Shell script to query a list of hostnames or IP addresses against a list of local and remote DNS black lists
This Bash shell script will query hostnames or IPv4 address(es) against a list of local and remote DNS-based Blackhole List (DNSBL), a.k.a Real-time Blackhole List (RBL). It will accept a list of hostnames or IP addresses provided to it as arguments, or hardcoded at the top of the script. If none are provided, it will attempt to figure out the IP address of the computer it was executed on and check that.
Script in action:
$ dnsbl.check example.com
----------------------------------------------------------------------------------------------------
checking 192.0.43.10 against BLs from http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
----------------------------------------------------------------------------------------------------
NOT LISTED truncate.gbudb.net
NOT LISTED dnsbl.proxybl.org
NOT LISTED dnsbl.sorbs.net
NOT LISTED safe.dnsbl.sorbs.net
NOT LISTED http.dnsbl.sorbs.net
NOT LISTED socks.dnsbl.sorbs.net
NOT LISTED misc.dnsbl.sorbs.net
NOT LISTED smtp.dnsbl.sorbs.net
NOT LISTED web.dnsbl.sorbs.net
NOT LISTED new.spam.dnsbl.sorbs.net
NOT LISTED recent.spam.dnsbl.sorbs.net
NOT LISTED old.spam.dnsbl.sorbs.net
NOT LISTED spam.dnsbl.sorbs.net
NOT LISTED escalations.dnsbl.sorbs.net
NOT LISTED block.dnsbl.sorbs.net
NOT LISTED zombie.dnsbl.sorbs.net
NOT LISTED dul.dnsbl.sorbs.net
NOT LISTED rhsbl.sorbs.net
NOT LISTED badconf.rhsbl.sorbs.net
NOT LISTED nomail.rhsbl.sorbs.net
NOT LISTED sbl.spamhaus.org
NOT LISTED xbl.spamhaus.org
NOT LISTED pbl.spamhaus.org
NOT LISTED zen.spamhaus.org
NOT LISTED rbl.orbitrbl.com
NOT LISTED intercept.datapacket.net
NOT LISTED db.wpbl.info
NOT LISTED bl.spamcop.net
NOT LISTED noptr.spamrats.com
NOT LISTED dyna.spamrats.com
NOT LISTED spam.spamrats.com
NOT LISTED bl.spamcannibal.org
NOT LISTED any.dnsl.ipquery.org
NOT LISTED dnsbl.njabl.org
NOT LISTED bhnc.njabl.org
NOT LISTED spamtrap.drbl.drand.net
NOT LISTED dnsbl.ahbl.org
NOT LISTED rhsbl.ahbl.org
NOT LISTED ircbl.ahbl.org
NOT LISTED tor.ahbl.org
NOT LISTED dnsbl.dronebl.org
NOT LISTED rbl.atlbl.net
NOT LISTED hbl.atlbl.net
NOT LISTED access.atlbl.net
NOT LISTED ix.dnsbl.manitu.net
NOT LISTED dnsbl.inps.de
NOT LISTED bl.blocklist.de
----------------------------------------------------------------------------------------------------
checking 192.0.43.10 against BLs from a local list
----------------------------------------------------------------------------------------------------
NOT LISTED b.barracudacentral.org
And here's the script:
#!/bin/bash
# IPs or hostnames to check if none provided as arguments to the script
hosts='
example.com
example.net
example.org
192.0.43.10
'
# Locally maintained list of DNSBLs to check
LocalList='
b.barracudacentral.org
'
# pipe delimited exclude list for remote lists
Exclude='^dnsbl.mailer.mobi$|^foo.bar$|^bar.baz$'
# Remotely maintained list of DNSBLs to check
WPurl="http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists"
WPlst=$(curl -s $WPurl | egrep "([a-z]+\.){1,7}[a-z]+ " | sed -r 's|?td>||g;/$Exclude/d')
# ---------------------------------------------------------------------
HostToIP()
{
if ( echo "$host" | egrep -q "[a-zA-Z]" ); then
IP=$(host "$host" | awk '/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ {print$NF}')
else
IP="$host"
fi
}
Repeat()
{
printf "%${2}s\n" | sed "s/ /${1}/g"
}
Reverse()
{
echo $1 | awk -F. '{print$4"."$3"."$2"."$1}'
}
Check()
{
result=$(dig +short $rIP.$BL)
if [ -n "$result" ]; then
echo -e "MAY BE LISTED \t $BL (answer = $result)"
else
echo -e "NOT LISTED \t $BL"
fi
}
if [ -n "$1" ]; then
hosts=$@
fi
if [ -z "$hosts" ]; then
hosts=$(netstat -tn | awk '$4 ~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ && $4 !~ /127.0.0/ {gsub(/:[0-9]+/,"",$4);} END{print$4}')
fi
for host in $hosts; do
HostToIP
rIP=$(Reverse $IP)
# remote list
echo; Repeat - 100
echo " checking $IP against BLs from $WPurl"
Repeat - 100
for BL in $WPlst; do
Check
done
# local list
echo; Repeat - 100
echo " checking $IP against BLs from a local list"
Repeat - 100
for BL in $LocalList; do
Check
done
done
7 Comments
1. janey replies at 21st October 2012, 1:44 pm :
I think it’s hilarious that something useful for anti-spam… and the very first comment is a link to some blog spam.
oh, internet comment forms.. how you have been so ruined…
2. Alain Kelder replies at 21st October 2012, 6:23 pm :
What? That was spam? It said my post was “enjoyable” and linked to a forum post about dating black women. Felt legit. 🙂 Anyway, it’s been deleted.
3. budismo replies at 14th March 2013, 10:16 am :
Excellent way of telling, and nice post to get information concerning my presentation topic, which i am
going to convey in school.
4. Jaison replies at 1st July 2014, 4:08 pm :
Nice post dude 🙂
5. waqas replies at 25th September 2014, 6:53 am :
I love this post. This fixed a great issue which I was working on. Could you help adding the feature to send email in case of any ip is blacklisted.
6. Jason replies at 1st October 2014, 11:12 am :
That is a very versatile and elegant script. Thank you!!
7. Cristian B. replies at 16th October 2015, 4:12 am :
The Wikipedia link has to be changed in https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
Leave a comment