From 6dcecd73d3413103d1f416721c2b2f46ff0968b7 Mon Sep 17 00:00:00 2001
From: Toni <matzeton@googlemail.com>
Date: Thu, 2 Nov 2023 09:04:04 +0100
Subject: Added malicious sites from the polish cert. (#2121)

* added handling of parsing errors

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 utils/malicious_sites_download.sh | 24 ++++++++++++++++++++++++
 utils/update_every_lists.sh       |  2 ++
 2 files changed, 26 insertions(+)
 create mode 100755 utils/malicious_sites_download.sh

(limited to 'utils')

diff --git a/utils/malicious_sites_download.sh b/utils/malicious_sites_download.sh
new file mode 100755
index 000000000..44fc76fb2
--- /dev/null
+++ b/utils/malicious_sites_download.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -e
+
+cd "$(dirname "${0}")" || exit 1
+. ./common.sh || exit 1
+
+# NDPI_PROTOCOL_CATEGORY_MALWARE = 100
+LIST=../lists/100_malware.list
+
+TMP=/tmp/mal.json
+ORIGIN="https://hole.cert.pl/domains/domains.json"
+
+
+printf '(1) Downloading file... %s\n' "${ORIGIN}"
+http_response=$(curl -s -o ${TMP} -w "%{http_code}" ${ORIGIN})
+check_http_response "${http_response}"
+is_file_empty "${TMP}"
+
+printf '%s\n' "(2) Processing Domains..."
+jq -r '.[] | select(.DeleteDate="")' < ${TMP} | sed -n 's/^[^"]*"DomainAddress": "\([^"]*\)".*$/\1/gp' >${LIST}
+
+rm -f "${TMP}"
+exit 0
diff --git a/utils/update_every_lists.sh b/utils/update_every_lists.sh
index 3f0f75adf..b988267d3 100755
--- a/utils/update_every_lists.sh
+++ b/utils/update_every_lists.sh
@@ -36,6 +36,8 @@ RETVAL=$(( RETVAL + $? ))
 
 ./gambling_sites_download.sh
 RETVAL=$(( RETVAL + $? ))
+./malicious_sites_download.sh
+RETVAL=$(( RETVAL + $? ))
 ./mullvad_ip_addresses_download.sh
 RETVAL=$(( RETVAL + $? ))
 ./protonvpn_ip_addresses_download.sh
-- 
cgit v1.2.3