-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdomains.py
87 lines (73 loc) · 3.22 KB
/
domains.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import sys
Usage = """
Usage: DNSparse.py This script will read a dns output file and test if the entries are found in a safe list; if not they will output.
The input commands should be as follows: python DNSparse.py dns.file safe.list output.file
dns.file format: (tab formatted) bro-cut query id.orig_h < dns.log | sort -u > dns.out
safebrowsing.cache.l.google.com 10.10.249.51
safebrowsing.cache.l.google.com 10.1.1.14
img.youtube.com 10.1.1.14
4162278-0001 10.1.55.190
safe.list format: ie alexa top 1million sites
1,google.com
2,youtube.com
3,facebook.com
4,baidu.com
5,yahoo.com
local.safe format:
google.com,Comment
apple-dns.com, comment
"""
if len(sys.argv) != 4:
print Usage
else:
DNS = open(sys.argv[1], "r")
Safe = open(sys.argv[2], "r")
Out = open(sys.argv[3], "w")
LocalSafe = open('local.safe',"r")
LocalSafeLine=LocalSafe.readline().strip()
SafeLine=Safe.readline().strip() #enters into first line of file
SafeEntries=0
SafeDict={} #key is entry, value is 1
while LocalSafeLine !='':
SafeName=LocalSafeLine.split(',')[0]
if SafeName not in SafeDict:
SafeDict[SafeName]=1
SafeEntries+=1
else:
print 'Error! Duplicated entry in safe list!',LocalSafeLine
sys.exit(0)
LocalSafeLine=LocalSafe.readline().strip()
while SafeLine != '':
SafeName=SafeLine.split(',')[1]
if SafeName not in SafeDict:
SafeDict[SafeName]=1
SafeEntries+=1
else:
print 'Error! Duplicated entry in safe list!',SafeLine
sys.exit(0)
SafeLine=Safe.readline().strip()
DNSLine=DNS.readline().strip() #enters into first line of file
DNSnotFound=0
DNSfound=0
LocalEntry=0
while DNSLine != '':
DNSsiteName=DNSLine.split('\t')[0]
if DNSsiteName.count('.') == 0: #filters out the Scripps internal computers (no periods)
LocalEntry+=1
else:
DNSsiteNameFields=DNSsiteName.split('.')
WebsiteName='.'.join(DNSsiteNameFields[-2:]) #last 2 fields in website
#print WebsiteName+'\n'
if len(WebsiteName) < 6: # change this to a higher number if need be
WebsiteName='.'.join(DNSsiteNameFields[-3:]) #last 3 fields in website
if WebsiteName not in SafeDict:
#Out.write(WebsiteName+'\n')
Out.write(DNSLine+'\n')
DNSnotFound+=1
else:
DNSfound+=1
DNSLine=DNS.readline().strip()
print 'Number of entries in safe list: '+str(SafeEntries)
print 'Number of DNS entries not found in safe list: '+str(DNSnotFound)
print 'Number of DNS entries found in safe list: '+str(DNSfound)
print 'Number of Local entries: '+str(LocalEntry)