def search(self): display(self.module_name, self.ioc, "INFO", "Searching...") url = "https://openphish.com/" paths = ["feed.txt"] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): try: midle = line.split("//")[-1].split("/")[0] except: midle = None if self.type == "URL": if self.ioc in line: display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path)) return elif self.type == "IPv4" and parse.is_valid_ipv4_address( midle): if self.ioc == midle: display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path)) return elif self.type == "domain" and parse.is_valid_domain(midle): if midle == self.ioc: display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path)) return
def search(self): display(self.module_name, self.ioc, "INFO", "Searching...") url = "http://mirror1.malwaredomains.com/files/" paths = ["immortal_domains.txt"] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): if line == self.ioc: display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path))
def search(self): mod.display(self.module_name, "", "INFO", "Searching...") url = "http://vxvault.net/" paths = ["URL_List.php"] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): if self.ioc in line: mod.display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path)) return
def search(self): display(self.module_name, self.ioc, "INFO", "Searching...") url = "https://www.malwaredomainlist.com/hostslist/" paths = ["hosts.txt"] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): if "127.0.0.1" in line: if self.ioc == line.split(" ")[1].strip(): display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path))
def search(self): display(self.module_name, self.ioc, "INFO", "Searching...") url = "http://malwaredomains.lehigh.edu/files/" paths = ["domains.txt"] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): if line and line[0] != '#': base = line.split("\t\t")[1] if self.ioc == base.split("\t")[0]: display(self.module_name, self.ioc, "FOUND", "[%s] %s%s" % (base.split("\t")[1], url, path))
def search(self): display(self.module_name, self.ioc, "INFO", "Searching...") url = "http://cybercrime-tracker.net/" paths = ["all.php"] if self.type == "URL": self.ioc = self.ioc.split("//")[1] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): if self.ioc in line: display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path))
def search(self): display(self.module_name, self.ioc, "INFO", "Searching...") url = "http://hosts-file.malwareteks.com/" paths = ["hosts.txt"] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): try: if self.ioc == line.split("127.0.0.1")[1].strip(): display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path)) except: pass
def search(self): display(self.module_name, self.ioc, "INFO", "Searching...") url = "https://sslbl.abuse.ch/blacklist/" paths = ["sslblacklist.csv"] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): if self.ioc in line: infos = line.split(',') display(self.module_name, self.ioc, "FOUND", "%s | %s%s" % (infos[2], url, path)) return
def search(self): display(self.module_name, self.ioc, "INFO", "Searching...") url = "http://www.nothink.org/blacklist/" paths = [ "blacklist_snmp_year.txt", "blacklist_ssh_year.txt", "blacklist_telnet_year.txt" ] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): if self.ioc in line: display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path))
def search(self): display(self.module_name, self.ioc, "INFO", "Searching...") url = "https://ransomwaretracker.abuse.ch/feeds/" paths = ["csv"] content = Cache(self.module_name, url, paths[0], self.search_method).content for line in content.split("\n"): try: if self.ioc in line: display( self.module_name, self.ioc, "FOUND", "%s | %s%s" % (line.split(",")[2].replace( '"', '', 2), url, paths[0])) except: pass
def search(self): mod.display(self.module_name, "", "INFO", "Searching...") url = "https://www.dshield.org/feeds/" paths = [ "suspiciousdomains_Low.txt", "suspiciousdomains_Medium.txt", "suspiciousdomains_High.txt" ] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): try: if line[0] != '#': if line.lower() == self.ioc.lower(): mod.display(self.module_name, self.ioc, "FOUND", "%s%s"%(url, path)) except: pass
def search(self): mod.display(self.module_name, "", "INFO", "Searching...") url = "https://www.spamhaus.org/drop/" paths = [ "drop.txt", "edrop.txt", "dropv6.txt", ] for path in paths: content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): try: if line[0] != ';': if IPAddress(self.ioc) in IPNetwork( line.split(" ")[0]): mod.display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path)) except: pass
def search(self): display(self.module_name, self.ioc, "INFO", "Searching...") url = "https://zeustracker.abuse.ch/" paths = [ "blocklist.php?download=baddomains", "blocklist.php?download=ipblocklist", "blocklist.php?download=compromised" ] for path in paths: if self.type == "URL": try: self.ioc = self.ioc.split("://")[1] except: pass content = Cache(self.module_name, url, path, self.search_method).content for line in content.split("\n"): if path.split("=")[1] == "compromised": if self.type == "URL": if self.ioc == line: display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path)) return else: line = line.split("/")[0] try: line = line.split(":")[0] except: pass if self.type == "domain" and parse.is_valid_domain( line.strip()): if line.strip() == self.ioc: display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path)) return elif self.type == "IPv4" and parse.is_valid_ipv4_address( line.strip()): if line.strip() == self.ioc: display(self.module_name, self.ioc, "FOUND", "%s%s" % (url, path)) return