diff options
| author | Toni <matzeton@googlemail.com> | 2023-11-02 09:04:04 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-02 09:04:04 +0100 |
| commit | 6dcecd73d3413103d1f416721c2b2f46ff0968b7 (patch) | |
| tree | 955c2cc0a682b76d8381f22e5a7a2a3ba2dcaebd /utils/malicious_sites_download.sh | |
| parent | d5c9a16a489081c0b5bd396241c7e08649a60a4c (diff) | |
Added malicious sites from the polish cert. (#2121)
* added handling of parsing errors
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'utils/malicious_sites_download.sh')
| -rwxr-xr-x | utils/malicious_sites_download.sh | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/utils/malicious_sites_download.sh b/utils/malicious_sites_download.sh new file mode 100755 index 000000000..44fc76fb2 --- /dev/null +++ b/utils/malicious_sites_download.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +set -e + +cd "$(dirname "${0}")" || exit 1 +. ./common.sh || exit 1 + +# NDPI_PROTOCOL_CATEGORY_MALWARE = 100 +LIST=../lists/100_malware.list + +TMP=/tmp/mal.json +ORIGIN="https://hole.cert.pl/domains/domains.json" + + +printf '(1) Downloading file... %s\n' "${ORIGIN}" +http_response=$(curl -s -o ${TMP} -w "%{http_code}" ${ORIGIN}) +check_http_response "${http_response}" +is_file_empty "${TMP}" + +printf '%s\n' "(2) Processing Domains..." +jq -r '.[] | select(.DeleteDate="")' < ${TMP} | sed -n 's/^[^"]*"DomainAddress": "\([^"]*\)".*$/\1/gp' >${LIST} + +rm -f "${TMP}" +exit 0 |