def search(self):
display(self.module_name, self.ioc, "INFO", "Searching...")
url = "https://openphish.com/"
paths = ["feed.txt"]
for path in paths:
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
try:
midle = line.split("//")[-1].split("/")[0]
except:
midle = None
if self.type == "URL":
if self.ioc in line:
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
return
elif self.type == "IPv4" and parse.is_valid_ipv4_address(
midle):
if self.ioc == midle:
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
return
elif self.type == "domain" and parse.is_valid_domain(midle):
if midle == self.ioc:
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
return
def search(self):
display(self.module_name, self.ioc, "INFO", "Searching...")
url = "http://mirror1.malwaredomains.com/files/"
paths = ["immortal_domains.txt"]
for path in paths:
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
if line == self.ioc:
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
def search(self):
mod.display(self.module_name, "", "INFO", "Searching...")
url = "http://vxvault.net/"
paths = ["URL_List.php"]
for path in paths:
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
if self.ioc in line:
mod.display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
return
def search(self):
display(self.module_name, self.ioc, "INFO", "Searching...")
url = "https://www.malwaredomainlist.com/hostslist/"
paths = ["hosts.txt"]
for path in paths:
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
if "127.0.0.1" in line:
if self.ioc == line.split(" ")[1].strip():
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
def search(self):
display(self.module_name, self.ioc, "INFO", "Searching...")
url = "http://malwaredomains.lehigh.edu/files/"
paths = ["domains.txt"]
for path in paths:
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
if line and line[0] != '#':
base = line.split("\t\t")[1]
if self.ioc == base.split("\t")[0]:
display(self.module_name, self.ioc, "FOUND",
"[%s] %s%s" % (base.split("\t")[1], url, path))
def search(self):
display(self.module_name, self.ioc, "INFO", "Searching...")
url = "http://cybercrime-tracker.net/"
paths = ["all.php"]
if self.type == "URL":
self.ioc = self.ioc.split("//")[1]
for path in paths:
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
if self.ioc in line:
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
def search(self):
display(self.module_name, self.ioc, "INFO", "Searching...")
url = "http://hosts-file.malwareteks.com/"
paths = ["hosts.txt"]
for path in paths:
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
try:
if self.ioc == line.split("127.0.0.1")[1].strip():
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
except:
pass
def search(self):
display(self.module_name, self.ioc, "INFO", "Searching...")
url = "https://sslbl.abuse.ch/blacklist/"
paths = ["sslblacklist.csv"]
for path in paths:
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
if self.ioc in line:
infos = line.split(',')
display(self.module_name, self.ioc, "FOUND",
"%s | %s%s" % (infos[2], url, path))
return
def search(self):
display(self.module_name, self.ioc, "INFO", "Searching...")
url = "http://www.nothink.org/blacklist/"
paths = [
"blacklist_snmp_year.txt", "blacklist_ssh_year.txt",
"blacklist_telnet_year.txt"
]
for path in paths:
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
if self.ioc in line:
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
def search(self):
display(self.module_name, self.ioc, "INFO", "Searching...")
url = "https://ransomwaretracker.abuse.ch/feeds/"
paths = ["csv"]
content = Cache(self.module_name, url, paths[0],
self.search_method).content
for line in content.split("\n"):
try:
if self.ioc in line:
display(
self.module_name, self.ioc,
"FOUND", "%s | %s%s" % (line.split(",")[2].replace(
'"', '', 2), url, paths[0]))
except:
pass
def search(self):
mod.display(self.module_name, "", "INFO", "Searching...")
url = "https://www.dshield.org/feeds/"
paths = [
"suspiciousdomains_Low.txt",
"suspiciousdomains_Medium.txt",
"suspiciousdomains_High.txt"
]
for path in paths:
content = Cache(self.module_name, url, path, self.search_method).content
for line in content.split("\n"):
try:
if line[0] != '#':
if line.lower() == self.ioc.lower():
mod.display(self.module_name, self.ioc, "FOUND", "%s%s"%(url, path))
except:
pass
def search(self):
mod.display(self.module_name, "", "INFO", "Searching...")
url = "https://www.spamhaus.org/drop/"
paths = [
"drop.txt",
"edrop.txt",
"dropv6.txt",
]
for path in paths:
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
try:
if line[0] != ';':
if IPAddress(self.ioc) in IPNetwork(
line.split(" ")[0]):
mod.display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
except:
pass
def search(self):
display(self.module_name, self.ioc, "INFO", "Searching...")
url = "https://zeustracker.abuse.ch/"
paths = [
"blocklist.php?download=baddomains",
"blocklist.php?download=ipblocklist",
"blocklist.php?download=compromised"
]
for path in paths:
if self.type == "URL":
try:
self.ioc = self.ioc.split("://")[1]
except:
pass
content = Cache(self.module_name, url, path,
self.search_method).content
for line in content.split("\n"):
if path.split("=")[1] == "compromised":
if self.type == "URL":
if self.ioc == line:
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
return
else:
line = line.split("/")[0]
try:
line = line.split(":")[0]
except:
pass
if self.type == "domain" and parse.is_valid_domain(
line.strip()):
if line.strip() == self.ioc:
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
return
elif self.type == "IPv4" and parse.is_valid_ipv4_address(
line.strip()):
if line.strip() == self.ioc:
display(self.module_name, self.ioc, "FOUND",
"%s%s" % (url, path))
return
