Thursday, June 25, 2009

Using Phishtank API to check if your site is listed as suspicious

Here is another way of checking if your web site is infected as part of a phishing attack, the script below is using phishtank public list in csv format:

#!/usr/bin/perl
#downloaod the phishtank list
system('wget http://data.phishtank.com/data/online-valid.csv" -O /feeds/url/phishtanklist.txt');
#delay the script for 10 sec
$oldtime = (time + 10);
while (time < $oldtime) {}
#define your url $url = yourdomain.com;
#get phishtank list
open (file, "/feeds/url/phishtanklist.txt") or die $!;
#Since blogger is removing some html tags like, add the word file in between the below <>
while ($record = <> )
{
#extract string starting with http ending with first comma
if ($record =~ /http:(.*?)\,/ ) {$Furl = $&};
#remove the comma
$Furl =~ s/\,//;
#remove the http part
$Furl =~ s/http:\/\///;
#compare your url with phishtank url
if ($Furl =~ /$url/) {
print "matched $url ";
}}
close file;

No comments: