mircscripting.info Forum Index mircscripting.info
#mIRCscripting Forum
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

DNSEL & DNSBL Checker

 
Post new topic   Reply to topic    mircscripting.info Forum Index -> Addons
View previous topic :: View next topic  
Author Message
Ook
Major


Joined: 01 May 2004
Posts: 81

PostPosted: Mon Jul 21, 2008 10:48 am    Post subject: DNSEL & DNSBL Checker Reply with quote

This code checks joins against a DNSEL (for tor exit nodes) and a DNSBL for Known Drones.

All settings are in the start event.

Code:

; TOR DNSEL & Drone DNSBL Checker 1.2

on *:start: {
  ; set path to tor cache file if it doesn't exist.
  set %tor_cache_file $scriptdirTor_query_EXPORT.csv
  ; set modes to set for a DNSEL match (set as empty to set no modes)
  set %tor_set_modes +im
  ; set the delay before removing modes. (set as 0 to not unset the modes)
  set %tor_unset_modes_delay 120
  ; set modes to set for a DNSBL match
  set %bl_set_modes +im
  ; set the delay before removing modes. (set as 0 to not unset the modes)
  set %bl_unset_modes_delay 120
  ; zero dns cnt.
  set %dns_cnt 0
  ; set dns limit
  set %dns_limit 6
  ; make temp table
  if ($hget(tor) != $null) hfree tor
  hmake tor 100
  _update_torexitnodes
}
alias -l _longip {
  var %ip = $longip($1)
  if (%ip == $null) return
  if ($prop == rev) {
    if (*.*.*.* iswm %ip) return $+($gettok($v2,4,46),.,$gettok($v2,3,46),.,$gettok($v2,2,46),.,$gettok($v2,1,46))
    if (*.*.*.* iswm $1) return $+($gettok($v2,4,46),.,$gettok($v2,3,46),.,$gettok($v2,2,46),.,$gettok($v2,1,46))
  }
  return %ip
}
; $1 = <ip/host>
alias -l _tor_check_cache {
  if ($hget(torexitnodes) == $null) {
    hmake torexitnodes 100
    if ($isfile(%tor_cache_file)) hload -n torexitnodes %tor_cache_file
  }
  if ($1 == $null) return
  var %r = *, $+ $1 $+ ,*
  if ($hfind(torexitnodes,%r,1,w).data) return $hget(torexitnodes,$v1)
  return
}
; $1 = <ip/host>
; $result = 0 host is not in cache, = 1 host is a tor exit node, = 2 host is not an exit node but IS in cache
alias -l _tor_check_dnscache {
  ; make sure cache exits
  if ($hget(dns_cache) == $null) {
    hmake dns_cache 100
    return 0
  }
  var %ip = $1
  ; check if host is an ip
  if (!$regex($1,/^\d+\.\d+\.\d+\.\d+$/)) {
    if ($hget(dns_cache,$1) != $null) {
      ; not an ip, but host in cache, get hosts ip
      var %ip = $v1
    }
    else return 0
  }
  ; check if ip is in cache
  if ($hget(dns_cache,%ip) != $null) {
    ; check if the ip is in the cache
    if ($hfind(dns_cache,$+(/^\Q,$_longip(%ip).rev,\E(?:\.\d+){5}\.ip-port\.exitlist\.torproject\.org$/),0,r)) return 1
    return 2
  }
  return 0
}
; $1- = <tor_ip> <dest_ip> <dest_port>
alias -l _tor_check_exitnode {
  tokenize 32 $1-
  if ($0 != 3) return
  ; don't check with lan/local ip's, or invalid ports
  var %lip = $1
  if ( (%lip isnum 167772160-184549375) || (%lip isnum 3232235520-3232301055) || (%lip isnum 2886729728-2887778303) || (%lip isnum 2130706433) ) return
  var %lip = $longip(%lip)
  if ( (%lip !isnum) || (%lip isnum 167772160-184549375) || (%lip isnum 3232235520-3232301055) || (%lip isnum 2886729728-2887778303) || (%lip isnum 2130706433) ) return
  var %lip = $2
  if ( (%lip isnum 167772160-184549375) || (%lip isnum 3232235520-3232301055) || (%lip isnum 2886729728-2887778303) || (%lip isnum 2130706433) ) return
  var %lip = $longip(%lip)
  if ( (%lip !isnum) || (%lip isnum 167772160-184549375) || (%lip isnum 3232235520-3232301055) || (%lip isnum 2886729728-2887778303) || (%lip isnum 2130706433) ) return
  var %lip = $3
  if ( (%lip !isnum) || (%lip < 1) || (%lip > 65536) ) return

  var %src_ip = $_longip($1).rev, %dst_ip = $_longip($2).rev, %port = $3
  .dns $+(%src_ip,.,%port,.,%dst_ip,.ip-port.exitlist.torproject.org)
  return $+(%src_ip,.,%port,.,%dst_ip,.ip-port.exitlist.torproject.org)
}
; $1 = <ip/host>
alias -l _dronebl_check_cache {
  ; make sure cache exits
  if ($hget(dns_cache) == $null) {
    hmake dns_cache 100
    return 0
  }
  var %ip = $1
  ; check if host is an ip
  if (!$regex($1,/^\d+\.\d+\.\d+\.\d+$/)) {
    if ($hget(dns_cache,$1) != $null) {
      ; not an ip, but host in cache, get hosts ip
      var %ip = $v1
    }
    else return 0
  }
  ; check if ip is in cache
  if ($hget(dns_cache,%ip) != $null) {
    ; check if the ip is in the cache
    if (*.dnsbl.dronebl.org iswm $v1) return 1
    if ($hfind(dns_cache,$+($_longip(%ip).rev,.dnsbl.dronebl.org),0)) return 1
    return 2
  }
  return 0
}
; $1- = <ip>
alias -l _dronebl_check {
  if ($0 != 1) return
  ; don't check with lan/local ip's
  var %lip = $1
  if ( (%lip isnum 167772160-184549375) || (%lip isnum 3232235520-3232301055) || (%lip isnum 2886729728-2887778303) || (%lip isnum 2130706433) ) return
  var %lip = $longip(%lip)
  if ( (%lip !isnum) || (%lip isnum 167772160-184549375) || (%lip isnum 3232235520-3232301055) || (%lip isnum 2886729728-2887778303) || (%lip isnum 2130706433) ) return

  var %dnsbl_host = $+($_longip($1).rev,.dnsbl.dronebl.org)
  .dns %dnsbl_host
  return %dnsbl_host
}
;https://torstatus.kgprog.com/query_export.php/Tor_query_EXPORT.csv
alias -l _update_torexitnodes {
  if (!$sslready) { echo 4 -smlbfti2 Unable to Download TOR Exit Nodes Data. SSL required. | return }
  echo -smlbfti2 Updating TOR Exit Nodes...
  if ($0) {
    if ($hget(torexitnodes) != $null) hfree torexitnodes
    hmake torexitnodes 100
    if ($isfile(%tor_cache_file)) hload -n torexitnodes $qt(%tor_cache_file)
    echo -smlbfti2 TOR Exit Nodes Updated.
  }
  elseif (!$sock(tor)) _http.connect tor https://torstatus.kgprog.com/query_export.php/Tor_query_EXPORT.csv
}
alias -l _http.connect {
  !if ($regex($2-,/https://(.*?)(?::(\d+))?(?:\s|/|$)/i)) {
    !if ($regml(0) > 1) sockopen -e $1 $regml(1) $regml(2)
    !else sockopen -e $1 $regml(1) 443
    !return 1
  }
  !if ($regex($2-,/(?:http://)?(.*?)(?::(\d+))?(?:\s|/|$)/i)) {
    !if ($regml(0) > 1) sockopen $1 $regml(1) $regml(2)
    !else sockopen $1 $regml(1) 80
    !return 1
  }
  !sockopen $1 $2 80
  !return 1
  :error
  !echo 4 -smlbfti2 [ERROR] _http.connect: $error
  !reseterror
  !return 0
}
; $1 = type, $2 = chan, $3- = modes
alias -l _unset_modes {
  mode $2 $3-
  unset $+(%,$1,_modes_set)
}
on !1:join:#: {
  var %host = $gettok($fulladdress,2,64), %tor_match = 0, %bl_match = 0, %tor_data
  if ((*.users.undernet.org iswm %host) || ($hget(tor,$+($cid,-tor_check_,%host)) != $null) || ($hget(tor,$+($cid,-dronebl_check_,%host)) != $null)) return
  ; check if host is in dns cache
  var %bl_match = $_dronebl_check_cache(%host)
  if (%bl_match == 1) {
    echo 4 -qmlbfti2 $chan [DNSBL] Cache Match: $fulladdress
    if (($me isop $chan) && ($len(%bl_set_modes))) {
      set %bl_modes_set 1
      mode $chan %bl_set_modes
      if (%bl_unset_modes_delay isnum 1-) .timer 1 $v1 _unset_modes bl $chan $replacex(%bl_set_modes,-,+,+,-)
    }
  }
  elseif (%bl_match == 0) {
    inc %dns_cnt
    if (%dns_cnt < %dns_limit) {
      ; check if host is an ip
      if ($regex(%host,/^\d+\.\d+\.\d+\.\d+$/)) {
        ; ip not in cache, so dns it.
        var %dnsbl_host = $_dronebl_check(%host)
        ; add temp var to track dns.
        hadd tor $+($cid,-dronebl_check_,%dnsbl_host) %dnsbl_host %host $chan
      }
      else {
        ; not an ip
        ; host not in cache, track it & start dns
        hadd tor $+($cid,-dronebl_check_,%host) %host $chan
        .dns %host
      }
    }
  }
  ; check if host/ip is in the downloaded cache
  if ($_tor_check_cache(%host)) var %tor_match = 1, %tor_data = $v1
  ; check if host/ip is in the dns cache
  else {
    var %tor_match = $_tor_check_dnscache(%host)
    if (%tor_match == 1) var %tor_data = 0,0,0,0, $+ $hget(dns_cache,%host) $+ , $+ %host $+ ,0,0,0,0,0,0,0,0,0,0,0,Unknown,0
  }
  if (%tor_match == 1) {
    echo 4 -qmlbfti2 $chan [TOR] Cache Match 12nick: $nick 12ip: $gettok(%tor_data,5,44) 12host: $gettok(%tor_data,6,44) 12platform: $gettok(%tor_data,18,44)
    if (($me isop $chan) && ($len(%tor_set_modes)) && (!%tor_modes_set)) {
      set %tor_modes_set 1
      mode $chan %tor_set_modes
      if (%tor_unset_modes_delay isnum 1-) .timer 1 $v1 _unset_modes tor $chan $replacex(%tor_set_modes,-,+,+,-)
    }
  }
  elseif ((%tor_match == 0) && (%bl_match != 1)) {
    ; don't try a dns if the host is in the dronebl
    inc %dns_cnt
    if ((%dns_cnt < %dns_limit) && (%bl_match != 1)) {
      if ($regex(%host,/^\d+\.\d+\.\d+\.\d+$/)) {
        var %tor_host = $_tor_check_exitnode(%host,$serverip,$port)
        hadd tor $+($cid,-tor_check_,%tor_host) %tor_host %host $chan
      }
      else {
        hadd tor $+($cid,-tor_check_,%host) %host $chan
        .dns %host
      }
    }
  }
}
on ^*:dns: {
  if ($dns(1) != $null) {
    ; update dns cache
    if ($hget(dns_cache) == $null) hmake dns_cache 100
    if ($dns(1).addr != $null) hadd dns_cache $v1 $dns(1).ip
    if ($dns(1).ip != $null) hadd dns_cache $v1 $dns(1).addr

    ; TOR exitnodes check
    if ($dns(1) == $gettok($hget(tor,$+($cid,-tor_check_,$dns(1))),1,32) ) {
      haltdef
      if (*.ip-port.exitlist.torproject.org iswm $dns(1)) {
        var %t = $hget(tor,$+($cid,-tor_check_,$dns(1))), %c = $gettok(%t,3,32)
        echo 4 -qmlbfti2 %c [TOR] 12Exit Node Found: $dns(1) 12Host: $gettok(%t,2,32)
        hdel tor $+($cid,-tor_check_,$dns(1))
        if (($me isop %c) && ($len(%tor_set_modes))) {
          mode %c %tor_set_modes
          if (%tor_unset_modes_delay isnum 1-) .timer 1 $v1 mode %c $replacex(%tor_set_modes,-,+,+,-)
        }
      }
      else {
        var %host = $_tor_check_exitnode($dns(1).ip,$serverip,$port)
        hadd tor $+($cid,-tor_check_,%host) %host $hget(tor,$+($cid,-tor_check_,$dns(1)))
        hdel tor $+($cid,-tor_check_,$dns(1))
      }
      return
    }
    ; DroneBL check
    if ($dns(1) == $gettok($hget(tor,$+($cid,-dronebl_check_,$dns(1))),1,32) ) {
      haltdef
      if (*.dnsbl.dronebl.org iswm $dns(1)) {
        var %t = $hget(tor,$+($cid,-dronebl_check_,$dns(1))), %c = $gettok(%t,3,32)
        echo 4 -qmlbfti2 %c [DroneBL] 12Match Found: $dns(1) 12Host: $gettok(%t,2,32)
        hdel tor $+($cid,-dronebl_check_,$dns(1))
        var %ip = $_tsol_longip($gettok($dns(1),1-4,46)).rev
        !hadd dns_cache $dns(1) %ip
        !hadd dns_cache %ip $dns(1)
        if (($me isop %c) && ($len(%bl_set_modes))) {
          mode %c %bl_set_modes
          if (%bl_unset_modes_delay isnum 1-) .timer 1 $v1 mode %c $replacex(%bl_set_modes,-,+,+,-)
        }
      }
      else {
        var %host = $_dronebl_check($dns(1).ip)
        hadd tor $+($cid,-dronebl_check_,%host) %host $hget(tor,$+(%cid,-dronebl_check_,$dns(1)))
        hdel tor $+($cid,-dronebl_check_,$dns(1))
      }
      return
    }
  }
  else {
    if ($dns(0).addr != $null) {
      var %a = $v1
      hdel tor $+($cid,-tor_check_,%a)
      hdel tor $+($cid,-dronebl_check_,%a)
      ; TOR exitnodes
      if (%a == $gettok($tget($+($cid,-tor_check_,%a)),1,32)) haltdef
      ; DroneBL
      if (%a == $gettok($tget($+($cid,-dronebl_check_,%a)),1,32)) haltdef
    }
  }
}
on *:SOCKOPEN:tor: {
  !if ($sockerr > 0) { echo -samlbfti2 [OPEN ERROR] $sock($sockname).wserr : $sock($sockname).wsmsg | return }
  echo -samlbfti2 Connected, Getting TOR Exit Nodes Data...
  if ($isfile(%tor_cache_file)) .remove $qt(%tor_cache_file)
  ;send info to server
  sockwrite -nt $sockname GET /query_export.php/Tor_query_EXPORT.csv HTTP/1.0
  sockwrite -nt $sockname Accept-Language: en-us
  sockwrite -nt $sockname User-Agent: Mozilla/??
  sockwrite -nt $sockname Host: torstatus.kgprog.com
  sockwrite -nt $sockname Connection: close
  sockwrite -t $sockname $str($crlf,2)
}
ON *:SOCKREAD:tor: {
  !if ($sockerr > 0) { echo -samlbfti2 [READ ERROR] $sock($sockname).wserr : $sock($sockname).wsmsg | return }
  :nextread
  !sockread %data
  !if ($sockbr == 0) return
  !if (%data == $null) goto nextread
  !if ($hget(tor,tmp_tor_dl) != 1) {
    if (Content-Type:* iswm %data) hadd tor tmp_tor_dl 1
  }
  !else write %tor_cache_file %data
  !goto nextread
  :error
  sockclose tor
}
ON *:SOCKCLOSE:tor: {
  hdel tor tmp_tor_dl
  !if (($sockerr > 0) && ($sock($sockname).wserr != 10101)) { echo -samlbfti2 [CLOSE ERROR] $sock($sockname).wserr : $sock($sockname).wsmsg | return }
  echo -samlbfti2 New TOR Exit Nodes data Downloaded, Updating internal list.
  if ($hget(torexitnodes) != $null) hfree torexitnodes
  hmake torexitnodes 100
  if ($isfile(%tor_cache_file)) hload -n torexitnodes %tor_cache_file
}


*edit: added sslready check before download attempt.
*edit: updated with fix to cache dnsbl ip's
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    mircscripting.info Forum Index -> Addons All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group