scan - Looks into a number of public DNS blacklists wether a host is listed
scan [-h] [-d delay] [-v] [-m regexp] [-M regexp]
This script automates the task of verifying that your address space is in a given list. You can supply a single host, a subnet or a list of hosts or subnets in the command line. Every host is listed against a built-in list of more than 100 public RBLs.
RBLs are operated on a wide variety of hardware and network conditions. Some RBLs can take millions of queries a day. Other RBLs do not have the resources for such a large usage.
This script allows you to scan a very large range with a simple command. The code introduces a delay (which you could bypass, but be sure to understand the implications) in order to avoid crowding the resources of said RBLs. Note that some RBLs will consider a large scan, as an abuse incident and probably list your site as a response.
The intend of this code is to help you establish a status about the listings within your network. I assume it is ok to run this script periodically, provided that you do not abuse doing things as running multiple instances in parallel.
The following options are recognized:
Outputs this documentation.
Delay in seconds between a set of queries to the RBLs.
Only query RBLs whose tags match the given regular expression.
Similar to -m, but the regexp must not match to use the given RBL.
This is very useful as there are some RBLs that match a significant proportion of the address space or that are not helpful in your particular scenario.
Another potential use of -M and -m, is to taylor the list of RBLs to search in order to speed up the lookups. This is specially true if you are interested in a scan of a large piece of address space.
Be verbose about progress.
A typical scenario where this script is useful, is when a subnet needs to be checked against a set of RBLs. This command is most likely what you need:
scan -M 'blars|jamm|jippg|squawk|uu.se|xbl' 10.10.10.0/24
The usage of -M in the example, excludes the named lists as they seem to be too agressive for our purposes, at least in the networks from our country.
First version of this code.
This code and all accompanying software comes with NO WARRANTY. You use it at your own risk.
This code and all accompanying software can be used freely under the same terms as Perl itself.
Luis E. Muñoz <luismunoz@cpan.org>
perl(1), Mail::RBL(3).
Mail::RBL(3)
1 POD Error
The following errors were encountered while parsing the POD:
Non-ASCII character seen before =encoding in 'Muñoz'. Assuming CP1252
To install Mail::Abuse, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Mail::Abuse
CPAN shell
perl -MCPAN -e shell install Mail::Abuse
For more information on module installation, please visit the detailed CPAN module installation guide.