Deny from 81.144.138.34
        Deny from 157.55.36.
        Deny from 8.28.16.
        Deny from 27.159.233.63
        Deny from 50.9.101.245
        Deny from 61.189.22.137
        Deny from 64.124.203.
        Deny from 74.217.148.
        Deny from 78.85.18.135
        Deny from 89.31.
        Deny from 109.108.163.154
        Deny from 110.85.115.183
        Deny from 120.37.208.95
        Deny from 120.37.210.111
        Deny from 120.43.4.142
        Deny from 120.39.23.174
        Deny from 124.243.124.206
        Deny from 150.70.64.
        Deny from 150.70.75.
        Deny from 150.70.172.
        Deny from 174.127.133.
        Deny from 200.98.197.
        Deny from 204.13.66.21
        Deny from 207.241.226.91
        Deny from 208.50.101.
        Deny from 221.206.105.219
        Deny from 183.61.245.
        Deny from 190.199.229.235
        Deny from 207.241.237.
        Deny from 82.165.136.
        """
        ip_string = s.replace(" Deny from ", "").replace(" ", "").split("\n")[1:-1]
        return ip_string

def get_list_from_url(url="https://dl.dropboxusercontent.com/u/527312/brute-force-ips.txt"):
        import urllib2
        data = urllib2.urlopen(url).read()
        ip_strings = []
        raw_data = data.split('\r')

        for line in raw_data:
                if line.startswith(" deny from"):
                        ip_strings.append(line.replace("deny from", "").replace(" ", ""))
        return ip_strings

def is_blacklisted(ip):
        targets = ['sbl-xbl.spamhaus.org', 'bl.spamcop.net']
        ip_fragments = ip.split('.')
        ip_fragments.reverse()
        rev_ip = '.'.join(f for f in ip_fragments)
        print 'rev_ip = ' + rev_ip
        blacklist = []
        for target in targets:
            try:
                resolved_address =  '.'.join(x for x in [rev_ip, target])
                print "Checking against " + resolved_address
                socket.getaddrinfo(resolved_address, 80)
                blacklist.append(target)
                print '{0} is listed on {1}'.format(ip, target)
            except socket.gaierror:
                print '{0} is OK on {1}'.format(ip, target)

        return len(blacklist) != 0

def filter_ips():
        ip_strings =  get_list_from_url()
        blacklisted_ips = [ip for ip in ip_strings if is_blacklisted(ip)]
        print blacklisted_ips
        return blacklisted_ips

if __name__ == '__main__':
        # print is_blacklisted('116.118.139.124')
        filter_ips()
	import socket

	def get_list():
	s ="""
	Deny from 208.50.101.
	Deny from 78.234.5.2
	Deny from 98.150.108.228
	Deny from 69.41.14.215
	Deny from 64.124.98.10
	Deny from 64.125.188.25
	Deny from 64.124.203.72
	Deny from 8.28.16.
	Deny from 91.121.
	Deny from 77.222.61.
	Deny from 74.63.250.
	Deny from 27.159.223.
	Deny from 94.23.
	Deny from 89.185.228.
	Deny from 95.87.220.
	Deny from 69.94.34.
	Deny from 221.132.34.
	Deny from 114.33.237.
	Deny from 184.169.163.
	Deny from 69.162.68.
	Deny from 91.102.118.
	Deny from 27.54.93.
	Deny from 198.57.208.
	Deny from 142.4.215.
	Deny from 79.142.67.
	Deny from 65.111.165.
	Deny from 69.175.78.
	Deny from 37.59.47.
	Deny from 201.10.113.
	Deny from 1.234.27.
	Deny from 123.30.50.
	Deny from 89.221.250.
	Deny from 202.43.169.
	Deny from 41.210.123.
	Deny from 173.54.107.
	Deny from 69.169.94.
	Deny from 188.165.
	Deny from 93.185.106.
	Deny from 118.98.223.
	Deny from 200.63.102.
	Deny from 84.127.22.
	Deny from 151.28.208.
	Deny from 176.194.133.
	Deny from 213.184.242.
	Deny from 27.153.229.
	Deny from 72.47.196.
	Deny from 109.199.242.214
	Deny from 208.27.69.9
	Deny from 86.83.234.160
	Deny from 103.3.223.91
	Deny from 81.149.190.176
	Deny from 213.125.223.202
	Deny from 46.120.100.248
	Deny from 188.49.63.110
	Deny from 199.229.249.187
	Deny from 37.77.162.130
	Deny from 80.192.66.108
	Deny from 84.25.70.100
	Deny from 37.221.160.158
	Deny from 209.140.28.124
	Deny from 212.227.18.17
	Deny from 178.119.213.35
	Deny from 85.246.12.149
	Deny from 91.236.116.119
	Deny from 81.157.96.215
	Deny from 213.100.101.109
	Deny from 112.198.77.40
	Deny from 216.38.8.177
	Deny from 204.45.133.74
	Deny from 71.245.243.98
	Deny from 212.227.18.17
	Deny from 188.223.209.72
	Deny from 109.255.36.134
	Deny from 86.19.152.228
	Deny from 71.6.203.27
	Deny from 184.168.116.128
	Deny from 151.27.123.198
	Deny from 65.55.24.237
	Deny from 157.
	Deny from 81.144.138.34
	Deny from 111.73.46.4
	Deny from 186.222.83.11
	Deny from 60.234.45.151
	Deny from 157.
	Deny from 82.170.182.160
	Deny from 82.169.246.22
	Deny from 64.14.78.96
	Deny from 86.156.146.50
	Deny from 85.59.38.177
	Deny from 81.144.138.34
	Deny from 157.55.36.
	Deny from 8.28.16.
	Deny from 27.159.233.63
	Deny from 50.9.101.245
	Deny from 61.189.22.137
	Deny from 64.124.203.
	Deny from 74.217.148.
	Deny from 78.85.18.135
	Deny from 89.31.
	Deny from 109.108.163.154
	Deny from 110.85.115.183
	Deny from 120.37.208.95
	Deny from 120.37.210.111
	Deny from 120.43.4.142
	Deny from 120.39.23.174
	Deny from 124.243.124.206
	Deny from 150.70.64.
	Deny from 150.70.75.
	Deny from 150.70.172.
	Deny from 174.127.133.
	Deny from 200.98.197.
	Deny from 204.13.66.21
	Deny from 207.241.226.91
	Deny from 208.50.101.
	Deny from 221.206.105.219
	Deny from 183.61.245.
	Deny from 190.199.229.235
	Deny from 207.241.237.
	Deny from 82.165.136.
	"""
	ip_string = s.replace(" Deny from ", "").replace(" ", "").split("\n")[1:-1]
	return ip_string

	def get_list_from_url(url="https://dl.dropboxusercontent.com/u/527312/brute-force-ips.txt"):
	import urllib2
	data = urllib2.urlopen(url).read()
	ip_strings = []
	raw_data = data.split('\r')

	for line in raw_data:
	if line.startswith(" deny from"):
	ip_strings.append(line.replace("deny from", "").replace(" ", ""))
	return ip_strings

	def is_blacklisted(ip):
	targets = ['sbl-xbl.spamhaus.org', 'bl.spamcop.net']
	ip_fragments = ip.split('.')
	ip_fragments.reverse()
	rev_ip = '.'.join(f for f in ip_fragments)
	print 'rev_ip = ' + rev_ip
	blacklist = []
	for target in targets:
	try:
	resolved_address = '.'.join(x for x in [rev_ip, target])
	print "Checking against " + resolved_address
	socket.getaddrinfo(resolved_address, 80)
	blacklist.append(target)
	print '{0} is listed on {1}'.format(ip, target)
	except socket.gaierror:
	print '{0} is OK on {1}'.format(ip, target)

	return len(blacklist) != 0

	def filter_ips():
	ip_strings = get_list_from_url()
	blacklisted_ips = [ip for ip in ip_strings if is_blacklisted(ip)]
	print blacklisted_ips
	return blacklisted_ips

	if __name__ == '__main__':
	# print is_blacklisted('116.118.139.124')
	filter_ips()