This is my Part 2 of DIY, Threat Monitoring System. Here is an example of several connectors to download some public lists and save them internally for further processing.
The script will download the following lists:
CBL, Phishtank, GoogleSafeBrowsing, Dshield, TOR Exit nodes, MalwareDomainList, MalwareURL.
1- You will need to install some perl modules first:
Net::Google::SafeBrowsing::UpdateRequest
XML::RSS::Parser::Lite
LWP::Simple
2- Make sure that you have rsync installed
3- Request access to CBL
4- Request an API key from phishtank
5- Request an API key from Google Safe Browsing
6- Insert the API keys into the script (look for INSERT YOUR KEY HERE)
7- Run the script
8- All downloaded lists are located in one folder /radaar/connectors/temp
Note that the script is a quick and dirty one, any suggestions for enhancements are welcomed.
No comments:
Post a Comment