web2intel

###About

Script to fetch malicious domain and URL lists from sites that publish RSS feeds or raw HTML pages.

###Supported Lists

The Abuse.ch SSL block list
The Quttera malicious, suspicious, and potentially suspicious domains database
John Bambenek's Gameover Zeus list
DNS-BH – Malware Domain Blocklist
SANS Internet Storm Center LOW, MEDIUM, and HIGH confidence block lists
Sucuri Security's scanner identified iframe, conditional redirection, and encoded javascript web site list

###Usage

./web2intel.rb <option> <extras>

<option>
--sslbl 			- The abuse.ch SSL block list
--q_mal 			- The Quttera malicious domains database
--q_sus 			- The Quttera suspicious domains database
--q_pot 			- The Quttera potentially suspicious database
--goz 				- Gameover Zeus list
--mwdoms 			- DNS-BH – Malware Domain Blocklist
--isc_low			- SANS Internet Storm Center LOW confidence block list
--isc_med			- SANS Internet Storm Center MEDIUM confidence block list
--isc_high			- SANS Internet Storm Center HIGH confidence block list
--sucuri_iframe		- Sucuri scanner identified iframe compromised web site list
--sucuri_redirect	- Sucuri scanner identified conditional redirections list (based on user agents or referers)
--sucuri_js			- Sucuri scanner identified encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call list

--all 		- Generate a master list of all domains

<extras>
--url		- Extract the fully qualified domain name (FQDN), protocol, port, and directory structure (if available)
--details	- Additional (often original data format) details

####Example 1 - Domains only

$ ./web2intel.rb --sucuri_iframe
#Title: Sucuri Research Labs Hidden iframes list
#2014-07-20 15:08:14 -0700
ads.rzb.ir
www.scs.tv
gvlktdfay.ddns.info
38hartrobertsroad.com
www.bmconsulting.in
niu-sae.com
pgcsolutions.com.au
sterlinghealthmcs.com
gamedev.raconsultants.net
billing.zabiyaka.org
orion.martasegura.com
nioxox.nodoclender.com
joomla.philae.net
it.altervista.org
guessworkhiking.ru
1tvlive.in

####Example 2 - Full URLs

$ ./web2intel.rb --sucuri_iframe --urls
#Title: Sucuri Research Labs Hidden iframes list
#2014-07-20 15:08:42 -0700
http://ads.rzb.ir/image.php?size_id=7
http://www.scs.tv/wp-content/themes/twentyeleven/colors/update.php
http://gvlktdfay.ddns.info/nighttrend.cgi?8
http://38hartrobertsroad.com/wp-content/plugins/rotr
http://www.bmconsulting.in/
http://niu-sae.com/stats.php
http://pgcsolutions.com.au/pRN9XvYP.php
http://sterlinghealthmcs.com/go.php\
http://gamedev.raconsultants.net/ok.php
http://billing.zabiyaka.org/?2
http://orion.martasegura.com/configuration.php
http://nioxox.nodoclender.com:13014/poll/novell.php?rssfeed=41
http://joomla.philae.net/blog.php
http://it.altervista.org/group/child_blog.php?group=6
http://guessworkhiking.ru/maxstacksizedetracted.cgi?8
http://1tvlive.in/embed/main.php
http://129.121.235.130/Home/index.php

###Support

For any questions, bugs, or concerns, please use the GitHub issue submission system and/or reach out to @andrewsmhay on Twitter.

olivierh59500 / web2intel Goto Github PK

web2intel's Introduction

web2intel

web2intel's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent