threatinator 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +23 -0
- data/CONTRIBUTING.md +119 -0
- data/Gemfile +28 -0
- data/LICENSE +165 -0
- data/README.md +45 -0
- data/Rakefile +45 -0
- data/VERSION +1 -0
- data/bin/threatinator +5 -0
- data/lib/threatinator.rb +3 -0
- data/lib/threatinator/action.rb +14 -0
- data/lib/threatinator/actions/list.rb +2 -0
- data/lib/threatinator/actions/list/action.rb +53 -0
- data/lib/threatinator/actions/list/config.rb +10 -0
- data/lib/threatinator/actions/run.rb +2 -0
- data/lib/threatinator/actions/run/action.rb +45 -0
- data/lib/threatinator/actions/run/config.rb +32 -0
- data/lib/threatinator/actions/run/coverage_observer.rb +54 -0
- data/lib/threatinator/actions/run/output_config.rb +59 -0
- data/lib/threatinator/cli.rb +13 -0
- data/lib/threatinator/cli/action_builder.rb +33 -0
- data/lib/threatinator/cli/list_action_builder.rb +19 -0
- data/lib/threatinator/cli/parser.rb +113 -0
- data/lib/threatinator/cli/run_action_builder.rb +41 -0
- data/lib/threatinator/config.rb +6 -0
- data/lib/threatinator/config/base.rb +35 -0
- data/lib/threatinator/config/feed_search.rb +25 -0
- data/lib/threatinator/decoder.rb +24 -0
- data/lib/threatinator/decoders/gzip.rb +30 -0
- data/lib/threatinator/event.rb +27 -0
- data/lib/threatinator/event_builder.rb +41 -0
- data/lib/threatinator/exceptions.rb +61 -0
- data/lib/threatinator/feed.rb +82 -0
- data/lib/threatinator/feed_builder.rb +156 -0
- data/lib/threatinator/feed_registry.rb +47 -0
- data/lib/threatinator/feed_runner.rb +118 -0
- data/lib/threatinator/fetcher.rb +22 -0
- data/lib/threatinator/fetchers/http.rb +46 -0
- data/lib/threatinator/filter.rb +12 -0
- data/lib/threatinator/filters/block.rb +18 -0
- data/lib/threatinator/filters/comments.rb +16 -0
- data/lib/threatinator/filters/whitespace.rb +19 -0
- data/lib/threatinator/output.rb +50 -0
- data/lib/threatinator/parser.rb +23 -0
- data/lib/threatinator/parsers/csv.rb +7 -0
- data/lib/threatinator/parsers/csv/parser.rb +77 -0
- data/lib/threatinator/parsers/getline.rb +8 -0
- data/lib/threatinator/parsers/getline/parser.rb +45 -0
- data/lib/threatinator/parsers/json.rb +8 -0
- data/lib/threatinator/parsers/json/adapters/oj.rb +65 -0
- data/lib/threatinator/parsers/json/parser.rb +45 -0
- data/lib/threatinator/parsers/json/record.rb +20 -0
- data/lib/threatinator/parsers/xml.rb +8 -0
- data/lib/threatinator/parsers/xml/node.rb +79 -0
- data/lib/threatinator/parsers/xml/node_builder.rb +39 -0
- data/lib/threatinator/parsers/xml/parser.rb +44 -0
- data/lib/threatinator/parsers/xml/path.rb +70 -0
- data/lib/threatinator/parsers/xml/pattern.rb +53 -0
- data/lib/threatinator/parsers/xml/record.rb +14 -0
- data/lib/threatinator/parsers/xml/sax_document.rb +64 -0
- data/lib/threatinator/plugin_loader.rb +115 -0
- data/lib/threatinator/plugins/output/csv.rb +47 -0
- data/lib/threatinator/plugins/output/null.rb +17 -0
- data/lib/threatinator/plugins/output/rubydebug.rb +16 -0
- data/lib/threatinator/property_definer.rb +101 -0
- data/lib/threatinator/record.rb +22 -0
- data/lib/threatinator/registry.rb +53 -0
- data/lib/threatinator/util.rb +15 -0
- data/spec/feeds/ET_compromised-ip_reputation_spec.rb +50 -0
- data/spec/feeds/alienvault-ip_reputation_spec.rb +50 -0
- data/spec/feeds/arbor_fastflux-domain_reputation_spec.rb +50 -0
- data/spec/feeds/arbor_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/autoshun_shunlist_spec.rb +42 -0
- data/spec/feeds/blocklist_de_apache-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_bots-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_ftp-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_imap-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_pop3-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_proftpd-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_sip-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_strongips-ip_reputation_spec.rb +50 -0
- data/spec/feeds/ciarmy-ip_reputation_spec.rb +50 -0
- data/spec/feeds/cruzit-ip_reputation_spec.rb +50 -0
- data/spec/feeds/dan_me_uk_torlist-ip_reputation_spec.rb +50 -0
- data/spec/feeds/data/ET_compromised-ip_reputation.txt +11 -0
- data/spec/feeds/data/alienvault-ip_reputation.txt +18 -0
- data/spec/feeds/data/arbor_domainlist.txt +11 -0
- data/spec/feeds/data/arbor_ssh.txt +16 -0
- data/spec/feeds/data/autoshun_shunlist.csv +20 -0
- data/spec/feeds/data/blocklist_de_apache-ip-reputation.txt +17 -0
- data/spec/feeds/data/blocklist_de_bots-ip-reputation.txt +15 -0
- data/spec/feeds/data/blocklist_de_ftp-ip-reputation.txt +7 -0
- data/spec/feeds/data/blocklist_de_imap-ip-reputation.txt +8 -0
- data/spec/feeds/data/blocklist_de_pop3-ip-reputation.txt +11 -0
- data/spec/feeds/data/blocklist_de_proftpd-ip-reputation.txt +12 -0
- data/spec/feeds/data/blocklist_de_sip-ip-reputation.txt +9 -0
- data/spec/feeds/data/blocklist_de_ssh-ip-reputation.txt +10 -0
- data/spec/feeds/data/blocklist_de_strongips-ip-reputation.txt +11 -0
- data/spec/feeds/data/ciarmy-ip-reputation.txt +11 -0
- data/spec/feeds/data/cruzit-ip-reputation.txt +14 -0
- data/spec/feeds/data/dan_me_uk_torlist-ip-reputation.txt +11 -0
- data/spec/feeds/data/dshield_topattackers.xml +4 -0
- data/spec/feeds/data/feodo_domainlist.txt +18 -0
- data/spec/feeds/data/feodo_iplist.txt +20 -0
- data/spec/feeds/data/infiltrated_iplist.txt +16 -0
- data/spec/feeds/data/malc0de_domainlist.txt +18 -0
- data/spec/feeds/data/malc0de_iplist.txt +14 -0
- data/spec/feeds/data/mirc_domainlist.txt +31 -0
- data/spec/feeds/data/nothink_irc_iplist.txt +14 -0
- data/spec/feeds/data/nothink_ssh_iplist.txt +10 -0
- data/spec/feeds/data/openbl_iplist.txt +12 -0
- data/spec/feeds/data/palevo_domainlist.txt +25 -0
- data/spec/feeds/data/palevo_iplist.txt +24 -0
- data/spec/feeds/data/phishtank-sample.json.gz +0 -0
- data/spec/feeds/data/spyeye_domainlist.txt +16 -0
- data/spec/feeds/data/spyeye_iplist.txt +19 -0
- data/spec/feeds/data/t-arend-de_ssh_iplist.txt +17 -0
- data/spec/feeds/data/the_haleys_ssh_iplist.txt +12 -0
- data/spec/feeds/data/yourcmc_ssh-ip_reputation.txt +27 -0
- data/spec/feeds/data/zeus-ip_reputation.txt +285 -0
- data/spec/feeds/data/zeus_domainlist.txt +27 -0
- data/spec/feeds/dshield_attackers-top1000_spec.rb +43 -0
- data/spec/feeds/feodo-domain_reputation_spec.rb +50 -0
- data/spec/feeds/feodo-ip_reputation_spec.rb +50 -0
- data/spec/feeds/infiltrated-ip_reputation_spec.rb +50 -0
- data/spec/feeds/malc0de-domain_reputation_spec.rb +50 -0
- data/spec/feeds/malc0de-ip_reputation_spec.rb +50 -0
- data/spec/feeds/mirc-domain_reputation_spec.rb +50 -0
- data/spec/feeds/nothink_irc-ip_reputation_spec.rb +50 -0
- data/spec/feeds/nothink_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/openbl-ip_reputation_spec.rb +50 -0
- data/spec/feeds/palevo-domain_reputation_spec.rb +50 -0
- data/spec/feeds/palevo-ip_reputation_spec.rb +50 -0
- data/spec/feeds/phishtank_spec.rb +45 -0
- data/spec/feeds/spyeye-domain_reputation_spec.rb +50 -0
- data/spec/feeds/spyeye-ip_reputation_spec.rb +50 -0
- data/spec/feeds/t-arend-de_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/the_haleys_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/yourcmc_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/zeus-domain_reputation_spec.rb +50 -0
- data/spec/feeds/zeus-ip_reputation_spec.rb +50 -0
- data/spec/fixtures/feed/provider1/feed1.feed +6 -0
- data/spec/fixtures/parsers/test.xml +13 -0
- data/spec/fixtures/parsers/test_self_closing.xml +20 -0
- data/spec/fixtures/plugins/bad/threatinator/plugins/test_error1/plugin.rb +1 -0
- data/spec/fixtures/plugins/bad/threatinator/plugins/test_missing1/plugin.rb +0 -0
- data/spec/fixtures/plugins/fake.rb +19 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_a.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_b.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_c.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_d.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_e.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_f.rb +8 -0
- data/spec/spec_helper.rb +52 -0
- data/spec/support/bad_feeds/missing_fetcher.feed +7 -0
- data/spec/support/bad_feeds/missing_name.feed +6 -0
- data/spec/support/bad_feeds/missing_parser.feed +3 -0
- data/spec/support/bad_feeds/missing_provider.feed +5 -0
- data/spec/support/factories/event.rb +27 -0
- data/spec/support/factories/feed.rb +32 -0
- data/spec/support/factories/feed_builder.rb +65 -0
- data/spec/support/factories/feed_registry.rb +8 -0
- data/spec/support/factories/output.rb +11 -0
- data/spec/support/factories/record.rb +17 -0
- data/spec/support/factories/xml_node.rb +33 -0
- data/spec/support/helpers/io.rb +11 -0
- data/spec/support/helpers/models.rb +13 -0
- data/spec/support/shared/action_builder.rb +47 -0
- data/spec/support/shared/decoder.rb +70 -0
- data/spec/support/shared/feeds.rb +218 -0
- data/spec/support/shared/fetcher.rb +48 -0
- data/spec/support/shared/filter.rb +14 -0
- data/spec/support/shared/io-like.rb +7 -0
- data/spec/support/shared/output.rb +120 -0
- data/spec/support/shared/parsers.rb +51 -0
- data/spec/support/shared/record.rb +111 -0
- data/spec/threatinator/actions/list/action_spec.rb +93 -0
- data/spec/threatinator/actions/run/action_spec.rb +89 -0
- data/spec/threatinator/actions/run/config_spec.rb +39 -0
- data/spec/threatinator/actions/run/coverage_observer_spec.rb +116 -0
- data/spec/threatinator/actions/run/output_config_spec.rb +89 -0
- data/spec/threatinator/cli/list_action_builder_spec.rb +57 -0
- data/spec/threatinator/cli/run_action_builder_spec.rb +133 -0
- data/spec/threatinator/cli_spec.rb +175 -0
- data/spec/threatinator/config/base_spec.rb +39 -0
- data/spec/threatinator/config/feed_search_spec.rb +76 -0
- data/spec/threatinator/decoders/gzip_spec.rb +75 -0
- data/spec/threatinator/event_builder_spec.rb +33 -0
- data/spec/threatinator/event_spec.rb +30 -0
- data/spec/threatinator/feed_builder_spec.rb +636 -0
- data/spec/threatinator/feed_registry_spec.rb +198 -0
- data/spec/threatinator/feed_runner_spec.rb +155 -0
- data/spec/threatinator/feed_spec.rb +169 -0
- data/spec/threatinator/fetcher_spec.rb +12 -0
- data/spec/threatinator/fetchers/http_spec.rb +32 -0
- data/spec/threatinator/filter_spec.rb +13 -0
- data/spec/threatinator/filters/block_spec.rb +16 -0
- data/spec/threatinator/filters/comments_spec.rb +13 -0
- data/spec/threatinator/filters/whitespace_spec.rb +12 -0
- data/spec/threatinator/parser_spec.rb +13 -0
- data/spec/threatinator/parsers/csv/parser_spec.rb +202 -0
- data/spec/threatinator/parsers/getline/parser_spec.rb +83 -0
- data/spec/threatinator/parsers/json/parser_spec.rb +106 -0
- data/spec/threatinator/parsers/json/record_spec.rb +30 -0
- data/spec/threatinator/parsers/xml/node_spec.rb +335 -0
- data/spec/threatinator/parsers/xml/parser_spec.rb +263 -0
- data/spec/threatinator/parsers/xml/path_spec.rb +209 -0
- data/spec/threatinator/parsers/xml/pattern_spec.rb +72 -0
- data/spec/threatinator/parsers/xml/record_spec.rb +27 -0
- data/spec/threatinator/plugin_loader_spec.rb +238 -0
- data/spec/threatinator/plugins/output/csv_spec.rb +46 -0
- data/spec/threatinator/plugins/output/null_spec.rb +17 -0
- data/spec/threatinator/plugins/output/rubydebug_spec.rb +37 -0
- data/spec/threatinator/property_definer_spec.rb +155 -0
- data/spec/threatinator/record_spec.rb +19 -0
- data/spec/threatinator/registry_spec.rb +97 -0
- data/spec/threatinator/runner_spec.rb +273 -0
- metadata +376 -0
@@ -0,0 +1,24 @@
|
|
1
|
+
# Palevo C&C IP Blocklist by abuse.ch
|
2
|
+
107.150.36.226
|
3
|
+
109.123.109.132
|
4
|
+
115.236.76.168
|
5
|
+
144.76.143.4
|
6
|
+
173.230.133.99
|
7
|
+
176.31.117.59
|
8
|
+
187.214.120.147
|
9
|
+
189.135.116.163
|
10
|
+
189.236.206.143
|
11
|
+
193.23.48.228
|
12
|
+
194.116.174.85
|
13
|
+
208.185.82.133
|
14
|
+
50.63.202.42
|
15
|
+
67.198.207.34
|
16
|
+
67.210.170.140
|
17
|
+
67.210.170.141
|
18
|
+
67.210.170.169
|
19
|
+
69.43.161.141
|
20
|
+
76.74.255.138
|
21
|
+
80.83.124.187
|
22
|
+
82.196.6.164
|
23
|
+
91.208.194.18
|
24
|
+
98.126.44.98
|
Binary file
|
@@ -0,0 +1,16 @@
|
|
1
|
+
################################################################################
|
2
|
+
# abuse.ch SpyEye domain blocklist #
|
3
|
+
# #
|
4
|
+
# For questions please referer to https://spyeyetracker.abuse.ch/blocklist.php #
|
5
|
+
################################################################################
|
6
|
+
|
7
|
+
beromder56.com
|
8
|
+
detadomain.su
|
9
|
+
doemguing.net
|
10
|
+
firexiasds.wha.la
|
11
|
+
futuretelefonica.com
|
12
|
+
gate.eyeonarte.it
|
13
|
+
helen33nasanorth.com
|
14
|
+
sebortemesd5.com
|
15
|
+
stendtlong.net
|
16
|
+
|
@@ -0,0 +1,19 @@
|
|
1
|
+
################################################################################
|
2
|
+
# abuse.ch SpyEye IP blocklist #
|
3
|
+
# #
|
4
|
+
# For questions please referer to https://spyeyetracker.abuse.ch/blocklist.php #
|
5
|
+
################################################################################
|
6
|
+
|
7
|
+
188.190.126.173
|
8
|
+
188.190.126.175
|
9
|
+
188.190.126.176
|
10
|
+
193.106.31.12
|
11
|
+
193.107.17.62
|
12
|
+
194.44.157.130
|
13
|
+
46.166.143.56
|
14
|
+
91.213.217.36
|
15
|
+
91.220.62.112
|
16
|
+
91.220.62.190
|
17
|
+
93.171.202.70
|
18
|
+
94.63.149.51
|
19
|
+
|
@@ -0,0 +1,17 @@
|
|
1
|
+
#Bad Guys List
|
2
|
+
#From: thomas@t-arend.de
|
3
|
+
#Date: So 6. Sep 13:03:16 CEST 2009
|
4
|
+
sshd: 113.11.200.191
|
5
|
+
sshd: 116.122.107.58
|
6
|
+
sshd: 116.127.93.201
|
7
|
+
sshd: 116.58.96.55
|
8
|
+
sshd: 116.68.194.45
|
9
|
+
sshd: 117.21.249.75
|
10
|
+
sshd: 117.32.128.141
|
11
|
+
sshd: 118.128.150.210
|
12
|
+
sshd: 119.113.0.4
|
13
|
+
sshd: 119.113.0.7
|
14
|
+
sshd: 121.13.229.221
|
15
|
+
sshd: 121.138.192.152
|
16
|
+
sshd: 121.14.142.46
|
17
|
+
sshd: 121.15.167.243
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# IP addresses launching SSH dictionary attacks. As of Fri, 11 Jul 2014 15:22:17 +0100
|
2
|
+
ALL : 1.30.20.146
|
3
|
+
ALL : 1.82.184.23
|
4
|
+
ALL : 1.82.184.25
|
5
|
+
ALL : 1.85.2.246
|
6
|
+
ALL : 1.93.22.107
|
7
|
+
ALL : 1.93.24.62
|
8
|
+
ALL : 1.93.24.72
|
9
|
+
ALL : 1.93.25.63
|
10
|
+
ALL : 1.93.25.165
|
11
|
+
ALL : 1.93.25.234
|
12
|
+
ALL : 1.93.25.253
|
@@ -0,0 +1,27 @@
|
|
1
|
+
#
|
2
|
+
# EVIL SSH HOSTLIST
|
3
|
+
#
|
4
|
+
|
5
|
+
#
|
6
|
+
# Hosts having these IPv4 addresses were caught bruteforcing ssh login attempts
|
7
|
+
# Thanks to pam_abl module -- http://sourceforge.net/projects/pam-abl/
|
8
|
+
# VitaliF, 2008-*
|
9
|
+
# http://vmx.yourcmc.ru/BAD_HOSTS.IP4
|
10
|
+
#
|
11
|
+
|
12
|
+
101.109.85.141
|
13
|
+
101.64.234.130
|
14
|
+
101.78.134.166
|
15
|
+
108.162.193.155
|
16
|
+
108.162.193.55
|
17
|
+
108.174.52.186
|
18
|
+
109.120.157.63
|
19
|
+
109.123.105.154
|
20
|
+
109.123.105.217
|
21
|
+
109.123.125.85
|
22
|
+
109.123.91.52
|
23
|
+
109.123.95.92
|
24
|
+
109.165.10.125
|
25
|
+
109.165.15.113
|
26
|
+
109.165.35.137
|
27
|
+
109.165.75.40
|
@@ -0,0 +1,285 @@
|
|
1
|
+
##############################################################################
|
2
|
+
# abuse.ch ZeuS IP blocklist #
|
3
|
+
# #
|
4
|
+
# For questions please refer to https://zeustracker.abuse.ch/blocklist.php #
|
5
|
+
##############################################################################
|
6
|
+
|
7
|
+
103.11.74.118
|
8
|
+
103.23.201.219
|
9
|
+
103.241.0.100
|
10
|
+
103.4.52.150
|
11
|
+
103.7.59.135
|
12
|
+
107.161.123.138
|
13
|
+
107.182.142.41
|
14
|
+
107.182.163.196
|
15
|
+
108.162.196.114
|
16
|
+
108.162.199.22
|
17
|
+
108.61.63.78
|
18
|
+
109.120.150.19
|
19
|
+
109.127.8.242
|
20
|
+
109.169.92.40
|
21
|
+
109.229.210.250
|
22
|
+
109.229.36.65
|
23
|
+
109.235.59.44
|
24
|
+
109.237.108.92
|
25
|
+
109.68.33.64
|
26
|
+
113.108.204.30
|
27
|
+
114.215.185.196
|
28
|
+
116.0.23.234
|
29
|
+
116.193.76.135
|
30
|
+
119.81.52.54
|
31
|
+
121.199.57.56
|
32
|
+
122.155.3.150
|
33
|
+
123.30.129.179
|
34
|
+
124.150.141.42
|
35
|
+
128.199.230.64
|
36
|
+
128.210.157.251
|
37
|
+
141.101.116.203
|
38
|
+
141.105.67.94
|
39
|
+
144.76.40.132
|
40
|
+
146.185.174.81
|
41
|
+
146.185.220.4
|
42
|
+
148.251.7.40
|
43
|
+
15.185.99.202
|
44
|
+
151.248.125.64
|
45
|
+
151.97.190.239
|
46
|
+
159.253.147.248
|
47
|
+
162.144.3.101
|
48
|
+
162.211.84.6
|
49
|
+
173.193.105.244
|
50
|
+
173.230.253.193
|
51
|
+
173.242.112.135
|
52
|
+
173.243.112.192
|
53
|
+
173.243.112.2
|
54
|
+
173.243.112.20
|
55
|
+
173.243.112.46
|
56
|
+
173.245.71.100
|
57
|
+
173.249.152.23
|
58
|
+
176.119.2.90
|
59
|
+
176.119.2.91
|
60
|
+
177.140.22.150
|
61
|
+
178.19.99.42
|
62
|
+
178.217.187.129
|
63
|
+
178.75.246.57
|
64
|
+
180.151.58.244
|
65
|
+
180.182.234.200
|
66
|
+
184.169.145.165
|
67
|
+
185.10.58.170
|
68
|
+
185.10.58.171
|
69
|
+
185.10.58.180
|
70
|
+
185.10.58.181
|
71
|
+
185.12.46.131
|
72
|
+
185.16.212.70
|
73
|
+
185.20.227.39
|
74
|
+
185.24.233.35
|
75
|
+
185.24.233.97
|
76
|
+
185.25.117.49
|
77
|
+
185.25.49.128
|
78
|
+
185.25.49.227
|
79
|
+
185.26.122.13
|
80
|
+
185.28.21.32
|
81
|
+
185.5.55.248
|
82
|
+
186.64.120.104
|
83
|
+
188.219.154.228
|
84
|
+
188.247.135.53
|
85
|
+
188.247.135.58
|
86
|
+
188.247.135.74
|
87
|
+
188.247.135.99
|
88
|
+
190.128.29.1
|
89
|
+
190.14.37.122
|
90
|
+
190.14.37.138
|
91
|
+
190.15.192.25
|
92
|
+
192.225.175.71
|
93
|
+
192.254.79.85
|
94
|
+
192.64.11.244
|
95
|
+
192.64.177.143
|
96
|
+
192.64.9.116
|
97
|
+
192.95.12.34
|
98
|
+
193.106.177.243
|
99
|
+
193.107.19.24
|
100
|
+
193.120.55.242
|
101
|
+
193.169.244.174
|
102
|
+
195.12.39.33
|
103
|
+
195.244.39.64
|
104
|
+
195.3.146.47
|
105
|
+
195.64.154.38
|
106
|
+
198.1.77.78
|
107
|
+
198.15.117.228
|
108
|
+
198.15.127.170
|
109
|
+
198.245.202.92
|
110
|
+
198.50.198.162
|
111
|
+
198.58.126.85
|
112
|
+
198.58.93.4
|
113
|
+
199.187.129.193
|
114
|
+
199.188.100.169
|
115
|
+
199.201.121.185
|
116
|
+
199.204.248.106
|
117
|
+
199.231.186.170
|
118
|
+
199.7.234.100
|
119
|
+
200.98.165.88
|
120
|
+
202.142.215.16
|
121
|
+
202.29.230.198
|
122
|
+
203.170.193.23
|
123
|
+
204.188.238.141
|
124
|
+
204.197.248.143
|
125
|
+
204.45.30.19
|
126
|
+
204.93.211.115
|
127
|
+
205.234.195.93
|
128
|
+
207.244.75.136
|
129
|
+
208.91.197.197
|
130
|
+
208.91.197.207
|
131
|
+
209.188.18.94
|
132
|
+
209.54.49.111
|
133
|
+
209.99.17.27
|
134
|
+
210.211.108.215
|
135
|
+
212.193.228.167
|
136
|
+
212.225.213.253
|
137
|
+
212.44.64.202
|
138
|
+
213.147.67.20
|
139
|
+
213.152.26.146
|
140
|
+
216.176.100.240
|
141
|
+
216.215.112.149
|
142
|
+
216.240.159.134
|
143
|
+
217.23.138.114
|
144
|
+
222.29.197.232
|
145
|
+
23.227.196.105
|
146
|
+
23.227.196.17
|
147
|
+
23.227.196.6
|
148
|
+
23.227.196.7
|
149
|
+
23.227.196.81
|
150
|
+
23.227.196.95
|
151
|
+
23.235.237.197
|
152
|
+
23.238.230.237
|
153
|
+
27.124.125.18
|
154
|
+
31.148.219.85
|
155
|
+
31.170.164.5
|
156
|
+
31.220.1.175
|
157
|
+
31.6.71.83
|
158
|
+
31.7.63.146
|
159
|
+
37.0.123.133
|
160
|
+
37.0.123.149
|
161
|
+
37.0.123.161
|
162
|
+
37.0.123.204
|
163
|
+
37.0.123.226
|
164
|
+
37.0.123.84
|
165
|
+
37.0.124.118
|
166
|
+
37.0.124.145
|
167
|
+
37.0.127.101
|
168
|
+
37.0.127.107
|
169
|
+
37.0.127.108
|
170
|
+
37.0.127.110
|
171
|
+
37.0.127.112
|
172
|
+
37.0.127.115
|
173
|
+
37.0.127.96
|
174
|
+
37.143.11.189
|
175
|
+
37.143.14.207
|
176
|
+
37.187.131.39
|
177
|
+
37.187.144.39
|
178
|
+
37.187.146.148
|
179
|
+
37.58.49.144
|
180
|
+
37.58.51.133
|
181
|
+
37.58.51.135
|
182
|
+
37.58.51.137
|
183
|
+
37.58.51.138
|
184
|
+
37.58.51.144
|
185
|
+
37.58.51.150
|
186
|
+
37.58.51.163
|
187
|
+
37.59.217.219
|
188
|
+
41.186.24.58
|
189
|
+
41.71.188.2
|
190
|
+
46.102.246.202
|
191
|
+
46.137.118.69
|
192
|
+
46.166.131.154
|
193
|
+
46.166.141.107
|
194
|
+
46.166.145.113
|
195
|
+
46.19.143.249
|
196
|
+
46.21.157.219
|
197
|
+
46.22.211.47
|
198
|
+
46.30.40.95
|
199
|
+
46.4.150.111
|
200
|
+
49.50.8.213
|
201
|
+
5.45.179.132
|
202
|
+
5.45.68.91
|
203
|
+
5.61.34.211
|
204
|
+
5.63.158.126
|
205
|
+
50.63.202.86
|
206
|
+
50.63.202.95
|
207
|
+
50.87.153.3
|
208
|
+
54.208.246.4
|
209
|
+
59.157.4.2
|
210
|
+
60.13.186.5
|
211
|
+
62.109.18.114
|
212
|
+
62.173.151.82
|
213
|
+
64.127.71.73
|
214
|
+
64.32.12.51
|
215
|
+
64.32.20.100
|
216
|
+
64.32.7.118
|
217
|
+
64.85.233.8
|
218
|
+
65.200.132.20
|
219
|
+
65.75.164.128
|
220
|
+
66.225.192.214
|
221
|
+
66.85.137.59
|
222
|
+
66.96.160.153
|
223
|
+
67.225.220.254
|
224
|
+
68.89.11.90
|
225
|
+
69.163.201.158
|
226
|
+
76.73.57.130
|
227
|
+
77.222.42.250
|
228
|
+
77.40.30.111
|
229
|
+
78.110.9.77
|
230
|
+
78.129.158.15
|
231
|
+
78.46.75.138
|
232
|
+
79.143.178.105
|
233
|
+
80.243.184.237
|
234
|
+
80.81.193.66
|
235
|
+
81.17.25.191
|
236
|
+
81.17.25.235
|
237
|
+
81.17.25.62
|
238
|
+
81.177.141.32
|
239
|
+
81.4.108.109
|
240
|
+
81.88.48.95
|
241
|
+
81.88.57.96
|
242
|
+
82.131.180.72
|
243
|
+
83.15.254.242
|
244
|
+
83.222.112.221
|
245
|
+
83.69.233.121
|
246
|
+
84.201.32.125
|
247
|
+
85.153.34.112
|
248
|
+
85.25.4.28
|
249
|
+
86.106.188.120
|
250
|
+
87.236.211.148
|
251
|
+
87.236.211.185
|
252
|
+
87.246.143.242
|
253
|
+
87.254.167.37
|
254
|
+
89.248.160.159
|
255
|
+
89.31.143.20
|
256
|
+
89.32.150.234
|
257
|
+
89.36.31.215
|
258
|
+
89.46.251.146
|
259
|
+
89.46.251.158
|
260
|
+
89.46.251.169
|
261
|
+
91.218.121.136
|
262
|
+
91.221.36.162
|
263
|
+
91.223.82.17
|
264
|
+
91.226.212.11
|
265
|
+
91.226.212.170
|
266
|
+
91.227.18.17
|
267
|
+
91.228.160.170
|
268
|
+
91.228.160.201
|
269
|
+
91.230.60.107
|
270
|
+
91.231.86.213
|
271
|
+
91.231.87.190
|
272
|
+
91.239.15.219
|
273
|
+
92.53.119.248
|
274
|
+
92.53.124.62
|
275
|
+
93.125.99.4
|
276
|
+
93.125.99.8
|
277
|
+
93.174.88.3
|
278
|
+
93.186.120.112
|
279
|
+
93.186.120.42
|
280
|
+
93.188.160.4
|
281
|
+
93.90.182.90
|
282
|
+
94.103.36.55
|
283
|
+
95.154.228.163
|
284
|
+
95.181.178.177
|
285
|
+
98.131.185.136
|
@@ -0,0 +1,27 @@
|
|
1
|
+
##############################################################################
|
2
|
+
# abuse.ch ZeuS domain blocklist #
|
3
|
+
# #
|
4
|
+
# For questions please refer to https://zeustracker.abuse.ch/blocklist.php #
|
5
|
+
##############################################################################
|
6
|
+
|
7
|
+
039b1ee.netsolhost.com
|
8
|
+
1day.su
|
9
|
+
1shot2shot3shot.ru
|
10
|
+
2719719.com
|
11
|
+
3apa3a.tomsk.tw
|
12
|
+
4btc.cc
|
13
|
+
4sen.pl
|
14
|
+
abans.ru
|
15
|
+
acgplug.org
|
16
|
+
achionline.com
|
17
|
+
aconfideeeeeracia200.com
|
18
|
+
acorp.su
|
19
|
+
adcarapicuiba.org.br
|
20
|
+
advanc1.co.vu
|
21
|
+
advanc118.co.vu
|
22
|
+
advanc3.co.vu
|
23
|
+
advanc320.co.vu
|
24
|
+
advanc420.co.vu
|
25
|
+
advanc520.co.vu
|
26
|
+
advwinntdigiplus.net
|
27
|
+
ajahdelta.eu
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'feeds/dshield_attackers-top1000.feed', :feed do
|
4
|
+
let(:provider) { 'dshield' }
|
5
|
+
let(:name) { 'attackers-top1000' }
|
6
|
+
|
7
|
+
it_fetches_url 'https://isc.sans.edu/api/sources/attacks/1000/'
|
8
|
+
|
9
|
+
describe_parsing_the_file feed_data('dshield_topattackers.xml') do
|
10
|
+
it "should have parsed 10 records" do
|
11
|
+
expect(num_records_parsed).to eq(10)
|
12
|
+
end
|
13
|
+
it "should have filtered 0 records" do
|
14
|
+
expect(num_records_filtered).to eq(0)
|
15
|
+
end
|
16
|
+
it "should have missed 0 records" do
|
17
|
+
expect(num_records_missed).to eq(0)
|
18
|
+
end
|
19
|
+
|
20
|
+
describe "the records" do
|
21
|
+
it "should total 10" do
|
22
|
+
expect(num_records).to eq(10)
|
23
|
+
end
|
24
|
+
|
25
|
+
it "each record should have generated exactly one event" do
|
26
|
+
counts = events.map { |event_array| event_array.count }
|
27
|
+
expect(counts).to eq([1,1,1,1,1,1,1,1,1,1])
|
28
|
+
end
|
29
|
+
|
30
|
+
describe "the event for record 0" do
|
31
|
+
let(:record) { records[0] }
|
32
|
+
let(:event) { events[0].first }
|
33
|
+
subject { event }
|
34
|
+
|
35
|
+
its(:type) { is_expected.to be(:attacker) }
|
36
|
+
its(:ipv4s) { is_expected.to match_array(['150.164.82.10']) }
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
|
43
|
+
|