#!/bin/bash # Scans IP against blocklists # Enter the IP address to test it # Uses input to define needed information ADDRESS=$1 # Verifies address is correct format and length if [[ $ADDRESS =~ ([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3}) ]] ; then : else echo "" echo "Please supply a valid address" echo "" echo "Usage: rblscan [ip address] " >&2 echo "" exit 1 fi # Creates needed variables BACKADDRESS=$(echo $ADDRESS | sed -r 's/([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})/\4.\3.\2.\1/') REVERSE=$(dig -x $ADDRESS +short) SUBNETCIDR=$2 # Subnet hosts based on CIDR if [[ $SUBNETCIDR = 31 ]] ; then SUBNETSPAN="2" elif [[ $SUBNETCIDR = 30 ]] ; then SUBNETSPAN="4" elif [[ $SUBNETCIDR = 29 ]] ; then SUBNETSPAN="8" elif [[ $SUBNETCIDR = 28 ]] ; then SUBNETSPAN="16" elif [[ $SUBNETCIDR = 27 ]] ; then SUBNETSPAN="32" elif [[ $SUBNETCIDR = 26 ]] ; then SUBNETSPAN="64" elif [[ $SUBNETCIDR = 25 ]] ; then SUBNETSPAN="128" elif [[ $SUBNETCIDR = 24 ]] ; then SUBNETSPAN="256" elif [[ $SUBNETCIDR = 23 ]] ; then SUBNETSPAN="512" elif [[ $SUBNETCIDR = 22 ]] ; then SUBNETSPAN="1024" elif [[ $SUBNETCIDR = 21 ]] ; then SUBNETSPAN="2048" elif [[ $SUBNETCIDR = 20 ]] ; then SUBNETSPAN="4096" elif [[ $SUBNETCIDR = 19 ]] ; then SUBNETSPAN="8192" elif [[ $SUBNETCIDR = 18 ]] ; then SUBNETSPAN="16384" elif [[ $SUBNETCIDR = 17 ]] ; then SUBNETSPAN="32768" elif [[ $SUBNETCIDR = 16 ]] ; then SUBNETSPAN="65536" elif [[ -z $SUBNETCIDR ]] ; then : else echo "Please supply a valid CIDR" echo "/16 is the largest scannable range" exit fi # List of RBLs LISTS=" b.barracudacentral.org bb.barracudacentral.org bl.deadbeef.com bl.emailbasura.org bl.spamcannibal.org bl.spamcop.net blackholes.five-ten-sg.com blacklist.woody.ch bogons.cymru.com cbl.abuseat.org cdl.anti-spam.org.cn cidr.bl.mcafee.com combined.abuse.ch combined.rbl.msrbl.net db.wpbl.info dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net dnsbl.cyberlogic.net dnsbl.inps.de dnsbl.njabl.org dnsbl.sorbs.net drone.abuse.ch drone.abuse.ch duinv.aupads.org dul.dnsbl.sorbs.net dul.ru dyna.spamrats.com dynip.rothen.com http.dnsbl.sorbs.net images.rbl.msrbl.net ips.backscatterer.org ix.dnsbl.manitu.net korea.services.net misc.dnsbl.sorbs.net noptr.spamrats.com ohps.dnsbl.net.au omrs.dnsbl.net.au orvedb.aupads.org osps.dnsbl.net.au osrs.dnsbl.net.au owfs.dnsbl.net.au owps.dnsbl.net.au pbl.spamhaus.org phishing.rbl.msrbl.net probes.dnsbl.net.au proxy.bl.gweep.ca proxy.block.transip.nl psbl.surriel.com rbl.interserver.net rbl.megarbl.net rdts.dnsbl.net.au relays.bl.gweep.ca relays.bl.kundenserver.de relays.nether.net residential.block.transip.nl ricn.dnsbl.net.au rmst.dnsbl.net.au sbl.spamhaus.org short.rbl.jp smtp.dnsbl.sorbs.net socks.dnsbl.sorbs.net spam.abuse.ch spam.dnsbl.sorbs.net spam.rbl.msrbl.net spam.spamrats.com spamlist.or.kr spamrbl.imp.ch t3direct.dnsbl.net.au tor.dnsbl.sectoor.de torserver.tor.dnsbl.sectoor.de ubl.lashback.com ubl.unsubscore.com virbl.bit.nl virus.rbl.jp virus.rbl.msrbl.net web.dnsbl.sorbs.net wormrbl.imp.ch xbl.spamhaus.org zen.spamhaus.org zombie.dnsbl.sorbs.net " ## Basic Functions ## # All of the basic functions are here. # Checks if you're scanning a range or not function rangecheck { if [[ -n "$SUBNETCIDR" ]] ; then rangebuild rangeoutput rangescan fi } # Builds range based on CIDR function rangebuild { ADDRLOCTET=$(echo $ADDRESS | sed -r 's/([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})/\4/') ADDRNET=$(echo $ADDRESS | sed -r 's/([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})/\1.\2.\3./') RANGEEND=$(expr $ADDRLOCTET + $SUBNETSPAN) RANGELOCTS=$(seq $ADDRLOCTET $RANGEEND) RANGEARRAY=$(for i in $RANGELOCTS ; do echo $ADDRNET$i ; done) BACKRANGEARRAY=$(for RANGEARRA in ${RANGEARRAY} ; do echo ${RANGEARRA} | sed -r 's/([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})/\4.\3.\2.\1/' ; done) } # Scans range function rangescan { for BACKRANGEARRA in ${BACKRANGEARRAY} ; do for LIST in ${LISTS} ; do if [[ $(dig +short ${BACKRANGEARRA}.${LIST}.) =~ 127.0.0.[2-50] ]] ; then echo "" echo $(echo $BACKRANGEARRA | sed -r 's/([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})/\4.\3.\2.\1/') " is listed in $LIST" fi done done echo "" echo "Scan completed!!!" echo "" exit } # Runs the check against the list of RBLs then prints a result if it is listed function defaultscan { for LIST in ${LISTS} ; do if [[ $(dig +short ${BACKADDRESS}.${LIST}.) =~ 127.0.0.[2-50] ]] ; then echo "Listed in ${LIST}" fi done echo "" echo "Scan completed!!!" echo "" } # Begin Output function defaultout { echo "" echo "+----------------------------------------------------------------------+" echo "" echo " IP Address is: " $ADDRESS echo " Reverse DNS (if any) is: " $REVERSE echo "" echo "+----------------------------------------------------------------------+" echo "" echo "" echo "Running query now, this may take some time..." echo "If nothing comes up, you're not listed on known blacklists." } # Range Output function rangeoutput { echo "" echo "+----------------------------------------------------------------------+" echo "" echo " Range scan started on: " $ADDRESS echo " Subnet size: /"$SUBNETCIDR echo "" echo "+----------------------------------------------------------------------+" echo "" echo "" echo "Running scan against this range, this may take some time..." echo "" echo "If nothing comes up, your range is not listed on known blocklists." } # Help Menu with -h while getopts ":h" SWITCH; do case $SWITCH in h) echo "" echo "IP Blocklist checker" >&2 echo "" echo "Usage: rblscan [ip address] " >&2 echo "" exit 1 ;; \?) echo "" echo "Invalid option: -$OPTARG" >&2 echo "Please use -h for help" >&2 echo "Usage: rblscan [ip address] " exit 1 ;; esac done rangecheck defaultout defaultscan exit