RubyGems - shadowbq-threatinator - Versions diffs - 0.5.0 - Mend

shadowbq-threatinator 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (389) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +66 -0
data/CONTRIBUTING.md +119 -0
data/Gemfile +38 -0
data/LICENSE +165 -0
data/README.md +101 -0
data/Rakefile +47 -0
data/VERSION +1 -0
data/bin/threatinator +5 -0
data/bin/threatinator_loader +21 -0
data/feeds/ET_block-ip_reputation.feed +27 -0
data/feeds/ET_compromised-ip_reputation.feed +20 -0
data/feeds/ET_openbadlist-ip_reputation.feed +36 -0
data/feeds/alienvault-ip_reputation.feed +39 -0
data/feeds/arbor_fastflux-domain_reputation.feed +19 -0
data/feeds/arbor_ssh-ip_reputation.feed +24 -0
data/feeds/autoshun_shunlist.feed +17 -0
data/feeds/bambenek_c2_masterlist-domain_reputation.feed +16 -0
data/feeds/bambenek_c2_masterlist-ip_reputation.feed +16 -0
data/feeds/bambenek_dga_feed-domain_reputation.feed +16 -0
data/feeds/berkeley-ip_reputation.feed +25 -0
data/feeds/bitcash_cz_blacklist.feed +22 -0
data/feeds/blocklist_de_apache-ip_reputation.feed +26 -0
data/feeds/blocklist_de_bots-ip_reputation.feed +26 -0
data/feeds/blocklist_de_ftp-ip_reputation.feed +25 -0
data/feeds/blocklist_de_imap-ip_reputation.feed +25 -0
data/feeds/blocklist_de_pop3-ip_reputation.feed +26 -0
data/feeds/blocklist_de_proftpd-ip_reputation.feed +26 -0
data/feeds/blocklist_de_sip-ip_reputation.feed +25 -0
data/feeds/blocklist_de_ssh-ip_reputation.feed +25 -0
data/feeds/blocklist_de_strongips-ip_reputation.feed +25 -0
data/feeds/botscout-ip_reputation.feed +25 -0
data/feeds/cert_mxpoison-ip_reputation.feed +22 -0
data/feeds/chaosreigns-ip_reputation.feed +37 -0
data/feeds/ciarmy-ip_reputation.feed +20 -0
data/feeds/cruzit-ip_reputation.feed +30 -0
data/feeds/cydef_torexit-ip_reputation.feed +25 -0
data/feeds/dan_me_uk_torlist-ip_reputation.feed +25 -0
data/feeds/danger_bruteforce-ip_reputation.feed +24 -0
data/feeds/dshield_attackers-top1000.feed +34 -0
data/feeds/falconcrest-ip_reputation.feed +19 -0
data/feeds/feodo-domain_reputation.feed +19 -0
data/feeds/feodo-ip_reputation.feed +20 -0
data/feeds/h3x_asprox.feed +18 -0
data/feeds/hosts-file_hphostspartial-domain_reputation.feed +19 -0
data/feeds/infiltrated-ip_reputation.feed +26 -0
data/feeds/infiltrated_vabl-ip_reputation.feed +30 -0
data/feeds/isc_suspicious_high-domain_reputation.feed +26 -0
data/feeds/isc_suspicious_low-domain_reputation.feed +26 -0
data/feeds/isc_suspicious_medium-domain_reputation.feed +26 -0
data/feeds/malc0de-domain_reputation.feed +24 -0
data/feeds/malc0de-ip_reputation.feed +26 -0
data/feeds/malwaredomainlist-url_reputation.feed +18 -0
data/feeds/malwaredomains-domain_reputation.feed +29 -0
data/feeds/malwaredomains_dyndns-domain_reputation.feed +29 -0
data/feeds/malwaredomains_justdomains-domain_reputation.feed +20 -0
data/feeds/mirc-domain_reputation.feed +30 -0
data/feeds/multiproxy-ip_reputation.feed +22 -0
data/feeds/nothink_irc-ip_reputation.feed +23 -0
data/feeds/nothink_ssh-ip_reputation.feed +21 -0
data/feeds/openbl-ip_reputation.feed +21 -0
data/feeds/openphish-url_reputation.feed +24 -0
data/feeds/packetmail_perimeterbad-ip_reputation.feed +28 -0
data/feeds/palevo-domain_reputation.feed +22 -0
data/feeds/palevo-ip_reputation.feed +23 -0
data/feeds/phishtank.feed +22 -0
data/feeds/sigmaproject_atma.feed +27 -0
data/feeds/sigmaproject_spyware.feed +28 -0
data/feeds/sigmaproject_webexploit.feed +26 -0
data/feeds/snort_bpf-ip_reputation.feed +19 -0
data/feeds/spyeye-domain_reputation.feed +18 -0
data/feeds/spyeye-ip_reputation.feed +19 -0
data/feeds/steeman-ip_reputation.feed +20 -0
data/feeds/t-arend-de_ssh-ip_reputation.feed +20 -0
data/feeds/the_haleys_ssh-ip_reputation.feed +20 -0
data/feeds/trustedsec-ip_reputation.feed +18 -0
data/feeds/virbl-ip_reputation.feed +25 -0
data/feeds/vxvault-url_reputation.feed +23 -0
data/feeds/yourcmc_ssh-ip_reputation.feed +20 -0
data/feeds/yoyo_adservers-domain_reputation.feed +17 -0
data/feeds/zeus-domain_reputation.feed +19 -0
data/feeds/zeus-ip_reputation.feed +21 -0
data/lib/threatinator/action.rb +14 -0
data/lib/threatinator/actions/list/action.rb +97 -0
data/lib/threatinator/actions/list/config.rb +12 -0
data/lib/threatinator/actions/list.rb +2 -0
data/lib/threatinator/actions/run/action.rb +57 -0
data/lib/threatinator/actions/run/config.rb +32 -0
data/lib/threatinator/actions/run/coverage_observer.rb +59 -0
data/lib/threatinator/actions/run/output_config.rb +59 -0
data/lib/threatinator/actions/run/status_observer.rb +37 -0
data/lib/threatinator/actions/run.rb +2 -0
data/lib/threatinator/cli/action_builder.rb +33 -0
data/lib/threatinator/cli/list_action_builder.rb +19 -0
data/lib/threatinator/cli/parser.rb +123 -0
data/lib/threatinator/cli/run_action_builder.rb +41 -0
data/lib/threatinator/cli.rb +19 -0
data/lib/threatinator/config/base.rb +35 -0
data/lib/threatinator/config/feed_search.rb +25 -0
data/lib/threatinator/config/logger.rb +14 -0
data/lib/threatinator/config.rb +7 -0
data/lib/threatinator/decoder.rb +24 -0
data/lib/threatinator/decoders/gzip.rb +30 -0
data/lib/threatinator/event.rb +63 -0
data/lib/threatinator/event_builder.rb +70 -0
data/lib/threatinator/exceptions.rb +58 -0
data/lib/threatinator/feed.rb +88 -0
data/lib/threatinator/feed_builder.rb +161 -0
data/lib/threatinator/feed_registry.rb +47 -0
data/lib/threatinator/feed_runner.rb +177 -0
data/lib/threatinator/fetcher.rb +22 -0
data/lib/threatinator/fetchers/http.rb +50 -0
data/lib/threatinator/filter.rb +12 -0
data/lib/threatinator/filters/block.rb +18 -0
data/lib/threatinator/filters/comments.rb +16 -0
data/lib/threatinator/filters/whitespace.rb +19 -0
data/lib/threatinator/logger.rb +66 -0
data/lib/threatinator/logging.rb +20 -0
data/lib/threatinator/model/base.rb +23 -0
data/lib/threatinator/model/collection.rb +89 -0
data/lib/threatinator/model/observables/fqdn_collection.rb +15 -0
data/lib/threatinator/model/observables/ipv4.rb +33 -0
data/lib/threatinator/model/observables/ipv4_collection.rb +14 -0
data/lib/threatinator/model/observables/url_collection.rb +16 -0
data/lib/threatinator/model/validations/type.rb +21 -0
data/lib/threatinator/model/validations.rb +1 -0
data/lib/threatinator/output.rb +50 -0
data/lib/threatinator/parser.rb +23 -0
data/lib/threatinator/parsers/csv/parser.rb +77 -0
data/lib/threatinator/parsers/csv.rb +7 -0
data/lib/threatinator/parsers/getline/parser.rb +45 -0
data/lib/threatinator/parsers/getline.rb +8 -0
data/lib/threatinator/parsers/json/adapters/oj.rb +65 -0
data/lib/threatinator/parsers/json/parser.rb +45 -0
data/lib/threatinator/parsers/json/record.rb +20 -0
data/lib/threatinator/parsers/json.rb +8 -0
data/lib/threatinator/parsers/xml/node.rb +79 -0
data/lib/threatinator/parsers/xml/node_builder.rb +39 -0
data/lib/threatinator/parsers/xml/parser.rb +44 -0
data/lib/threatinator/parsers/xml/path.rb +70 -0
data/lib/threatinator/parsers/xml/pattern.rb +53 -0
data/lib/threatinator/parsers/xml/record.rb +14 -0
data/lib/threatinator/parsers/xml/sax_document.rb +64 -0
data/lib/threatinator/parsers/xml.rb +8 -0
data/lib/threatinator/plugin_loader.rb +115 -0
data/lib/threatinator/plugins/output/amqp/config.rb +18 -0
data/lib/threatinator/plugins/output/amqp.rb +41 -0
data/lib/threatinator/plugins/output/csv.rb +58 -0
data/lib/threatinator/plugins/output/json/config.rb +14 -0
data/lib/threatinator/plugins/output/json.rb +53 -0
data/lib/threatinator/plugins/output/null.rb +17 -0
data/lib/threatinator/plugins/output/rubydebug.rb +16 -0
data/lib/threatinator/record.rb +22 -0
data/lib/threatinator/registry.rb +53 -0
data/lib/threatinator/util.rb +15 -0
data/lib/threatinator.rb +3 -0
data/spec/feeds/ET_block-ip_reputation_spec.rb +50 -0
data/spec/feeds/ET_compromised-ip_reputation_spec.rb +47 -0
data/spec/feeds/ET_openbadlist-ip_reputation_spec.rb +56 -0
data/spec/feeds/alienvault-ip_reputation_spec.rb +46 -0
data/spec/feeds/arbor_fastflux-domain_reputation_spec.rb +46 -0
data/spec/feeds/arbor_ssh-ip_reputation_spec.rb +46 -0
data/spec/feeds/autoshun_shunlist_spec.rb +38 -0
data/spec/feeds/bambenek_c2_masterlist-domain_reputation_spec.rb +38 -0
data/spec/feeds/bambenek_c2_masterlist-ip_reputation_spec.rb +39 -0
data/spec/feeds/bambenek_dga_feed-domain_reputation_spec.rb +39 -0
data/spec/feeds/berkeley-ip_reputation_spec.rb +47 -0
data/spec/feeds/bitcash_cz_blacklist-ip_reputation_spec.rb +50 -0
data/spec/feeds/blocklist_de_apache-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_bots-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_ftp-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_imap-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_pop3-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_proftpd-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_sip-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_ssh-ip_reputation_spec.rb +47 -0
data/spec/feeds/blocklist_de_strongips-ip_reputation_spec.rb +47 -0
data/spec/feeds/botscout-ip_reputation_spec.rb +50 -0
data/spec/feeds/cert_mxpoison-ip_reputation_spec.rb +47 -0
data/spec/feeds/chaosreigns-ip_reputation_spec.rb +50 -0
data/spec/feeds/ciarmy-ip_reputation_spec.rb +47 -0
data/spec/feeds/cruzit-ip_reputation_spec.rb +47 -0
data/spec/feeds/cydef_torexit-ip_reputation_spec.rb +47 -0
data/spec/feeds/dan_me_uk_torlist-ip_reputation_spec.rb +47 -0
data/spec/feeds/danger_bruteforce-ip_reputation_spec.rb +47 -0
data/spec/feeds/data/ET_block-ip_reputation.txt +80 -0
data/spec/feeds/data/ET_compromised-ip_reputation.txt +11 -0
data/spec/feeds/data/ET_openbadlist-ip_reputation.txt +62 -0
data/spec/feeds/data/alienvault-ip_reputation.txt +18 -0
data/spec/feeds/data/arbor_domainlist.txt +11 -0
data/spec/feeds/data/arbor_ssh.txt +16 -0
data/spec/feeds/data/autoshun_shunlist.csv +20 -0
data/spec/feeds/data/bambenek_c2-dommasterlist.csv +30 -0
data/spec/feeds/data/bambenek_c2-ipmasterlist.csv +27 -0
data/spec/feeds/data/bambenek_dga_feed.csv +42 -0
data/spec/feeds/data/berkeley.txt +29 -0
data/spec/feeds/data/bitcash_cz_blacklist.txt +7 -0
data/spec/feeds/data/blocklist_de_apache-ip-reputation.txt +17 -0
data/spec/feeds/data/blocklist_de_bots-ip-reputation.txt +15 -0
data/spec/feeds/data/blocklist_de_ftp-ip-reputation.txt +7 -0
data/spec/feeds/data/blocklist_de_imap-ip-reputation.txt +8 -0
data/spec/feeds/data/blocklist_de_pop3-ip-reputation.txt +11 -0
data/spec/feeds/data/blocklist_de_proftpd-ip-reputation.txt +12 -0
data/spec/feeds/data/blocklist_de_sip-ip-reputation.txt +9 -0
data/spec/feeds/data/blocklist_de_ssh-ip-reputation.txt +10 -0
data/spec/feeds/data/blocklist_de_strongips-ip-reputation.txt +11 -0
data/spec/feeds/data/botscout-ip-reputation.txt +713 -0
data/spec/feeds/data/cert_mxpoison-ip_reputation.txt +17 -0
data/spec/feeds/data/chaosreigns-ip-reputation.txt +26 -0
data/spec/feeds/data/ciarmy-ip-reputation.txt +11 -0
data/spec/feeds/data/cruzit-ip-reputation.txt +14 -0
data/spec/feeds/data/cydef_torexit-ip_reputation.txt +27 -0
data/spec/feeds/data/dan_me_uk_torlist-ip-reputation.txt +11 -0
data/spec/feeds/data/danger_bruteforce-ip_reputation.txt +12 -0
data/spec/feeds/data/dshield_topattackers.xml +4 -0
data/spec/feeds/data/falconcrest_iplist.txt +345 -0
data/spec/feeds/data/feodo_domainlist.txt +18 -0
data/spec/feeds/data/feodo_iplist.txt +20 -0
data/spec/feeds/data/h3x_asprox.txt +20 -0
data/spec/feeds/data/hosts-file_hphostspartial_domainlist.txt +24 -0
data/spec/feeds/data/infiltrated_iplist.txt +16 -0
data/spec/feeds/data/infiltrated_vabl_iplist.txt +33 -0
data/spec/feeds/data/isc_suspicious_high_domainlist.txt +26 -0
data/spec/feeds/data/isc_suspicious_low_domainlist.txt +34 -0
data/spec/feeds/data/isc_suspicious_medium_domainlist.txt +32 -0
data/spec/feeds/data/malc0de_domainlist.txt +18 -0
data/spec/feeds/data/malc0de_iplist.txt +14 -0
data/spec/feeds/data/malwaredomainlist-url-reputation.txt +8 -0
data/spec/feeds/data/malwaredomains_domainlist.txt +24 -0
data/spec/feeds/data/malwaredomains_dyndns_domainlist.txt +34 -0
data/spec/feeds/data/malwaredomains_justdomains_domainlist.txt +18 -0
data/spec/feeds/data/mirc_domainlist.txt +31 -0
data/spec/feeds/data/multiproxy_iplist.txt +15 -0
data/spec/feeds/data/nothink_irc_iplist.txt +14 -0
data/spec/feeds/data/nothink_ssh_iplist.txt +10 -0
data/spec/feeds/data/openbl_iplist.txt +12 -0
data/spec/feeds/data/openphish-url-reputation.txt +16 -0
data/spec/feeds/data/packetmail_perimeterbad-ip_reputation.txt +44 -0
data/spec/feeds/data/palevo_domainlist.txt +25 -0
data/spec/feeds/data/palevo_iplist.txt +24 -0
data/spec/feeds/data/phishtank-sample.json.gz +0 -0
data/spec/feeds/data/sigmaproject_atma.return.gz +0 -0
data/spec/feeds/data/sigmaproject_spyware.return.gz +0 -0
data/spec/feeds/data/sigmaproject_webexploit.return.gz +0 -0
data/spec/feeds/data/snort_bpf-ip_reputation.txt +16 -0
data/spec/feeds/data/spyeye_domainlist.txt +16 -0
data/spec/feeds/data/spyeye_iplist.txt +19 -0
data/spec/feeds/data/steeman-ip-reputation.txt +13 -0
data/spec/feeds/data/t-arend-de_ssh_iplist.txt +17 -0
data/spec/feeds/data/the_haleys_ssh_iplist.txt +12 -0
data/spec/feeds/data/trustedsec-ip-reputation.txt +12 -0
data/spec/feeds/data/valid.json +2908 -0
data/spec/feeds/data/virbl-ip_reputation.txt +14 -0
data/spec/feeds/data/vxvault-url-reputation.txt +15 -0
data/spec/feeds/data/yourcmc_ssh-ip_reputation.txt +27 -0
data/spec/feeds/data/yoyo_adservers.txt +25 -0
data/spec/feeds/data/zeus-ip_reputation.txt +285 -0
data/spec/feeds/data/zeus_domainlist.txt +27 -0
data/spec/feeds/dshield_attackers-top1000_spec.rb +39 -0
data/spec/feeds/falconcrest-ip_reputation_spec.rb +39 -0
data/spec/feeds/feodo-domain_reputation_spec.rb +47 -0
data/spec/feeds/feodo-ip_reputation_spec.rb +47 -0
data/spec/feeds/h3x_asprox-ip_reputation_spec.rb +50 -0
data/spec/feeds/hosts-file_hphostspartial-domain_reputation_spec.rb +47 -0
data/spec/feeds/infiltrated-ip_reputation_spec.rb +47 -0
data/spec/feeds/infiltrated_vabl-ip_reputation_spec.rb +47 -0
data/spec/feeds/isc_suspicious_high-domain_reputation_spec.rb +47 -0
data/spec/feeds/isc_suspicious_low-domain_reputation_spec.rb +47 -0
data/spec/feeds/isc_suspicious_medium-domain_reputation_spec.rb +47 -0
data/spec/feeds/malc0de-domain_reputation_spec.rb +47 -0
data/spec/feeds/malc0de-ip_reputation_spec.rb +47 -0
data/spec/feeds/malwaredomainlist_url_reputation_spec.rb +50 -0
data/spec/feeds/malwaredomains-domain_reputation_spec.rb +47 -0
data/spec/feeds/malwaredomains_dyndns-domain_reputation_spec.rb +47 -0
data/spec/feeds/malwaredomains_justdomains-domain_reputation_spec.rb +47 -0
data/spec/feeds/mirc-domain_reputation_spec.rb +47 -0
data/spec/feeds/multiproxy-ip_reputation_spec.rb +47 -0
data/spec/feeds/nothink_irc-ip_reputation_spec.rb +47 -0
data/spec/feeds/nothink_ssh-ip_reputation_spec.rb +47 -0
data/spec/feeds/openbl-ip_reputation_spec.rb +47 -0
data/spec/feeds/openphish_url_reputation_spec.rb +50 -0
data/spec/feeds/packetmail_perimeterbad-ip_reputation_spec.rb +47 -0
data/spec/feeds/palevo-domain_reputation_spec.rb +47 -0
data/spec/feeds/palevo-ip_reputation_spec.rb +47 -0
data/spec/feeds/phishtank_spec.rb +41 -0
data/spec/feeds/sigmaproject_atma_spec.rb +62 -0
data/spec/feeds/sigmaproject_spyware_spec.rb +63 -0
data/spec/feeds/sigmaproject_webexploit_spec.rb +62 -0
data/spec/feeds/snort_bpf-ip_reputation_spec.rb +47 -0
data/spec/feeds/spyeye-domain_reputation_spec.rb +47 -0
data/spec/feeds/spyeye-ip_reputation_spec.rb +47 -0
data/spec/feeds/steeman-ip_reputation_spec.rb +50 -0
data/spec/feeds/t-arend-de_ssh-ip_reputation_spec.rb +47 -0
data/spec/feeds/the_haleys_ssh-ip_reputation_spec.rb +47 -0
data/spec/feeds/trustedsec-ip_reputation_spec.rb +47 -0
data/spec/feeds/virbl-ip_reputation_spec.rb +47 -0
data/spec/feeds/vxvault_url_reputation_spec.rb +50 -0
data/spec/feeds/yourcmc_ssh-ip_reputation_spec.rb +47 -0
data/spec/feeds/yoyo_adservers_spec.rb +47 -0
data/spec/feeds/zeus-domain_reputation_spec.rb +47 -0
data/spec/feeds/zeus-ip_reputation_spec.rb +47 -0
data/spec/fixtures/feed/provider1/feed1.feed +6 -0
data/spec/fixtures/parsers/test.xml +13 -0
data/spec/fixtures/parsers/test_self_closing.xml +20 -0
data/spec/fixtures/plugins/bad/threatinator/plugins/test_error1/plugin.rb +1 -0
data/spec/fixtures/plugins/bad/threatinator/plugins/test_missing1/plugin.rb +0 -0
data/spec/fixtures/plugins/fake.rb +19 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_a.rb +8 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_b.rb +8 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_c.rb +8 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_d.rb +8 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_e.rb +8 -0
data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_f.rb +8 -0
data/spec/spec_helper.rb +54 -0
data/spec/support/bad_feeds/missing_fetcher.feed +7 -0
data/spec/support/bad_feeds/missing_name.feed +6 -0
data/spec/support/bad_feeds/missing_parser.feed +3 -0
data/spec/support/bad_feeds/missing_provider.feed +5 -0
data/spec/support/factories/event.rb +31 -0
data/spec/support/factories/feed.rb +59 -0
data/spec/support/factories/feed_builder.rb +65 -0
data/spec/support/factories/feed_registry.rb +8 -0
data/spec/support/factories/ipv4.rb +36 -0
data/spec/support/factories/output.rb +11 -0
data/spec/support/factories/record.rb +17 -0
data/spec/support/factories/url.rb +34 -0
data/spec/support/factories/xml_node.rb +33 -0
data/spec/support/helpers/io.rb +11 -0
data/spec/support/helpers/models.rb +13 -0
data/spec/support/shared/action_builder.rb +47 -0
data/spec/support/shared/decoder.rb +70 -0
data/spec/support/shared/feed_runner_observer.rb +136 -0
data/spec/support/shared/feeds.rb +233 -0
data/spec/support/shared/fetcher.rb +48 -0
data/spec/support/shared/filter.rb +14 -0
data/spec/support/shared/io-like.rb +7 -0
data/spec/support/shared/model/collection.rb +164 -0
data/spec/support/shared/output.rb +120 -0
data/spec/support/shared/parsers.rb +51 -0
data/spec/support/shared/record.rb +111 -0
data/spec/threatinator/actions/list/action_spec.rb +148 -0
data/spec/threatinator/actions/run/action_spec.rb +106 -0
data/spec/threatinator/actions/run/config_spec.rb +39 -0
data/spec/threatinator/actions/run/coverage_observer_spec.rb +151 -0
data/spec/threatinator/actions/run/output_config_spec.rb +89 -0
data/spec/threatinator/actions/run/status_observer_spec.rb +86 -0
data/spec/threatinator/cli/list_action_builder_spec.rb +57 -0
data/spec/threatinator/cli/run_action_builder_spec.rb +133 -0
data/spec/threatinator/cli_spec.rb +175 -0
data/spec/threatinator/config/base_spec.rb +39 -0
data/spec/threatinator/config/feed_search_spec.rb +76 -0
data/spec/threatinator/decoders/gzip_spec.rb +75 -0
data/spec/threatinator/event_builder_spec.rb +123 -0
data/spec/threatinator/event_spec.rb +254 -0
data/spec/threatinator/event_spec.rb.new +319 -0
data/spec/threatinator/feed_builder_spec.rb +633 -0
data/spec/threatinator/feed_registry_spec.rb +198 -0
data/spec/threatinator/feed_runner_spec.rb +372 -0
data/spec/threatinator/feed_spec.rb +169 -0
data/spec/threatinator/fetcher_spec.rb +12 -0
data/spec/threatinator/fetchers/http_spec.rb +32 -0
data/spec/threatinator/filter_spec.rb +13 -0
data/spec/threatinator/filters/block_spec.rb +16 -0
data/spec/threatinator/filters/comments_spec.rb +13 -0
data/spec/threatinator/filters/whitespace_spec.rb +12 -0
data/spec/threatinator/logger_spec.rb +29 -0
data/spec/threatinator/model/observables/fqdn_collection_spec.rb +41 -0
data/spec/threatinator/model/observables/ipv4_collection_spec.rb +36 -0
data/spec/threatinator/model/observables/ipv4_spec.rb +75 -0
data/spec/threatinator/model/observables/url_collection_spec.rb +45 -0
data/spec/threatinator/model/validations/type_spec.rb +37 -0
data/spec/threatinator/parser_spec.rb +13 -0
data/spec/threatinator/parsers/csv/parser_spec.rb +202 -0
data/spec/threatinator/parsers/getline/parser_spec.rb +83 -0
data/spec/threatinator/parsers/json/parser_spec.rb +106 -0
data/spec/threatinator/parsers/json/record_spec.rb +30 -0
data/spec/threatinator/parsers/xml/node_spec.rb +335 -0
data/spec/threatinator/parsers/xml/parser_spec.rb +263 -0
data/spec/threatinator/parsers/xml/path_spec.rb +209 -0
data/spec/threatinator/parsers/xml/pattern_spec.rb +72 -0
data/spec/threatinator/parsers/xml/record_spec.rb +27 -0
data/spec/threatinator/plugin_loader_spec.rb +238 -0
data/spec/threatinator/plugins/output/csv_spec.rb +47 -0
data/spec/threatinator/plugins/output/null_spec.rb +17 -0
data/spec/threatinator/plugins/output/rubydebug_spec.rb +37 -0
data/spec/threatinator/record_spec.rb +19 -0
data/spec/threatinator/registry_spec.rb +97 -0
data/spec/threatinator/runner_spec.rb +273 -0
metadata +674 -0

data/spec/feeds/dan_me_uk_torlist-ip_reputation_spec.rb ADDED Viewed

@@ -0,0 +1,47 @@
+require 'spec_helper'
+describe 'feeds/dan_me_uk_torlist-ip_reputation.feed', :feed do
+  let(:provider) { 'dan_me_uk' }
+  let(:name) { 'torlist_ip_reputation' }
+  let(:event_types) { [:scanning]}
+  it_fetches_url 'https://www.dan.me.uk/torlist/'
+  describe_parsing_the_file feed_data('dan_me_uk_torlist-ip-reputation.txt') do
+    it "should have parsed 11 records" do
+      expect(num_records_parsed).to eq(11)
+    end
+    it "should have filtered 0 records" do
+      expect(num_records_filtered).to eq(0)
+    end
+  end
+  describe_parsing_a_record '100.34.32.230' do
+    it "should have parsed" do
+      expect(status).to eq(:parsed)
+    end
+    it "should have parsed 1 event" do
+      expect(events.count).to eq(1)
+    end
+	describe 'event 0' do
+      subject { events[0] }
+      its(:type) { is_expected.to be(:scanning) }
+      its(:ipv4s) { is_expected.to  eq(build(:ipv4s, values: ['100.34.32.230'])) }
+    end
+  end
+  describe_parsing_a_record '101.55.12.75' do
+    it "should have parsed" do
+      expect(status).to eq(:parsed)
+    end
+    it "should have parsed 1 event" do
+      expect(events.count).to eq(1)
+    end
+	describe 'event 0' do
+      subject { events[0] }
+      its(:type) { is_expected.to be(:scanning) }
+      its(:ipv4s) { is_expected.to  eq(build(:ipv4s, values: ['101.55.12.75'])) }
+    end
+  end
+end

data/spec/feeds/danger_bruteforce-ip_reputation_spec.rb ADDED Viewed

@@ -0,0 +1,47 @@
+require 'spec_helper'
+describe 'feeds/danger_bruteforce-ip_reputation.feed', :feed do
+  let(:provider) { 'danger' }
+  let(:name) { 'bruteforce_ip_reputation' }
+  let(:event_types) { [:scanning]}
+  it_fetches_url 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php'
+  describe_parsing_the_file feed_data('danger_bruteforce-ip_reputation.txt') do
+    it "should have parsed 11 records" do
+      expect(num_records_parsed).to eq(11)
+    end
+    it "should have filtered 1 records" do
+      expect(num_records_filtered).to eq(1)
+    end
+  end
+  describe_parsing_a_record '192.168.0.66            # 2014-07-02 16:01:22           148     532953' do
+    it "should have parsed" do
+      expect(status).to eq(:parsed)
+    end
+    it "should have parsed 1 event" do
+      expect(events.count).to eq(1)
+    end
+	describe 'event 0' do
+      subject { events[0] }
+      its(:type) { is_expected.to be(:scanning) }
+      its(:ipv4s) { is_expected.to  eq(build(:ipv4s, values: ['192.168.0.66'])) }
+    end
+  end
+  describe_parsing_a_record '125.65.245.146          # 2014-07-06 16:04:46           64      359660' do
+    it "should have parsed" do
+      expect(status).to eq(:parsed)
+    end
+    it "should have parsed 1 event" do
+      expect(events.count).to eq(1)
+    end
+	describe 'event 0' do
+      subject { events[0] }
+      its(:type) { is_expected.to be(:scanning) }
+      its(:ipv4s) { is_expected.to  eq(build(:ipv4s, values: ['125.65.245.146'])) }
+    end
+  end
+end

data/spec/feeds/data/ET_block-ip_reputation.txt ADDED Viewed

@@ -0,0 +1,80 @@
+#
+# Emerging Threats fwip rules.
+#
+# Raw IPs for the firewall block lists. These come from:
+#
+# C&C servers identified by Shadowserver (www.shadowserver.org)
+# Spam nets identified by Spamhaus (www.spamhaus.org)
+# Top Attackers listed by DShield (www.dshield.org)
+#
+# More information available at www.emergingthreats.net
+#
+# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
+#
+#*************************************************************
+#
+#  Copyright (c) 2003-2014, Emerging Threats
+#  All rights reserved.
+#
+#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
+#  following conditions are met:
+#
+#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
+#    disclaimer.
+#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
+#    following disclaimer in the documentation and/or other materials provided with the distribution.
+#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
+#    from this software without specific prior written permission.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
+#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+# Rev 3577
+# Shadowserver C&C List
+1.179.136.7
+103.13.232.232
+103.16.199.232
+103.230.84.239
+103.24.3.198
+103.241.0.100
+103.4.52.150
+103.6.207.37
+97.107.134.249
+98.126.44.98
+98.131.185.136
+99.181.5.83
+#Spamhaus DROP Nets
+1.116.0.0/14
+5.34.242.0/23
+5.72.0.0/14
+14.4.0.0/14
+223.172.0.0/16
+223.173.0.0/16
+223.201.0.0/16
+223.254.0.0/16
+#Dshield Top Attackers
+162.212.181.0/24
+184.105.247.0/24
+218.77.79.0/24
+216.218.206.0/24
+194.79.16.0/24
+141.212.121.0/24
+74.82.47.0/24
+14.129.0.0/16

data/spec/feeds/data/ET_compromised-ip_reputation.txt ADDED Viewed

@@ -0,0 +1,11 @@
+1.179.128.245
+1.62.100.3
+1.93.24.83
+1.93.24.90
+1.93.25.102
+1.93.25.251
+1.93.26.130
+1.93.26.15
+1.93.26.17
+1.93.26.32
+1.93.26.70

data/spec/feeds/data/ET_openbadlist-ip_reputation.txt ADDED Viewed

@@ -0,0 +1,62 @@
+# Disclaimer - You may not use this list without acceptance of the below:
+#
+# No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts inclusive
+# of any descriptions in the context field.  Use this list at your own risk.  By using this list in any capacity or capability you release all claims of
+# damages and shall not hold or perceive any liablity against the publisher for:  damage, unexpected events or results, decision, or reputation damage,
+# even those resulting from willful or intentional neglect.
+#
+# No claims made against this data shall be honored; no assertions have been made about the quality, accuracy, useability, actionability,
+# reputation, merit, or hostility of the below findings, inclusive of context and nomenclature used to describe the findings.
+#
+Jan 03 2014; 64.202.116.125/32; Fiesta EK
+Jan 03 2014; 67.159.16.250/32; Fiesta EK Gate
+Jan 03 2014; 69.64.52.64/32; Fiesta EK
+Jan 03 2014; 212.83.189.84/32; Neutrino EK
+Jan 03 2014; 193.169.245.76/32; Magnitude EK
+Jan 06 2014; 193.169.244.179/32; Magnitude EK
+Jan 06 2014; 81.169.145.162/32; ASPROX/Kuluoz
+Jan 06 2014; 212.83.191.176/32; Neutrino EK
+Jan 06 2014; 188.116.34.246/32; Styx Exploit Kit
+Jan 06 2014; 193.169.244.224/32; Magnitude EK
+Jan 07 2014; 65.111.171.183/32; Styx/Magnitude EK
+Jan 07 2014; 178.218.218.21/32; Asprox
+Jan 07 2014; 194.28.172.163/32; Asprox
+Jan 07 2014; 60.249.109.45/32; Asprox
+Jan 08 2014; 212.83.188.39/32; Neutrino EK
+Jan 09 2014; 193.169.244.228/32; Magnitude EK
+Jan 09 2014; 46.20.227.195/32; FakeAV/SEO
+Jan 13 2014; 212.83.186.134/32; Neutrino EK
+Jan 13 2014; 103.31.186.40/32; Dotka Chef EK
+Jan 14 2014; 212.83.137.192/32; Neutrino EK
+Jan 16 2014; 192.95.10.211/32; Nuclear EK
+Jan 16 2014; 192.95.10.212/32; Nuclear EK
+Jan 16 2014; 192.95.10.209/32; Nuclear EK
+Jan 17 2014; 212.83.142.197/32; Neutrino EK
+Jan 22 2014; 148.251.21.48/32; Zusy C&C
+Jan 24 2014; 212.83.160.187/32; Neutrino EK
+Jan 24 2014; 192.95.6.121/32; Nuclear EK
+Jan 27 2014; 71.18.27.55/32; Goon EK
+Jan 27 2014; 176.31.24.102/32; Goon EK
+Jan 27 2014; 46.4.149.201/32; Goon EK
+Jan 27 2014; 95.211.169.162/32; TDLv4+ Alphaeffects.net see https://lists.emergingthreats.net/pipermail/emerging-sigs/2012-September/020431.html
+Jan 28 2014; 149.154.64.180/32; [a-z]{3,6}\.pp\.ua DGA cesspool
+Jan 29 2014; 212.83.162.125/32; Neutrino EK
+Jan 29 2014; 67.205.117.121/32; Darkleech -- it's back
+Jan 31 2014; 50.7.248.170/32; Zusy C&C
+Feb 18 2014; 67.228.43.248/32; Goon EK jhls.com.br
+Feb 18 2014; 212.83.165.96/32; Neutrino EK
+Feb 18 2014; 212.83.166.174/32; Neutrino EK
+Feb 18 2014; 89.45.14.0/24; Infinity/Redkit2/Goon EK landing or EK gate.
+Feb 20 2014; 209.239.113.39/32; Phoenix EK
+Feb 20 2014; 31.41.221.130/32; Nuclear EK
+Feb 25 2014; 64.120.137.0/27; TDS EK redirect /27 WHOIS allocated on Hostnoc
+Feb 27 2014; 64.202.116.124/32; counter.php?id= gate
+Feb 27 2014; 216.155.145.105/32; Phoenix EK
+Feb 27 2014; 216.155.145.96/28; Magnitude EK
+Mar 03 2014; 85.17.23.216/32; Fake Flash/8x8 byte gate possible Andromeda gang
+Mar 05 2014; 190.123.47.198/32; Unknown 16-byte JavaScript EK initial landing
+Mar 11 2014; 23.229.34.64/26; yellowtailmedia/rfpmedia TDLv4+ malvertising and payload
+Jun 30 2014; 83.166.234.0/24; Hostile cesspool network with repeated hosting the WxH Sweet Orange redirector
+Aug 06 2014; 70.186.131.0/24; Win32/BrowseFox.H C&Cs

data/spec/feeds/data/alienvault-ip_reputation.txt ADDED Viewed

@@ -0,0 +1,18 @@
+###
+# Alienvault IP Reputation Database
+# https://reputation.alienvault.com/
+###
+# Generic format
+37.205.198.162 # Scanning Host IT,,42.8333015442,12.8332996368
+182.131.22.235 # Scanning Host CN,Chengdu,30.6667003632,104.066703796
+58.250.71.43 # Scanning Host CN,Guangzhou,23.1166992188,113.25
+211.160.19.250 # Scanning Host CN,Hang,30.2936000824,120.161399841
+203.121.165.16 # C&C TH,,15.0,100.0
+211.151.57.196 # Scanning Host CN,Beijing,39.9289016724,116.388298035
+108.59.1.5 # Scanning Host A1,,0.0,0.0
+108.59.5.139 # Scanning Host US,,39.6734008789,-75.7052001953
+108.85.139.165 # Scanning Host US,Los Angeles,34.043800354,-118.251197815
+109.169.60.121 # Scanning Host US,,38.0,-97.0

data/spec/feeds/data/arbor_domainlist.txt ADDED Viewed

@@ -0,0 +1,11 @@
+#
+# ATLAS Currently monitored fastflux domains
+# (c) 2014 Arbor Networks
+#
+# comments: atlas@arbornetworks.com
+# generated: Thu Jul  3 00:20:16 2014
+#
+# DOMAIN
+brylanehome.com
+emltrk.com

data/spec/feeds/data/arbor_ssh.txt ADDED Viewed

@@ -0,0 +1,16 @@
+190.255.48.99          2257.0
+91.217.82.135          1984.0
+113.31.19.111          1832.0
+125.65.112.133         1714.0
+204.93.219.147         1408.0
+46.20.10.101           1295.0
+85.25.191.144          1198.0
+199.119.227.17         1168.0
+58.26.187.6            1135.0
+221.2.227.118          1.0
+186.18.67.167          1.0
+190.248.54.165         1.0
+186.169.181.150        1.0
+186.22.21.101          1.0
+186.113.86.157         1.0
+other                  0

data/spec/feeds/data/autoshun_shunlist.csv ADDED Viewed

@@ -0,0 +1,20 @@
+Shunlist as of Mon, 21 Jul 2014 13:30:02 -0500
+1.93.25.165,2014-07-11 09:58:15,SSH Brute Force
+1.93.26.130,2014-07-14 09:55:26,SSH Brute Force
+1.93.30.188,2014-07-09 08:36:42,SSH Brute Force
+1.93.34.230,2014-07-16 08:01:23,SSH Brute Force
+1.169.130.159,2014-07-07 23:10:08,Attempted MS SQL Server version enumeration
+1.214.212.74,2014-07-09 03:35:12,SSH Brute Force
+1.235.28.170,2014-07-16 03:13:39,SSH Brute Force
+2.133.208.102,2014-07-16 23:48:25,Malware Distribution Site
+2.184.57.192,2014-07-21 02:26:17,Teminal Server (RDP) brute force
+4.31.171.50,2014-07-07 06:58:50,Sipvicious Scan
+5.1.13.241,2014-07-16 23:48:23,Malware Distribution Site
+5.104.226.12,2014-07-16 09:01:23,SSH Brute Force
+5.135.112.45,2014-07-21 08:01:22,Sipvicious Scan
+5.135.176.35,2014-07-12 16:18:47,SSH Brute Force
+5.148.172.116,2014-07-07 06:58:09,SSH Brute Force
+5.159.232.139,2014-07-07 06:58:09,SSH Brute Force
+5.178.71.246,2014-07-20 21:16:07,SSH Brute Force
+5.199.165.189,2014-07-19 05:48:09,Sipvicious Scan
+5.199.166.61,2014-07-20 08:06:28,Sipvicious Scan

data/spec/feeds/data/bambenek_c2-dommasterlist.csv ADDED Viewed

@@ -0,0 +1,30 @@
+#############################################################
+## Master Feed of known, active and non-sinkholed C&Cs domain
+## names
+##
+## Feed generated at: 2014-11-03 16:36
+##
+## Feed Provided By: John Bambenek of Bambenek Consulting
+## jcb@bambenekconsulting.com // http://bambenekconsulting.com
+## Use of this feed is governed by the license here:
+## http://osint.bambenekconsulting.com/license.txt
+##
+## For more information on this feed go to:
+## http://osint.bambenekconsulting.com/manual/c2-dommasterlist.txt
+##
+## All times are in UTC
+#############################################################
+o5bt6e1jnpq906zrnmj8wqzrq.net,Domain used by GOZ,2014-11-03 16:33,http://osint.bambenekconsulting.com/manual/goz-iplist.txt
+1bzy3oc1hd8aofsudjpuzge4qq.net,Domain used by GOZ,2014-11-03 16:33,http://osint.bambenekconsulting.com/manual/goz-iplist.txt
+15g39fiel3aemyw14eo1i412vo.com,Domain used by GOZ,2014-11-03 16:33,http://osint.bambenekconsulting.com/manual/goz-iplist.txt
+chairexamineeye.com,Domain used by matsnu,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+distancejoborder.com,Domain used by matsnu,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+objectsecuredoor.com,Domain used by matsnu,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+researchbuilding.com,Domain used by matsnu,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+softwareperfect.com,Domain used by matsnu,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+varietyspeakwall.com,Domain used by matsnu,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+measeodirc.com,Domain used by pushdo,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/pushdo-iplist.txt
+ebfchfbqetts.com,Domain used by tinba,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/tinba-iplist.txt
+edckdgwgtytw.com,Domain used by tinba,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/tinba-iplist.txt
+eidchpddeqmt.com,Domain used by tinba,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/tinba-iplist.txt
+hhvohslwvpww.ru,Domain used by tinba,2014-11-03 16:30,http://osint.bambenekconsulting.com/manual/tinba-iplist.txt

data/spec/feeds/data/bambenek_c2-ipmasterlist.csv ADDED Viewed

@@ -0,0 +1,27 @@
+#############################################################
+## Master Feed of known, active and non-sinkholed C&Cs IP
+## addresses
+##
+## Feed generated at: 2014-11-03 16:46
+##
+## Feed Provided By: John Bambenek of Bambenek Consulting
+## jcb@bambenekconsulting.com // http://bambenekconsulting.com
+## Use of this feed is governed by the license here:
+## http://osint.bambenekconsulting.com/license.txt
+##
+## For more information on this feed go to:
+## http://osint.bambenekconsulting.com/manual/c2-ipmasterlist.txt
+##
+## All times are in UTC
+#############################################################
+103.241.144.184,IP used by GOZ C&C,2014-11-03 16:43,http://osint.bambenekconsulting.com/manual/goz-iplist.txt
+122.166.11.34,IP used by GOZ C&C,2014-11-03 16:43,http://osint.bambenekconsulting.com/manual/goz-iplist.txt
+156.56.179.160,IP used by GOZ C&C,2014-11-03 16:43,http://osint.bambenekconsulting.com/manual/goz-iplist.txt
+70.32.74.243,IP used by matsnu C&C,2014-11-03 16:40,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+186.194.174.101,IP used by matsnu C&C,2014-11-03 16:40,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+192.64.147.150,IP used by matsnu C&C,2014-11-03 16:40,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+200.41.119.92,IP used by matsnu C&C,2014-11-03 16:40,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+212.175.66.70,IP used by matsnu C&C,2014-11-03 16:40,http://osint.bambenekconsulting.com/manual/matsnu-iplist.txt
+141.8.224.169,IP used by pushdo C&C,2014-11-03 16:40,http://osint.bambenekconsulting.com/manual/pushdo-iplist.txt
+46.254.17.36,IP used by tinba C&C,2014-11-03 16:40,http://osint.bambenekconsulting.com/manual/tinba-iplist.txt
+82.165.37.127,IP used by tinba C&C,2014-11-03 16:40,http://osint.bambenekconsulting.com/manual/tinba-iplist.txt

data/spec/feeds/data/bambenek_dga_feed.csv ADDED Viewed

@@ -0,0 +1,42 @@
+#############################################################
+## Domain feed of known DGA domains from -2 to +3 days
+##
+## Feed generated at: Mon Nov  3 00:15:01 UTC 2014
+##
+## Feed Provided By: John Bambenek of Bambenek Consulting
+## jcb@bambenekconsulting.com // http://bambenekconsulting.com
+##
+## Use of this feed is governed by the license here:
+## http://osint.bambenekconsulting.com/license.txt
+## For more information on this feed go to:
+## http://osint.bambenekconsulting.com/manual/dga-feed.txt
+##
+#############################################################
+shlseqvjbqhmxtw.com,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+tlqthvpenlvsoij.net,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+jfwinsmxrfpuxbq.biz,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+wucvibyhpimbwgx.ru,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+kayamdnyujjhoun.org,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+xpenhlaismgnwjm.co.uk,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+fnbkaamjtgdrcsk.info,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+sdgxuiysrjaxbqv.com,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+gidcyknkwkweafq.net,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+txiptsatuntkimt.biz,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+rjfifeogqukyjdw.ru,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+snkjimyuojqnasv.org,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+sehaeophtyelail.co.uk,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+timbhwavrnkaaks.info,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+nrjkrlorsvxvcoj.com,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+ovolutygqkekswm.net,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+omlcqvpsvariamh.biz,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+pqqdteahtoxwahs.ru,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+xhwonhwdkiaujib.org,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+lwccimspwrojrdj.co.uk,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+ayyrjrxqlsltjwh.info,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+noefewtdxcaiifh.com,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+tpbqaowomjnrnwe.net,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+hfgeutsbyscgvkq.biz,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+vhdtvyxcntyqukb.ru,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+jwihqetoadnftlf.org,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+glfofsywjxmhrxx.co.uk,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt
+hpkpixsrvsbnrdx.info,Domain used by Wikipedia 25 DGA for 01 Nov 2014,20141101,http://osint.bambenekconsulting.com/manual/wiki25.txt

data/spec/feeds/data/berkeley.txt ADDED Viewed

@@ -0,0 +1,29 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+LIST_GENERATION_TIME:	1404398100
+HOSTILE_IP: 116.10.191.182	LAST_SEEN: 1403615662
+HOSTILE_IP: 61.174.51.196	LAST_SEEN: 1404375289
+HOSTILE_IP: 61.174.51.222	LAST_SEEN: 1404148214
+HOSTILE_IP: 222.186.56.106	LAST_SEEN: 1403213378
+HOSTILE_IP: 116.10.191.195	LAST_SEEN: 1404312629
+HOSTILE_IP: 116.10.191.187	LAST_SEEN: 1403615573
+HOSTILE_IP: 128.199.221.93	LAST_SEEN: 1403190519
+HOSTILE_IP: 116.10.191.215	LAST_SEEN: 1404397785
+HOSTILE_IP: 150.140.141.107	LAST_SEEN: 1403394797
+HOSTILE_IP: 116.10.191.201	LAST_SEEN: 1403601842
+HOSTILE_IP: 110.45.244.147	LAST_SEEN: 1404236724
+HOSTILE_IP: 212.90.33.127	LAST_SEEN: 1404377393
+HOSTILE_IP: 122.224.9.32	LAST_SEEN: 1404386486
+HOSTILE_IP: 144.0.0.22	LAST_SEEN: 1404389169
+HOSTILE_IP: 113.171.10.12	LAST_SEEN: 1404391045
+HOSTILE_IP: 222.186.15.86	LAST_SEEN: 1404391047
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.22 (FreeBSD)
+iEYEARECAAYFAlO1ahUACgkQUqmAXhGE1wQBtgCg1XspfLGXU9TAL+rJCVALNhVL
+WC8An3f2I2RWeu1sa8QaUEvUiiUOprt4
+=244H
+-----END PGP SIGNATURE-----

data/spec/feeds/data/bitcash_cz_blacklist.txt ADDED Viewed

@@ -0,0 +1,7 @@
+# Bitcash auto-blacklisting by carlos@bitcash.cz
+# IPs banned for serious abusing of our services (scanning, sniffing, harvesting, dos attacks)
+107.22.93.75 #    ec2-107-22-93-75.compute-1.amazonaws.com       last access 2014-07-30 01:45:02
+195.98.179.106 #  broadband-195-98-179-106.2com.net              last access 2014-09-02 17:01:01
+89.223.47.197 #   89.223.47.197                                  last access 2014-09-21 13:47:02

data/spec/feeds/data/blocklist_de_apache-ip-reputation.txt ADDED Viewed

@@ -0,0 +1,17 @@
+106.187.47.170
+107.150.59.170
+107.23.78.119
+108.59.252.133
+109.197.193.202
+109.200.1.211
+109.228.235.167
+109.70.54.11
+110.168.195.5
+110.44.123.159
+110.77.136.102
+23.91.115.60
+24.114.29.162
+2a00:1210:fffe:72::1
+2a01:238:20a:202:1000::25
+31.23.230.60
+31.28.99.108

data/spec/feeds/data/blocklist_de_bots-ip-reputation.txt ADDED Viewed

@@ -0,0 +1,15 @@
+1.23.110.131
+101.255.170.18
+101.66.202.183
+101.66.204.111
+101.66.251.72
+101.71.196.164
+101.78.144.2
+103.18.80.99
+103.20.220.205
+200.93.43.157
+200.93.92.234
+2001:250:4001:4001:e23f:49ff:fe44:595c
+2002:5bbc:75c1::5bbc:75c1
+201.144.141.194
+201.18.145.149

data/spec/feeds/data/blocklist_de_ftp-ip-reputation.txt ADDED Viewed

@@ -0,0 +1,7 @@
+110.172.152.4
+111.192.138.169
+112.111.172.203
+112.111.174.157
+112.111.174.74
+112.111.175.40
+112.198.77.229

data/spec/feeds/data/blocklist_de_imap-ip-reputation.txt ADDED Viewed

@@ -0,0 +1,8 @@
+1.174.214.119
+1.34.60.59
+1.54.216.1
+1.93.46.156
+101.166.161.198
+101.78.154.74
+103.10.134.220
+103.232.8.3

data/spec/feeds/data/blocklist_de_pop3-ip-reputation.txt ADDED Viewed

@@ -0,0 +1,11 @@
+1.168.130.111
+1.168.94.111
+1.171.195.165
+1.174.219.82
+1.175.64.9
+1.46.226.159
+1.52.121.30
+1.52.247.168
+1.53.0.215
+1.53.22.70
+1.53.230.168

data/spec/feeds/data/blocklist_de_proftpd-ip-reputation.txt ADDED Viewed

@@ -0,0 +1,12 @@
+1.54.201.61
+109.95.47.203
+111.192.138.169
+111.192.148.129
+112.111.172.203
+112.111.174.74
+112.111.175.117
+112.111.175.40
+112.90.37.197
+112.90.37.198
+112.90.37.220
+112.90.37.228

data/spec/feeds/data/blocklist_de_sip-ip-reputation.txt ADDED Viewed

@@ -0,0 +1,9 @@
+107.150.50.146
+162.252.87.211
+173.245.67.198
+178.32.229.159
+188.138.25.3
+192.151.156.90
+192.227.225.18
+198.204.224.10
+198.50.244.50

data/spec/feeds/data/blocklist_de_ssh-ip-reputation.txt ADDED Viewed

@@ -0,0 +1,10 @@
+1.214.212.74
+1.93.23.52
+1.93.24.74
+1.93.24.83
+1.93.24.85
+1.93.25.153
+1.93.25.165
+1.93.25.251
+1.93.26.10
+1.93.26.11

data/spec/feeds/data/blocklist_de_strongips-ip-reputation.txt ADDED Viewed

@@ -0,0 +1,11 @@
+120.43.8.11
+121.205.240.222
+188.143.232.211
+193.150.120.140
+91.236.74.111
+176.31.60.119
+27.159.217.240
+112.111.165.113
+178.168.82.65
+142.54.173.130
+175.44.30.134