blob: 1a7c54768f7f81b640c0631a293f5226f7f3e2a0 (
plain)
1 #!/usr/bin/env bash
2 # Script to check if specified IP is on common known dns blacklists
3 # Copyright (C) 2018 Aaron Ball <nullspoon@oper.io>
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 # Default to opendns main nameserver if the NS variable isn't set
19 export NS=${NS:-208.67.220.220}
20
21 # Pertinent color escape sequences
22 export CGREEN=$'\e[32m'
23 export CRED=$'\e[31m'
24 export CRESET=$'\e[0m'
25
26 export LIST=${LIST:-dnsbls.txt}
27
28 # is_ipv4:
29 # Checks if the provided string is a valid IPv4 address.
30 #
31 # @str String to check
32 # @return (stdout) 1 == valid ip, 0 == invalid ip
33 is_ipv4() {
34 local str="${1}"
35 local match
36 match=$(printf "${str}" | grep -E '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$')
37 if [ "${match}" = "${str}" ]; then
38 printf 1
39 return 0;
40 fi
41 printf 0;
42 return 1;
43 }
44
45
46 # main:
47 # Ye olde' main.
48 #
49 # @ip IP address to check for blacklist
50 main() {
51 local ip="${1}" # IP address to check for blacklisting
52 local rev # IP address, reversed for dns lookup (dig)
53 local resp # Response from dns query
54 local dnsbls # Array of dns blacklist endpoints
55 local found # Number of times the ip was found in blacklists
56
57 if [ -z "${ip}" ]; then
58 printf "IP address required\n"
59 return 1
60 fi
61
62 if [ ! -f "${LIST}" ]; then
63 printf "ERROR: DNSBL manifest '%s' not accessible.\n" "${LIST}"
64 printf "Please set LIST environment variable to file that exists\n"
65 return 1
66 else
67 dnsbls=($(grep -v '^#' "${LIST}"))
68 fi
69
70 if [ $(is_ipv4 "${ip}") = 0 ]; then
71 printf "Provided IP '%s' is not a valid IPv4 address\n" "${ip}"
72 return 1
73 fi
74
75 # If the terminal is not a char terminal (eg: someone is using less, more,
76 # cat, etc), we don't want to print escape codes because they will get
77 # mangled by the tool most likely.
78 if [ ! -t 1 ]; then
79 unset CGREEN
80 unset CRED
81 unset CRESET
82 fi
83
84 # Reverse the ip address
85 rev=$(printf '%s.' "${ip}" | tac -s.)
86
87 # Some basic information
88 printf "Checking %s\n" "${ip}"
89 printf "Reverse DNS: %s\n\n" "$(dig @${NS} +short -x ${ip})"
90
91 found=0
92 for bl in ${dnsbls[@]}; do
93 # I can dig it
94 resp="$(dig @${NS} +short -t a ${rev}${bl})"
95 printf "%-25s: " "${bl}"
96 if [ -z "${resp}" ]; then
97 printf "%bNot found%b\n" "${CGREEN}" "${CRESET}"
98 else
99 printf "%bFound%b\n" "${CRED}" "${CRESET}"
100 found=$((found + 1))
101 fi
102 done
103
104 printf "\nFound %s on %d lists\n" "${ip}" "${found}"
105 }
106
107 main ${@}
|
