threatinator 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (219) hide show
  1. checksums.yaml +7 -0
  2. data/CHANGELOG.md +23 -0
  3. data/CONTRIBUTING.md +119 -0
  4. data/Gemfile +28 -0
  5. data/LICENSE +165 -0
  6. data/README.md +45 -0
  7. data/Rakefile +45 -0
  8. data/VERSION +1 -0
  9. data/bin/threatinator +5 -0
  10. data/lib/threatinator.rb +3 -0
  11. data/lib/threatinator/action.rb +14 -0
  12. data/lib/threatinator/actions/list.rb +2 -0
  13. data/lib/threatinator/actions/list/action.rb +53 -0
  14. data/lib/threatinator/actions/list/config.rb +10 -0
  15. data/lib/threatinator/actions/run.rb +2 -0
  16. data/lib/threatinator/actions/run/action.rb +45 -0
  17. data/lib/threatinator/actions/run/config.rb +32 -0
  18. data/lib/threatinator/actions/run/coverage_observer.rb +54 -0
  19. data/lib/threatinator/actions/run/output_config.rb +59 -0
  20. data/lib/threatinator/cli.rb +13 -0
  21. data/lib/threatinator/cli/action_builder.rb +33 -0
  22. data/lib/threatinator/cli/list_action_builder.rb +19 -0
  23. data/lib/threatinator/cli/parser.rb +113 -0
  24. data/lib/threatinator/cli/run_action_builder.rb +41 -0
  25. data/lib/threatinator/config.rb +6 -0
  26. data/lib/threatinator/config/base.rb +35 -0
  27. data/lib/threatinator/config/feed_search.rb +25 -0
  28. data/lib/threatinator/decoder.rb +24 -0
  29. data/lib/threatinator/decoders/gzip.rb +30 -0
  30. data/lib/threatinator/event.rb +27 -0
  31. data/lib/threatinator/event_builder.rb +41 -0
  32. data/lib/threatinator/exceptions.rb +61 -0
  33. data/lib/threatinator/feed.rb +82 -0
  34. data/lib/threatinator/feed_builder.rb +156 -0
  35. data/lib/threatinator/feed_registry.rb +47 -0
  36. data/lib/threatinator/feed_runner.rb +118 -0
  37. data/lib/threatinator/fetcher.rb +22 -0
  38. data/lib/threatinator/fetchers/http.rb +46 -0
  39. data/lib/threatinator/filter.rb +12 -0
  40. data/lib/threatinator/filters/block.rb +18 -0
  41. data/lib/threatinator/filters/comments.rb +16 -0
  42. data/lib/threatinator/filters/whitespace.rb +19 -0
  43. data/lib/threatinator/output.rb +50 -0
  44. data/lib/threatinator/parser.rb +23 -0
  45. data/lib/threatinator/parsers/csv.rb +7 -0
  46. data/lib/threatinator/parsers/csv/parser.rb +77 -0
  47. data/lib/threatinator/parsers/getline.rb +8 -0
  48. data/lib/threatinator/parsers/getline/parser.rb +45 -0
  49. data/lib/threatinator/parsers/json.rb +8 -0
  50. data/lib/threatinator/parsers/json/adapters/oj.rb +65 -0
  51. data/lib/threatinator/parsers/json/parser.rb +45 -0
  52. data/lib/threatinator/parsers/json/record.rb +20 -0
  53. data/lib/threatinator/parsers/xml.rb +8 -0
  54. data/lib/threatinator/parsers/xml/node.rb +79 -0
  55. data/lib/threatinator/parsers/xml/node_builder.rb +39 -0
  56. data/lib/threatinator/parsers/xml/parser.rb +44 -0
  57. data/lib/threatinator/parsers/xml/path.rb +70 -0
  58. data/lib/threatinator/parsers/xml/pattern.rb +53 -0
  59. data/lib/threatinator/parsers/xml/record.rb +14 -0
  60. data/lib/threatinator/parsers/xml/sax_document.rb +64 -0
  61. data/lib/threatinator/plugin_loader.rb +115 -0
  62. data/lib/threatinator/plugins/output/csv.rb +47 -0
  63. data/lib/threatinator/plugins/output/null.rb +17 -0
  64. data/lib/threatinator/plugins/output/rubydebug.rb +16 -0
  65. data/lib/threatinator/property_definer.rb +101 -0
  66. data/lib/threatinator/record.rb +22 -0
  67. data/lib/threatinator/registry.rb +53 -0
  68. data/lib/threatinator/util.rb +15 -0
  69. data/spec/feeds/ET_compromised-ip_reputation_spec.rb +50 -0
  70. data/spec/feeds/alienvault-ip_reputation_spec.rb +50 -0
  71. data/spec/feeds/arbor_fastflux-domain_reputation_spec.rb +50 -0
  72. data/spec/feeds/arbor_ssh-ip_reputation_spec.rb +50 -0
  73. data/spec/feeds/autoshun_shunlist_spec.rb +42 -0
  74. data/spec/feeds/blocklist_de_apache-ip_reputation_spec.rb +50 -0
  75. data/spec/feeds/blocklist_de_bots-ip_reputation_spec.rb +50 -0
  76. data/spec/feeds/blocklist_de_ftp-ip_reputation_spec.rb +50 -0
  77. data/spec/feeds/blocklist_de_imap-ip_reputation_spec.rb +50 -0
  78. data/spec/feeds/blocklist_de_pop3-ip_reputation_spec.rb +50 -0
  79. data/spec/feeds/blocklist_de_proftpd-ip_reputation_spec.rb +50 -0
  80. data/spec/feeds/blocklist_de_sip-ip_reputation_spec.rb +50 -0
  81. data/spec/feeds/blocklist_de_ssh-ip_reputation_spec.rb +50 -0
  82. data/spec/feeds/blocklist_de_strongips-ip_reputation_spec.rb +50 -0
  83. data/spec/feeds/ciarmy-ip_reputation_spec.rb +50 -0
  84. data/spec/feeds/cruzit-ip_reputation_spec.rb +50 -0
  85. data/spec/feeds/dan_me_uk_torlist-ip_reputation_spec.rb +50 -0
  86. data/spec/feeds/data/ET_compromised-ip_reputation.txt +11 -0
  87. data/spec/feeds/data/alienvault-ip_reputation.txt +18 -0
  88. data/spec/feeds/data/arbor_domainlist.txt +11 -0
  89. data/spec/feeds/data/arbor_ssh.txt +16 -0
  90. data/spec/feeds/data/autoshun_shunlist.csv +20 -0
  91. data/spec/feeds/data/blocklist_de_apache-ip-reputation.txt +17 -0
  92. data/spec/feeds/data/blocklist_de_bots-ip-reputation.txt +15 -0
  93. data/spec/feeds/data/blocklist_de_ftp-ip-reputation.txt +7 -0
  94. data/spec/feeds/data/blocklist_de_imap-ip-reputation.txt +8 -0
  95. data/spec/feeds/data/blocklist_de_pop3-ip-reputation.txt +11 -0
  96. data/spec/feeds/data/blocklist_de_proftpd-ip-reputation.txt +12 -0
  97. data/spec/feeds/data/blocklist_de_sip-ip-reputation.txt +9 -0
  98. data/spec/feeds/data/blocklist_de_ssh-ip-reputation.txt +10 -0
  99. data/spec/feeds/data/blocklist_de_strongips-ip-reputation.txt +11 -0
  100. data/spec/feeds/data/ciarmy-ip-reputation.txt +11 -0
  101. data/spec/feeds/data/cruzit-ip-reputation.txt +14 -0
  102. data/spec/feeds/data/dan_me_uk_torlist-ip-reputation.txt +11 -0
  103. data/spec/feeds/data/dshield_topattackers.xml +4 -0
  104. data/spec/feeds/data/feodo_domainlist.txt +18 -0
  105. data/spec/feeds/data/feodo_iplist.txt +20 -0
  106. data/spec/feeds/data/infiltrated_iplist.txt +16 -0
  107. data/spec/feeds/data/malc0de_domainlist.txt +18 -0
  108. data/spec/feeds/data/malc0de_iplist.txt +14 -0
  109. data/spec/feeds/data/mirc_domainlist.txt +31 -0
  110. data/spec/feeds/data/nothink_irc_iplist.txt +14 -0
  111. data/spec/feeds/data/nothink_ssh_iplist.txt +10 -0
  112. data/spec/feeds/data/openbl_iplist.txt +12 -0
  113. data/spec/feeds/data/palevo_domainlist.txt +25 -0
  114. data/spec/feeds/data/palevo_iplist.txt +24 -0
  115. data/spec/feeds/data/phishtank-sample.json.gz +0 -0
  116. data/spec/feeds/data/spyeye_domainlist.txt +16 -0
  117. data/spec/feeds/data/spyeye_iplist.txt +19 -0
  118. data/spec/feeds/data/t-arend-de_ssh_iplist.txt +17 -0
  119. data/spec/feeds/data/the_haleys_ssh_iplist.txt +12 -0
  120. data/spec/feeds/data/yourcmc_ssh-ip_reputation.txt +27 -0
  121. data/spec/feeds/data/zeus-ip_reputation.txt +285 -0
  122. data/spec/feeds/data/zeus_domainlist.txt +27 -0
  123. data/spec/feeds/dshield_attackers-top1000_spec.rb +43 -0
  124. data/spec/feeds/feodo-domain_reputation_spec.rb +50 -0
  125. data/spec/feeds/feodo-ip_reputation_spec.rb +50 -0
  126. data/spec/feeds/infiltrated-ip_reputation_spec.rb +50 -0
  127. data/spec/feeds/malc0de-domain_reputation_spec.rb +50 -0
  128. data/spec/feeds/malc0de-ip_reputation_spec.rb +50 -0
  129. data/spec/feeds/mirc-domain_reputation_spec.rb +50 -0
  130. data/spec/feeds/nothink_irc-ip_reputation_spec.rb +50 -0
  131. data/spec/feeds/nothink_ssh-ip_reputation_spec.rb +50 -0
  132. data/spec/feeds/openbl-ip_reputation_spec.rb +50 -0
  133. data/spec/feeds/palevo-domain_reputation_spec.rb +50 -0
  134. data/spec/feeds/palevo-ip_reputation_spec.rb +50 -0
  135. data/spec/feeds/phishtank_spec.rb +45 -0
  136. data/spec/feeds/spyeye-domain_reputation_spec.rb +50 -0
  137. data/spec/feeds/spyeye-ip_reputation_spec.rb +50 -0
  138. data/spec/feeds/t-arend-de_ssh-ip_reputation_spec.rb +50 -0
  139. data/spec/feeds/the_haleys_ssh-ip_reputation_spec.rb +50 -0
  140. data/spec/feeds/yourcmc_ssh-ip_reputation_spec.rb +50 -0
  141. data/spec/feeds/zeus-domain_reputation_spec.rb +50 -0
  142. data/spec/feeds/zeus-ip_reputation_spec.rb +50 -0
  143. data/spec/fixtures/feed/provider1/feed1.feed +6 -0
  144. data/spec/fixtures/parsers/test.xml +13 -0
  145. data/spec/fixtures/parsers/test_self_closing.xml +20 -0
  146. data/spec/fixtures/plugins/bad/threatinator/plugins/test_error1/plugin.rb +1 -0
  147. data/spec/fixtures/plugins/bad/threatinator/plugins/test_missing1/plugin.rb +0 -0
  148. data/spec/fixtures/plugins/fake.rb +19 -0
  149. data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_a.rb +8 -0
  150. data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_b.rb +8 -0
  151. data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_c.rb +8 -0
  152. data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_d.rb +8 -0
  153. data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_e.rb +8 -0
  154. data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_f.rb +8 -0
  155. data/spec/spec_helper.rb +52 -0
  156. data/spec/support/bad_feeds/missing_fetcher.feed +7 -0
  157. data/spec/support/bad_feeds/missing_name.feed +6 -0
  158. data/spec/support/bad_feeds/missing_parser.feed +3 -0
  159. data/spec/support/bad_feeds/missing_provider.feed +5 -0
  160. data/spec/support/factories/event.rb +27 -0
  161. data/spec/support/factories/feed.rb +32 -0
  162. data/spec/support/factories/feed_builder.rb +65 -0
  163. data/spec/support/factories/feed_registry.rb +8 -0
  164. data/spec/support/factories/output.rb +11 -0
  165. data/spec/support/factories/record.rb +17 -0
  166. data/spec/support/factories/xml_node.rb +33 -0
  167. data/spec/support/helpers/io.rb +11 -0
  168. data/spec/support/helpers/models.rb +13 -0
  169. data/spec/support/shared/action_builder.rb +47 -0
  170. data/spec/support/shared/decoder.rb +70 -0
  171. data/spec/support/shared/feeds.rb +218 -0
  172. data/spec/support/shared/fetcher.rb +48 -0
  173. data/spec/support/shared/filter.rb +14 -0
  174. data/spec/support/shared/io-like.rb +7 -0
  175. data/spec/support/shared/output.rb +120 -0
  176. data/spec/support/shared/parsers.rb +51 -0
  177. data/spec/support/shared/record.rb +111 -0
  178. data/spec/threatinator/actions/list/action_spec.rb +93 -0
  179. data/spec/threatinator/actions/run/action_spec.rb +89 -0
  180. data/spec/threatinator/actions/run/config_spec.rb +39 -0
  181. data/spec/threatinator/actions/run/coverage_observer_spec.rb +116 -0
  182. data/spec/threatinator/actions/run/output_config_spec.rb +89 -0
  183. data/spec/threatinator/cli/list_action_builder_spec.rb +57 -0
  184. data/spec/threatinator/cli/run_action_builder_spec.rb +133 -0
  185. data/spec/threatinator/cli_spec.rb +175 -0
  186. data/spec/threatinator/config/base_spec.rb +39 -0
  187. data/spec/threatinator/config/feed_search_spec.rb +76 -0
  188. data/spec/threatinator/decoders/gzip_spec.rb +75 -0
  189. data/spec/threatinator/event_builder_spec.rb +33 -0
  190. data/spec/threatinator/event_spec.rb +30 -0
  191. data/spec/threatinator/feed_builder_spec.rb +636 -0
  192. data/spec/threatinator/feed_registry_spec.rb +198 -0
  193. data/spec/threatinator/feed_runner_spec.rb +155 -0
  194. data/spec/threatinator/feed_spec.rb +169 -0
  195. data/spec/threatinator/fetcher_spec.rb +12 -0
  196. data/spec/threatinator/fetchers/http_spec.rb +32 -0
  197. data/spec/threatinator/filter_spec.rb +13 -0
  198. data/spec/threatinator/filters/block_spec.rb +16 -0
  199. data/spec/threatinator/filters/comments_spec.rb +13 -0
  200. data/spec/threatinator/filters/whitespace_spec.rb +12 -0
  201. data/spec/threatinator/parser_spec.rb +13 -0
  202. data/spec/threatinator/parsers/csv/parser_spec.rb +202 -0
  203. data/spec/threatinator/parsers/getline/parser_spec.rb +83 -0
  204. data/spec/threatinator/parsers/json/parser_spec.rb +106 -0
  205. data/spec/threatinator/parsers/json/record_spec.rb +30 -0
  206. data/spec/threatinator/parsers/xml/node_spec.rb +335 -0
  207. data/spec/threatinator/parsers/xml/parser_spec.rb +263 -0
  208. data/spec/threatinator/parsers/xml/path_spec.rb +209 -0
  209. data/spec/threatinator/parsers/xml/pattern_spec.rb +72 -0
  210. data/spec/threatinator/parsers/xml/record_spec.rb +27 -0
  211. data/spec/threatinator/plugin_loader_spec.rb +238 -0
  212. data/spec/threatinator/plugins/output/csv_spec.rb +46 -0
  213. data/spec/threatinator/plugins/output/null_spec.rb +17 -0
  214. data/spec/threatinator/plugins/output/rubydebug_spec.rb +37 -0
  215. data/spec/threatinator/property_definer_spec.rb +155 -0
  216. data/spec/threatinator/record_spec.rb +19 -0
  217. data/spec/threatinator/registry_spec.rb +97 -0
  218. data/spec/threatinator/runner_spec.rb +273 -0
  219. metadata +376 -0
data/spec/feeds/data/ET_compromised-ip_reputation.txt ADDED
@@ -0,0 +1,11 @@
1
+ 1.179.128.245
2
+ 1.62.100.3
3
+ 1.93.24.83
4
+ 1.93.24.90
5
+ 1.93.25.102
6
+ 1.93.25.251
7
+ 1.93.26.130
8
+ 1.93.26.15
9
+ 1.93.26.17
10
+ 1.93.26.32
11
+ 1.93.26.70
data/spec/feeds/data/alienvault-ip_reputation.txt ADDED
@@ -0,0 +1,18 @@
1
+
2
+ ###
3
+ # Alienvault IP Reputation Database
4
+ # https://reputation.alienvault.com/
5
+ ###
6
+
7
+ # Generic format
8
+
9
+ 37.205.198.162 # Scanning Host IT,,42.8333015442,12.8332996368
10
+ 182.131.22.235 # Scanning Host CN,Chengdu,30.6667003632,104.066703796
11
+ 58.250.71.43 # Scanning Host CN,Guangzhou,23.1166992188,113.25
12
+ 211.160.19.250 # Scanning Host CN,Hang,30.2936000824,120.161399841
13
+ 203.121.165.16 # C&C TH,,15.0,100.0
14
+ 211.151.57.196 # Scanning Host CN,Beijing,39.9289016724,116.388298035
15
+ 108.59.1.5 # Scanning Host A1,,0.0,0.0
16
+ 108.59.5.139 # Scanning Host US,,39.6734008789,-75.7052001953
17
+ 108.85.139.165 # Scanning Host US,Los Angeles,34.043800354,-118.251197815
18
+ 109.169.60.121 # Scanning Host US,,38.0,-97.0
data/spec/feeds/data/arbor_domainlist.txt ADDED
@@ -0,0 +1,11 @@
1
+ #
2
+ # ATLAS Currently monitored fastflux domains
3
+ # (c) 2014 Arbor Networks
4
+ #
5
+ # comments: atlas@arbornetworks.com
6
+ # generated: Thu Jul 3 00:20:16 2014
7
+ #
8
+ # DOMAIN
9
+ brylanehome.com
10
+ emltrk.com
11
+
data/spec/feeds/data/arbor_ssh.txt ADDED
@@ -0,0 +1,16 @@
1
+ 190.255.48.99 2257.0
2
+ 91.217.82.135 1984.0
3
+ 113.31.19.111 1832.0
4
+ 125.65.112.133 1714.0
5
+ 204.93.219.147 1408.0
6
+ 46.20.10.101 1295.0
7
+ 85.25.191.144 1198.0
8
+ 199.119.227.17 1168.0
9
+ 58.26.187.6 1135.0
10
+ 221.2.227.118 1.0
11
+ 186.18.67.167 1.0
12
+ 190.248.54.165 1.0
13
+ 186.169.181.150 1.0
14
+ 186.22.21.101 1.0
15
+ 186.113.86.157 1.0
16
+ other 0
data/spec/feeds/data/autoshun_shunlist.csv ADDED
@@ -0,0 +1,20 @@
1
+ Shunlist as of Mon, 21 Jul 2014 13:30:02 -0500
2
+ 1.93.25.165,2014-07-11 09:58:15,SSH Brute Force
3
+ 1.93.26.130,2014-07-14 09:55:26,SSH Brute Force
4
+ 1.93.30.188,2014-07-09 08:36:42,SSH Brute Force
5
+ 1.93.34.230,2014-07-16 08:01:23,SSH Brute Force
6
+ 1.169.130.159,2014-07-07 23:10:08,Attempted MS SQL Server version enumeration
7
+ 1.214.212.74,2014-07-09 03:35:12,SSH Brute Force
8
+ 1.235.28.170,2014-07-16 03:13:39,SSH Brute Force
9
+ 2.133.208.102,2014-07-16 23:48:25,Malware Distribution Site
10
+ 2.184.57.192,2014-07-21 02:26:17,Teminal Server (RDP) brute force
11
+ 4.31.171.50,2014-07-07 06:58:50,Sipvicious Scan
12
+ 5.1.13.241,2014-07-16 23:48:23,Malware Distribution Site
13
+ 5.104.226.12,2014-07-16 09:01:23,SSH Brute Force
14
+ 5.135.112.45,2014-07-21 08:01:22,Sipvicious Scan
15
+ 5.135.176.35,2014-07-12 16:18:47,SSH Brute Force
16
+ 5.148.172.116,2014-07-07 06:58:09,SSH Brute Force
17
+ 5.159.232.139,2014-07-07 06:58:09,SSH Brute Force
18
+ 5.178.71.246,2014-07-20 21:16:07,SSH Brute Force
19
+ 5.199.165.189,2014-07-19 05:48:09,Sipvicious Scan
20
+ 5.199.166.61,2014-07-20 08:06:28,Sipvicious Scan
data/spec/feeds/data/blocklist_de_apache-ip-reputation.txt ADDED
@@ -0,0 +1,17 @@
1
+ 106.187.47.170
2
+ 107.150.59.170
3
+ 107.23.78.119
4
+ 108.59.252.133
5
+ 109.197.193.202
6
+ 109.200.1.211
7
+ 109.228.235.167
8
+ 109.70.54.11
9
+ 110.168.195.5
10
+ 110.44.123.159
11
+ 110.77.136.102
12
+ 23.91.115.60
13
+ 24.114.29.162
14
+ 2a00:1210:fffe:72::1
15
+ 2a01:238:20a:202:1000::25
16
+ 31.23.230.60
17
+ 31.28.99.108
data/spec/feeds/data/blocklist_de_bots-ip-reputation.txt ADDED
@@ -0,0 +1,15 @@
1
+ 1.23.110.131
2
+ 101.255.170.18
3
+ 101.66.202.183
4
+ 101.66.204.111
5
+ 101.66.251.72
6
+ 101.71.196.164
7
+ 101.78.144.2
8
+ 103.18.80.99
9
+ 103.20.220.205
10
+ 200.93.43.157
11
+ 200.93.92.234
12
+ 2001:250:4001:4001:e23f:49ff:fe44:595c
13
+ 2002:5bbc:75c1::5bbc:75c1
14
+ 201.144.141.194
15
+ 201.18.145.149
data/spec/feeds/data/blocklist_de_ftp-ip-reputation.txt ADDED
@@ -0,0 +1,7 @@
1
+ 110.172.152.4
2
+ 111.192.138.169
3
+ 112.111.172.203
4
+ 112.111.174.157
5
+ 112.111.174.74
6
+ 112.111.175.40
7
+ 112.198.77.229
data/spec/feeds/data/blocklist_de_imap-ip-reputation.txt ADDED
@@ -0,0 +1,8 @@
1
+ 1.174.214.119
2
+ 1.34.60.59
3
+ 1.54.216.1
4
+ 1.93.46.156
5
+ 101.166.161.198
6
+ 101.78.154.74
7
+ 103.10.134.220
8
+ 103.232.8.3
data/spec/feeds/data/blocklist_de_pop3-ip-reputation.txt ADDED
@@ -0,0 +1,11 @@
1
+ 1.168.130.111
2
+ 1.168.94.111
3
+ 1.171.195.165
4
+ 1.174.219.82
5
+ 1.175.64.9
6
+ 1.46.226.159
7
+ 1.52.121.30
8
+ 1.52.247.168
9
+ 1.53.0.215
10
+ 1.53.22.70
11
+ 1.53.230.168
data/spec/feeds/data/blocklist_de_proftpd-ip-reputation.txt ADDED
@@ -0,0 +1,12 @@
1
+ 1.54.201.61
2
+ 109.95.47.203
3
+ 111.192.138.169
4
+ 111.192.148.129
5
+ 112.111.172.203
6
+ 112.111.174.74
7
+ 112.111.175.117
8
+ 112.111.175.40
9
+ 112.90.37.197
10
+ 112.90.37.198
11
+ 112.90.37.220
12
+ 112.90.37.228
data/spec/feeds/data/blocklist_de_sip-ip-reputation.txt ADDED
@@ -0,0 +1,9 @@
1
+ 107.150.50.146
2
+ 162.252.87.211
3
+ 173.245.67.198
4
+ 178.32.229.159
5
+ 188.138.25.3
6
+ 192.151.156.90
7
+ 192.227.225.18
8
+ 198.204.224.10
9
+ 198.50.244.50
data/spec/feeds/data/blocklist_de_ssh-ip-reputation.txt ADDED
@@ -0,0 +1,10 @@
1
+ 1.214.212.74
2
+ 1.93.23.52
3
+ 1.93.24.74
4
+ 1.93.24.83
5
+ 1.93.24.85
6
+ 1.93.25.153
7
+ 1.93.25.165
8
+ 1.93.25.251
9
+ 1.93.26.10
10
+ 1.93.26.11
data/spec/feeds/data/blocklist_de_strongips-ip-reputation.txt ADDED
@@ -0,0 +1,11 @@
1
+ 120.43.8.11
2
+ 121.205.240.222
3
+ 188.143.232.211
4
+ 193.150.120.140
5
+ 91.236.74.111
6
+ 176.31.60.119
7
+ 27.159.217.240
8
+ 112.111.165.113
9
+ 178.168.82.65
10
+ 142.54.173.130
11
+ 175.44.30.134
data/spec/feeds/data/ciarmy-ip-reputation.txt ADDED
@@ -0,0 +1,11 @@
1
+ 1.93.59.96
2
+ 2.22.230.65
3
+ 4.53.160.85
4
+ 5.79.68.161
5
+ 5.104.224.34
6
+ 5.199.130.188
7
+ 5.248.82.118
8
+ 5.254.116.17
9
+ 10.0.100.120
10
+ 10.0.100.121
11
+ 12.192.193.236
data/spec/feeds/data/cruzit-ip-reputation.txt ADDED
@@ -0,0 +1,14 @@
1
+ 80.67.22.13
2
+ 80.67.23.90
3
+ 80.67.26.40
4
+ 80.67.28.145
5
+ 80.67.28.6
6
+ 80.67.30.137
7
+ 80.76.55.26
8
+ 80.76.80.108
9
+ 80.77.155.83
10
+ 80.80.171.100
11
+ 80.82.208.58
12
+ 80.82.64.114
13
+ 80.82.64.127
14
+ 80.82.64.140
data/spec/feeds/data/dan_me_uk_torlist-ip-reputation.txt ADDED
@@ -0,0 +1,11 @@
1
+ 100.0.180.88
2
+ 100.0.67.218
3
+ 100.33.8.35
4
+ 100.34.32.230
5
+ 100.37.110.51
6
+ 100.37.192.253
7
+ 100.4.189.191
8
+ 101.142.87.4
9
+ 101.217.233.64
10
+ 101.55.12.75
11
+ 101.99.64.150
data/spec/feeds/data/dshield_topattackers.xml ADDED
@@ -0,0 +1,4 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <sources>
3
+ <data><ip>150.164.082.010</ip><attacks>136726</attacks><count>137770</count><firstseen>2014-07-04</firstseen><lastseen>2014-07-23</lastseen></data><data><ip>184.105.139.067</ip><attacks>86532</attacks><count>2365149</count><firstseen>2014-02-23</firstseen><lastseen>2014-07-30</lastseen></data><data><ip>218.077.079.043</ip><attacks>80805</attacks><count>4227189</count><firstseen>2014-06-11</firstseen><lastseen>2014-07-30</lastseen></data><data><ip>173.255.218.186</ip><attacks>80393</attacks><count>314100</count><firstseen>2014-07-16</firstseen><lastseen>2014-07-25</lastseen></data><data><ip>096.126.102.057</ip><attacks>78996</attacks><count>290559</count><firstseen>2014-07-15</firstseen><lastseen>2014-07-25</lastseen></data><data><ip>050.116.010.162</ip><attacks>78916</attacks><count>272788</count><firstseen>2014-07-15</firstseen><lastseen>2014-07-25</lastseen></data><data><ip>050.116.003.246</ip><attacks>76859</attacks><count>239177</count><firstseen>2014-07-15</firstseen><lastseen>2014-07-25</lastseen></data><data><ip>114.112.090.054</ip><attacks>68334</attacks><count>68403</count><firstseen>2014-03-01</firstseen><lastseen>2014-07-10</lastseen></data><data><ip>116.010.191.236</ip><attacks>65450</attacks><count>209602</count><firstseen>2014-04-09</firstseen><lastseen>2014-07-30</lastseen></data><data><ip>116.010.191.228</ip><attacks>65424</attacks><count>209329</count><firstseen>2014-04-04</firstseen><lastseen>2014-07-30</lastseen></data>
4
+ </sources>
data/spec/feeds/data/feodo_domainlist.txt ADDED
@@ -0,0 +1,18 @@
1
+ ##########################################################################
2
+ # Feodo Domain Blocklist #
3
+ # #
4
+ # For questions please refer to https://feodotracker.abuse.ch/blocklist/ #
5
+ ##########################################################################
6
+ # START
7
+ avcctrnrxx.com
8
+ belijvetercat.ru
9
+ beliyvolkalak.ru
10
+ bestofthewest.ru
11
+ buriymishka.ru
12
+ deepandtouch.ru
13
+ djubkafriend.ru
14
+ europastewmk.ru
15
+ giaddkbzcyaoim.com
16
+ godaddy-up.ru
17
+ hawozkino.com
18
+ jvrdwnload.ru
data/spec/feeds/data/feodo_iplist.txt ADDED
@@ -0,0 +1,20 @@
1
+ ##########################################################################
2
+ # Feodo IP Blocklist #
3
+ # #
4
+ # For questions please refer to https://feodotracker.abuse.ch/blocklist/ #
5
+ ##########################################################################
6
+ # START
7
+ 103.25.59.120
8
+ 103.28.148.51
9
+ 109.235.76.136
10
+ 114.32.54.164
11
+ 119.81.5.242
12
+ 122.155.3.6
13
+ 149.171.156.234
14
+ 173.203.112.215
15
+ 173.236.153.210
16
+ 173.236.185.238
17
+ 173.236.86.214
18
+ 176.28.31.137
19
+ 182.160.162.65
20
+ 182.253.237.6
data/spec/feeds/data/infiltrated_iplist.txt ADDED
@@ -0,0 +1,16 @@
1
+ # Tue Jul 8 07:10:01 CDT 2014
2
+
3
+ 99.69.103.21
4
+ 99.188.58.18
5
+ 95.79.148.122
6
+ 95.65.31.161
7
+ 95.221.86.160
8
+ 95.221.71.219
9
+ 95.178.180.145
10
+ 95.153.177.1
11
+ 95.153.170.102
12
+ 94.77.239.126
13
+ 94.41.71.52
14
+ 94.41.244.143
15
+ 94.231.70.53
16
+ 94.23.19.116
data/spec/feeds/data/malc0de_domainlist.txt ADDED
@@ -0,0 +1,18 @@
1
+
2
+ // This file will be automatically updated daily and populated with the last 30 days of malicious domains.
3
+ // It will return 127.0.0.1 for all domains found to be distributing malware
4
+ // Additional information to get this working can be found http://www.malwaredomains.com/wordpress/?page_id=6
5
+ // Last updated 2014-07-08
6
+
7
+ PRIMARY beespace.com.ua blockeddomain.hosts
8
+ PRIMARY opencandy.com blockeddomain.hosts
9
+ PRIMARY netdna-cdn.com blockeddomain.hosts
10
+ PRIMARY drivers.drp.su blockeddomain.hosts
11
+ PRIMARY dropcanvas.com blockeddomain.hosts
12
+ PRIMARY 52z.com blockeddomain.hosts
13
+ PRIMARY baixaki.com.br blockeddomain.hosts
14
+ PRIMARY nzs.com.br blockeddomain.hosts
15
+ PRIMARY uniblue.com blockeddomain.hosts
16
+ PRIMARY downloadsrv13.com blockeddomain.hosts
17
+ PRIMARY cachelocal.org blockeddomain.hosts
18
+ PRIMARY ttriber.com blockeddomain.hosts
data/spec/feeds/data/malc0de_iplist.txt ADDED
@@ -0,0 +1,14 @@
1
+
2
+ // This file will be automatically updated daily and populated with the last 30 days of malicious IP addresses.
3
+ // Last updated 2014-07-08
4
+
5
+ 91.188.117.157
6
+ 216.151.164.53
7
+ 91.222.136.251
8
+ 208.111.160.6
9
+ 5.79.71.240
10
+ 162.159.242.11
11
+ 218.75.155.39
12
+ 96.17.197.34
13
+ 176.32.99.47
14
+ 23.66.230.137
data/spec/feeds/data/mirc_domainlist.txt ADDED
@@ -0,0 +1,31 @@
1
+ ;For more information about this file see http://www.mirc.com/serverslist.html
2
+
3
+ [timestamp]
4
+ date=13/06/2012
5
+
6
+ [networks]
7
+ n0=DALnet
8
+ n1=EFnet
9
+ n2=Freenode
10
+ n3=GameSurge
11
+ n4=IRCnet
12
+ n5=Quakenet
13
+ n6=Rizon
14
+ n7=SwiftIRC
15
+ n8=Undernet
16
+ n9=WebChat
17
+
18
+ [servers]
19
+ n0=Random serverSERVER:irc.dal.net:6660-6667GROUP:DALnet
20
+ n1=Random AU serverSERVER:irc.au.dal.net:6665-6668,7000GROUP:DALnet
21
+ n2=Random EU serverSERVER:irc.eu.dal.net:6665-6668,7000GROUP:DALnet
22
+ n3=Random US serverSERVER:irc.us.dal.net:6665-6668,7000GROUP:DALnet
23
+ n4=US, CA, OrangeSERVER:krypt.ca.us.dal.net:6665-6668,7000GROUP:DALnet
24
+ n5=US, NJ, ChoopaSERVER:choopa.nj.us.dal.net:6667:GROUP:DALnet
25
+ n6=US, VA, RichmondSERVER:punch.va.us.dal.net:6665-6668,7000GROUP:DALnet
26
+ n7=US, WA, SeattleSERVER:serverbuffet.wa.us.dal.net:6665-6668,7000GROUP:DALnet
27
+ n8=Random serverSERVER:irc.efnet.org:6667GROUP:EFnet
28
+ n9=CA, AB, CalgarySERVER:irc.arcti.ca:6665-6669GROUP:EFnet
29
+ n10=CA, ON, TorontoSERVER:irc.teksavvy.ca:6661-6669GROUP:EFnet
30
+ n11=EU, DK, AarhusSERVER:irc.inet.tele.dk:6661-6669GROUP:EFnet
31
+ n12=EU, NL, AmsterdamSERVER:efnet.xs4all.nl:6661-6669GROUP:EFnet
data/spec/feeds/data/nothink_irc_iplist.txt ADDED
@@ -0,0 +1,14 @@
1
+ # Provided by nothink.org
2
+ # Malware IRC network traffic blacklist (IP address)
3
+ # Generated 2014-07-07 22:05:01 UTC
4
+ 122.160.232.194
5
+ 123.240.75.169
6
+ 173.163.151.27
7
+ 189.107.132.113
8
+ 193.107.16.22
9
+ 193.136.119.33
10
+ 194.14.236.50
11
+ 201.48.61.38
12
+ 218.61.22.10
13
+ 218.61.22.28
14
+ 46.166.162.116
data/spec/feeds/data/nothink_ssh_iplist.txt ADDED
@@ -0,0 +1,10 @@
1
+ # Provided by nothink.org
2
+ # SSH blacklist, last 24 hours (IP address)
3
+ # Generated 2014-07-08 22:05:01 UTC
4
+ 1.93.26.15
5
+ 31.196.84.131
6
+ 36.39.246.121
7
+ 61.144.43.235
8
+ 64.111.196.174
9
+ 88.191.151.44
10
+ 94.32.71.168
data/spec/feeds/data/openbl_iplist.txt ADDED
@@ -0,0 +1,12 @@
1
+ # openbl.org/lists/base_90days.txt
2
+ # Wed Jul 9 15:12:00 2014 UTC
3
+ #
4
+ # source ip
5
+ 61.174.51.216
6
+ 61.174.51.233
7
+ 218.108.247.91
8
+ 183.46.250.53
9
+ 61.174.51.230
10
+ 61.174.51.204
11
+ 1.93.29.130
12
+ 117.21.191.35
data/spec/feeds/data/palevo_domainlist.txt ADDED
@@ -0,0 +1,25 @@
1
+ # Palevo C&C Domain Blocklist by abuse.ch
2
+ arta.romail3arnest.info
3
+ asp.spinchats.com
4
+ bff.7oorq8.com
5
+ bff4.7oorq8.com
6
+ computo164.laweb.es
7
+ fitt.prince.kz
8
+ hcuewgbbnfdu1ew.com
9
+ hcuewgbbnfs1uew.com
10
+ internet.estr.es
11
+ legionarios.servecounterstrike.com
12
+ mail3.nad123nad.com
13
+ mariposita.web-personal.org
14
+ masterkey.com.ua
15
+ ms4all.twoplayers.net
16
+ mst.com.ua
17
+ ns.dunno-net.com
18
+ panchitox.laweb.es
19
+ penchatox.sin-ip.es
20
+ rastu.com.ua
21
+ s.24otuwotefsmd.com
22
+ shv4.no-ip.biz
23
+ shv4b.getmyip.com
24
+ ssl.aukro.ua
25
+ symconempkr.com