Shell script to query a list of hostnames or IP addresses against a list of local and remote DNS black lists

25 Aug 2012 Bash, Email Trackback

This Bash shell script will query hostnames or IPv4 address(es) against a list of local and remote DNS-based Blackhole List (DNSBL), a.k.a Real-time Blackhole List (RBL). It will accept a list of hostnames or IP addresses provided to it as arguments, or hardcoded at the top of the script. If none are provided, it will attempt to figure out the IP address of the computer it was executed on and check that.

Script in action:

$ dnsbl.check example.com

----------------------------------------------------------------------------------------------------
 checking 192.0.43.10 against BLs from http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
----------------------------------------------------------------------------------------------------
NOT LISTED 	 truncate.gbudb.net
NOT LISTED 	 dnsbl.proxybl.org
NOT LISTED 	 dnsbl.sorbs.net
NOT LISTED 	 safe.dnsbl.sorbs.net
NOT LISTED 	 http.dnsbl.sorbs.net
NOT LISTED 	 socks.dnsbl.sorbs.net
NOT LISTED 	 misc.dnsbl.sorbs.net
NOT LISTED 	 smtp.dnsbl.sorbs.net
NOT LISTED 	 web.dnsbl.sorbs.net
NOT LISTED 	 new.spam.dnsbl.sorbs.net
NOT LISTED 	 recent.spam.dnsbl.sorbs.net
NOT LISTED 	 old.spam.dnsbl.sorbs.net
NOT LISTED 	 spam.dnsbl.sorbs.net
NOT LISTED 	 escalations.dnsbl.sorbs.net
NOT LISTED 	 block.dnsbl.sorbs.net
NOT LISTED 	 zombie.dnsbl.sorbs.net
NOT LISTED 	 dul.dnsbl.sorbs.net
NOT LISTED 	 rhsbl.sorbs.net
NOT LISTED 	 badconf.rhsbl.sorbs.net
NOT LISTED 	 nomail.rhsbl.sorbs.net
NOT LISTED 	 sbl.spamhaus.org
NOT LISTED 	 xbl.spamhaus.org
NOT LISTED 	 pbl.spamhaus.org
NOT LISTED 	 zen.spamhaus.org
NOT LISTED 	 rbl.orbitrbl.com
NOT LISTED 	 intercept.datapacket.net
NOT LISTED 	 db.wpbl.info
NOT LISTED 	 bl.spamcop.net
NOT LISTED 	 noptr.spamrats.com
NOT LISTED 	 dyna.spamrats.com
NOT LISTED 	 spam.spamrats.com
NOT LISTED 	 bl.spamcannibal.org
NOT LISTED 	 any.dnsl.ipquery.org
NOT LISTED 	 dnsbl.njabl.org
NOT LISTED 	 bhnc.njabl.org
NOT LISTED 	 spamtrap.drbl.drand.net
NOT LISTED 	 dnsbl.ahbl.org
NOT LISTED 	 rhsbl.ahbl.org
NOT LISTED 	 ircbl.ahbl.org
NOT LISTED 	 tor.ahbl.org
NOT LISTED 	 dnsbl.dronebl.org
NOT LISTED 	 rbl.atlbl.net
NOT LISTED 	 hbl.atlbl.net
NOT LISTED 	 access.atlbl.net
NOT LISTED 	 ix.dnsbl.manitu.net
NOT LISTED 	 dnsbl.inps.de
NOT LISTED 	 bl.blocklist.de

----------------------------------------------------------------------------------------------------
 checking 192.0.43.10 against BLs from a local list
----------------------------------------------------------------------------------------------------
NOT LISTED 	 b.barracudacentral.org

And here's the script:

#!/bin/bash

# IPs or hostnames to check if none provided as arguments to the script
hosts='
example.com
example.net
example.org
192.0.43.10
'

# Locally maintained list of DNSBLs to check
LocalList='
b.barracudacentral.org
'

# pipe delimited exclude list for remote lists
Exclude='^dnsbl.mailer.mobi$|^foo.bar$|^bar.baz$'

# Remotely maintained list of DNSBLs to check
WPurl="http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists"
WPlst=$(curl -s $WPurl | egrep "([a-z]+\.){1,7}[a-z]+" | sed -r 's|||g;/$Exclude/d')


# ---------------------------------------------------------------------

HostToIP()
{
 if ( echo "$host" | egrep -q "[a-zA-Z]" ); then
   IP=$(host "$host" | awk '/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ {print$NF}')
 else
   IP="$host"
 fi
}

Repeat()
{
 printf "%${2}s\n" | sed "s/ /${1}/g"
}

Reverse()
{
 echo $1 | awk -F. '{print$4"."$3"."$2"."$1}'
}

Check()
{
 result=$(dig +short $rIP.$BL)
 if [ -n "$result" ]; then
   echo -e "MAY BE LISTED \t $BL (answer = $result)"
 else
   echo -e "NOT LISTED \t $BL"
 fi
}

if [ -n "$1" ]; then
  hosts=$@
fi

if [ -z "$hosts" ]; then
  hosts=$(netstat -tn | awk '$4 ~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ && $4 !~ /127.0.0/ {gsub(/:[0-9]+/,"",$4);} END{print$4}')
fi

for host in $hosts; do
  HostToIP
  rIP=$(Reverse $IP)
  # remote list
  echo; Repeat - 100
  echo " checking $IP against BLs from $WPurl"
  Repeat - 100
  for BL in $WPlst; do
    Check
  done
  # local list
  echo; Repeat - 100
  echo " checking $IP against BLs from a local list"
  Repeat - 100
  for BL in $LocalList; do
    Check
  done
done

7 Comments

  • 1. janey replies at 21st October 2012, 1:44 pm :

    I think it’s hilarious that something useful for anti-spam… and the very first comment is a link to some blog spam.

    oh, internet comment forms.. how you have been so ruined…

  • 2. Alain Kelder replies at 21st October 2012, 6:23 pm :

    What? That was spam? It said my post was “enjoyable” and linked to a forum post about dating black women. Felt legit. 🙂 Anyway, it’s been deleted.

  • 3. budismo replies at 14th March 2013, 10:16 am :

    Excellent way of telling, and nice post to get information concerning my presentation topic, which i am
    going to convey in school.

  • 4. Jaison replies at 1st July 2014, 4:08 pm :

    Nice post dude 🙂

  • 5. waqas replies at 25th September 2014, 6:53 am :

    I love this post. This fixed a great issue which I was working on. Could you help adding the feature to send email in case of any ip is blacklisted.

  • 6. Jason replies at 1st October 2014, 11:12 am :

    That is a very versatile and elegant script. Thank you!!

  • 7. Cristian B. replies at 16th October 2015, 4:12 am :

    The Wikipedia link has to be changed in https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists

Leave a comment

NOTE: Enclose quotes in <blockquote></blockquote>. Enclose code in <pre lang="LANG"></pre> (where LANG is one of these).