line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
# |
2
|
|
|
|
|
|
|
# $Id$ |
3
|
|
|
|
|
|
|
# |
4
|
|
|
|
|
|
|
# api::abuseipdb Brik |
5
|
|
|
|
|
|
|
# |
6
|
|
|
|
|
|
|
package Metabrik::Api::Abuseipdb; |
7
|
1
|
|
|
1
|
|
723
|
use strict; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
100
|
|
8
|
1
|
|
|
1
|
|
8
|
use warnings; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
32
|
|
9
|
|
|
|
|
|
|
|
10
|
1
|
|
|
1
|
|
5
|
use base qw(Metabrik::Client::Rest); |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
811
|
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
sub brik_properties { |
13
|
|
|
|
|
|
|
return { |
14
|
0
|
|
|
0
|
1
|
|
revision => '$Revision$', |
15
|
|
|
|
|
|
|
tags => [ qw(unstable) ], |
16
|
|
|
|
|
|
|
author => 'GomoR ', |
17
|
|
|
|
|
|
|
license => 'http://opensource.org/licenses/BSD-3-Clause', |
18
|
|
|
|
|
|
|
attributes => { |
19
|
|
|
|
|
|
|
api_key => [ qw(key) ], |
20
|
|
|
|
|
|
|
}, |
21
|
|
|
|
|
|
|
commands => { |
22
|
|
|
|
|
|
|
get_categories => [ ], |
23
|
|
|
|
|
|
|
check => [ qw(ip days|OPTIONAL) ], |
24
|
|
|
|
|
|
|
check_from_hostname => [ qw(hostname days|OPTIONAL) ], |
25
|
|
|
|
|
|
|
report => [ qw(ip category comment|OPTIONAL) ], |
26
|
|
|
|
|
|
|
}, |
27
|
|
|
|
|
|
|
}; |
28
|
|
|
|
|
|
|
} |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
# |
31
|
|
|
|
|
|
|
# https://www.abuseipdb.com/categories |
32
|
|
|
|
|
|
|
# |
33
|
|
|
|
|
|
|
sub get_categories { |
34
|
0
|
|
|
0
|
0
|
|
my $self = shift; |
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
return { |
37
|
0
|
|
|
|
|
|
3 => { |
38
|
|
|
|
|
|
|
title => 'Fraud Orders', |
39
|
|
|
|
|
|
|
description => 'Fraudulent orders.', |
40
|
|
|
|
|
|
|
}, |
41
|
|
|
|
|
|
|
4 => { |
42
|
|
|
|
|
|
|
title => 'DDoS Attack', |
43
|
|
|
|
|
|
|
description => 'Participating in distributed denial-of-service (usually part of botnet).' |
44
|
|
|
|
|
|
|
}, |
45
|
|
|
|
|
|
|
9 => { |
46
|
|
|
|
|
|
|
title => 'Open Proxy', |
47
|
|
|
|
|
|
|
description => 'Open proxy, open relay, or Tor exit node.', |
48
|
|
|
|
|
|
|
}, |
49
|
|
|
|
|
|
|
10 => { |
50
|
|
|
|
|
|
|
title => 'Web Spam', |
51
|
|
|
|
|
|
|
description => 'Comment/forum spam, HTTP referer spam, or other CMS spam.', |
52
|
|
|
|
|
|
|
}, |
53
|
|
|
|
|
|
|
11 => { |
54
|
|
|
|
|
|
|
title => 'Email Spam', |
55
|
|
|
|
|
|
|
description => 'Spam email content, infected attachments, phishing emails, and spoofed senders (typically via exploited host or SMTP server abuse). Note: Limit comments to only relevent information (instead of log dumps) and be sure to remove PII if you want to remain anonymous.', |
56
|
|
|
|
|
|
|
}, |
57
|
|
|
|
|
|
|
14 => { |
58
|
|
|
|
|
|
|
title => 'Port Scan', |
59
|
|
|
|
|
|
|
description => 'Scanning for open ports and vulnerable services.', |
60
|
|
|
|
|
|
|
}, |
61
|
|
|
|
|
|
|
18 => { |
62
|
|
|
|
|
|
|
title => 'Brute-Force', |
63
|
|
|
|
|
|
|
description => 'Credential brute-force attacks on webpage logins and services like SSH, FTP, SIP, SMTP, RDP, etc. This category is seperate from DDoS attacks.', |
64
|
|
|
|
|
|
|
}, |
65
|
|
|
|
|
|
|
19 => { |
66
|
|
|
|
|
|
|
title => 'Bad Web Bot', |
67
|
|
|
|
|
|
|
description => 'Webpage scraping (for email addresses, content, etc) and crawlers that do not honor robots.txt. Excessive requests and user agent spoofing can also be reported here.', |
68
|
|
|
|
|
|
|
}, |
69
|
|
|
|
|
|
|
20 => { |
70
|
|
|
|
|
|
|
title => 'Exploited Host', |
71
|
|
|
|
|
|
|
description => 'Host is likely infected with malware and being used for other attacks or to host malicious content. The host owner may not be aware of the compromise. This category is often used in combination with other attack categories.', |
72
|
|
|
|
|
|
|
}, |
73
|
|
|
|
|
|
|
21 => { |
74
|
|
|
|
|
|
|
title => 'Web App Attack', |
75
|
|
|
|
|
|
|
description => 'Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software plugins/solutions.', |
76
|
|
|
|
|
|
|
}, |
77
|
|
|
|
|
|
|
22 => { |
78
|
|
|
|
|
|
|
title => 'SSH', |
79
|
|
|
|
|
|
|
description => 'Secure Shell (SSH) abuse. Use this category in combination with more specific categories.', |
80
|
|
|
|
|
|
|
}, |
81
|
|
|
|
|
|
|
23 => { |
82
|
|
|
|
|
|
|
title => 'IoT Targeted', |
83
|
|
|
|
|
|
|
description => 'Abuse was targeted at an "Internet of Things" type device. Include information about what type of device was targeted in the comments.', |
84
|
|
|
|
|
|
|
}, |
85
|
|
|
|
|
|
|
}; |
86
|
|
|
|
|
|
|
} |
87
|
|
|
|
|
|
|
|
88
|
|
|
|
|
|
|
# |
89
|
|
|
|
|
|
|
# https://www.abuseipdb.com/api.html |
90
|
|
|
|
|
|
|
# |
91
|
|
|
|
|
|
|
sub check { |
92
|
0
|
|
|
0
|
0
|
|
my $self = shift; |
93
|
0
|
|
|
|
|
|
my ($ip, $days) = @_; |
94
|
|
|
|
|
|
|
|
95
|
0
|
|
0
|
|
|
|
$days ||= 30; |
96
|
0
|
|
|
|
|
|
my $api_key = $self->api_key; |
97
|
0
|
0
|
|
|
|
|
$self->brik_help_set_undef_arg('api_key', $api_key) or return; |
98
|
0
|
0
|
|
|
|
|
$self->brik_help_run_undef_arg('check', $ip) or return; |
99
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
# |
101
|
|
|
|
|
|
|
# https://www.abuseipdb.com/check/[IP]/json?key=[API_KEY]&days=[DAYS] |
102
|
|
|
|
|
|
|
# |
103
|
0
|
0
|
|
|
|
|
$self->get( |
104
|
|
|
|
|
|
|
'https://www.abuseipdb.com/check/'.$ip.'/json?key='.$api_key.'&days='.$days |
105
|
|
|
|
|
|
|
) or return; |
106
|
|
|
|
|
|
|
|
107
|
0
|
|
|
|
|
|
my $r = $self->content('json'); |
108
|
|
|
|
|
|
|
# We always want an ARRAY to be returned, we convert here if that's not the case. |
109
|
0
|
0
|
|
|
|
|
if (ref($r) ne 'ARRAY') { |
110
|
0
|
|
|
|
|
|
$r = [ $r ]; |
111
|
|
|
|
|
|
|
} |
112
|
|
|
|
|
|
|
|
113
|
0
|
0
|
|
|
|
|
my $categories = $self->get_categories or return; |
114
|
|
|
|
|
|
|
|
115
|
0
|
|
|
|
|
|
for my $this (@$r) { |
116
|
0
|
|
|
|
|
|
my @new_categories = (); |
117
|
0
|
|
|
|
|
|
for my $c (@{$this->{category}}) { |
|
0
|
|
|
|
|
|
|
118
|
0
|
|
|
|
|
|
push @new_categories, $categories->{$c}{title}; |
119
|
|
|
|
|
|
|
} |
120
|
0
|
|
|
|
|
|
$this->{category} = \@new_categories; |
121
|
|
|
|
|
|
|
} |
122
|
|
|
|
|
|
|
|
123
|
0
|
|
|
|
|
|
return $r; |
124
|
|
|
|
|
|
|
} |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
sub check_from_hostname { |
127
|
0
|
|
|
0
|
0
|
|
my $self = shift; |
128
|
0
|
|
|
|
|
|
my ($hostname, $days) = @_; |
129
|
|
|
|
|
|
|
|
130
|
0
|
|
0
|
|
|
|
$days ||= 30; |
131
|
0
|
|
|
|
|
|
my $api_key = $self->api_key; |
132
|
0
|
0
|
|
|
|
|
$self->brik_help_set_undef_arg('api_key', $api_key) or return; |
133
|
0
|
0
|
|
|
|
|
$self->brik_help_run_undef_arg('check_from_hostname', $hostname) or return; |
134
|
|
|
|
|
|
|
|
135
|
0
|
0
|
|
|
|
|
my $cd = Metabrik::Client::Dns->new_from_brik_init($self) or return; |
136
|
0
|
0
|
|
|
|
|
my $a = $cd->a_lookup($hostname) or return; |
137
|
|
|
|
|
|
|
|
138
|
0
|
|
|
|
|
|
my %list = (); |
139
|
0
|
|
|
|
|
|
for (@$a) { |
140
|
0
|
|
|
|
|
|
$list{$_} = $self->check($_); |
141
|
|
|
|
|
|
|
} |
142
|
|
|
|
|
|
|
|
143
|
0
|
|
|
|
|
|
return \%list; |
144
|
|
|
|
|
|
|
} |
145
|
|
|
|
|
|
|
|
146
|
|
|
|
|
|
|
# |
147
|
|
|
|
|
|
|
# https://www.abuseipdb.com/api.html |
148
|
|
|
|
|
|
|
# |
149
|
|
|
|
|
|
|
# run api::abuseipdb report 127.0.0.1 21,22,23 |
150
|
|
|
|
|
|
|
# |
151
|
|
|
|
|
|
|
sub report { |
152
|
0
|
|
|
0
|
0
|
|
my $self = shift; |
153
|
0
|
|
|
|
|
|
my ($ip, $category, $comment) = @_; |
154
|
|
|
|
|
|
|
|
155
|
0
|
|
0
|
|
|
|
$comment ||= ''; |
156
|
0
|
|
|
|
|
|
my $api_key = $self->api_key; |
157
|
0
|
0
|
|
|
|
|
$self->brik_help_set_undef_arg('api_key', $api_key) or return; |
158
|
0
|
0
|
|
|
|
|
$self->brik_help_run_undef_arg('report', $ip) or return; |
159
|
0
|
0
|
|
|
|
|
$self->brik_help_run_undef_arg('report', $category) or return; |
160
|
|
|
|
|
|
|
|
161
|
|
|
|
|
|
|
# |
162
|
|
|
|
|
|
|
# https://www.abuseipdb.com/report/json?key=[API_KEY]&category=[CATEGORIES]&comment=[COMMENT]&ip=[IP] |
163
|
|
|
|
|
|
|
# |
164
|
0
|
0
|
|
|
|
|
$self->get( |
165
|
|
|
|
|
|
|
'https://www.abuseipdb.com/report/json?key='.$api_key.'&category='.$category. |
166
|
|
|
|
|
|
|
'&comment='.$comment.'&ip='.$ip |
167
|
|
|
|
|
|
|
) or return; |
168
|
|
|
|
|
|
|
|
169
|
0
|
|
|
|
|
|
return $self->content('json'); |
170
|
|
|
|
|
|
|
} |
171
|
|
|
|
|
|
|
|
172
|
|
|
|
|
|
|
1; |
173
|
|
|
|
|
|
|
|
174
|
|
|
|
|
|
|
__END__ |