2021-06-13 14:49:57 +02:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
import multiprocessing.dummy
|
2021-06-14 23:26:44 +02:00
|
|
|
from generator import get_version, write_to_file, Dns, consolidate_networks, create_resolver
|
2021-06-13 14:49:57 +02:00
|
|
|
|
|
|
|
# Source: https://github.com/mailcheck/mailcheck/wiki/List-of-Popular-Domains
|
|
|
|
domains = [
|
|
|
|
# Default domains included
|
|
|
|
"aol.com", "att.net", "comcast.net", "facebook.com", "gmail.com", "gmx.com", "googlemail.com",
|
|
|
|
"google.com", "hotmail.com", "hotmail.co.uk", "mac.com", "me.com", "mail.com", "msn.com",
|
|
|
|
"live.com", "sbcglobal.net", "verizon.net", "yahoo.com", "yahoo.co.uk",
|
|
|
|
|
|
|
|
# Other global domains
|
|
|
|
"email.com", "fastmail.fm", "games.com", "gmx.net", "hush.com", "hushmail.com", "icloud.com",
|
|
|
|
"iname.com", "inbox.com", "lavabit.com",
|
|
|
|
"love.com", "outlook.com", "pobox.com", "protonmail.ch", "protonmail.com", "tutanota.de", "tutanota.com",
|
|
|
|
"tutamail.com", "tuta.io",
|
|
|
|
"keemail.me", "rocketmail.com", "safe-mail.net", "wow.com", "ygm.com",
|
|
|
|
"ymail.com", "zoho.com", "yandex.com",
|
|
|
|
|
|
|
|
# United States ISP domains
|
|
|
|
"bellsouth.net", "charter.net", "cox.net", "earthlink.net", "juno.com",
|
|
|
|
|
|
|
|
# British ISP domains
|
|
|
|
"btinternet.com", "virginmedia.com", "blueyonder.co.uk", "live.co.uk",
|
|
|
|
"ntlworld.com", "orange.net", "sky.com", "talktalk.co.uk", "tiscali.co.uk",
|
|
|
|
"virgin.net", "bt.com",
|
|
|
|
|
|
|
|
# Domains used in Asia
|
|
|
|
"sina.com", "sina.cn", "qq.com", "naver.com", "hanmail.net", "daum.net", "nate.com", "yahoo.co.jp", "yahoo.co.kr",
|
|
|
|
"yahoo.co.id", "yahoo.co.in", "yahoo.com.sg", "yahoo.com.ph", "163.com", "yeah.net", "126.com", "21cn.com",
|
|
|
|
"aliyun.com", "foxmail.com",
|
|
|
|
|
|
|
|
# French ISP domains
|
|
|
|
"hotmail.fr", "live.fr", "laposte.net", "yahoo.fr", "wanadoo.fr", "orange.fr", "gmx.fr", "sfr.fr", "neuf.fr",
|
|
|
|
"free.fr",
|
|
|
|
|
|
|
|
# German ISP domains
|
|
|
|
"gmx.de", "hotmail.de", "live.de", "online.de", "t-online.de", "web.de", "yahoo.de",
|
|
|
|
|
|
|
|
# Italian ISP domains
|
|
|
|
"libero.it", "virgilio.it", "hotmail.it", "aol.it", "tiscali.it",
|
|
|
|
"alice.it", "live.it", "yahoo.it", "email.it", "tin.it", "poste.it", "teletu.it",
|
|
|
|
|
|
|
|
# Russian ISP domains
|
|
|
|
"bk.ru", "inbox.ru", "list.ru", "mail.ru", "rambler.ru", "yandex.by", "yandex.com", "yandex.kz", "yandex.ru",
|
|
|
|
"yandex.ua", "ya.ru",
|
|
|
|
|
|
|
|
# Belgian ISP domains
|
|
|
|
"hotmail.be", "live.be", "skynet.be", "voo.be", "tvcablenet.be", "telenet.be",
|
|
|
|
|
|
|
|
# Argentinian ISP domains
|
|
|
|
"hotmail.com.ar", "live.com.ar", "yahoo.com.ar", "fibertel.com.ar", "speedy.com.ar", "arnet.com.ar",
|
|
|
|
|
|
|
|
# Domains used in Mexico
|
|
|
|
"yahoo.com.mx", "live.com.mx", "hotmail.es", "hotmail.com.mx", "prodigy.net.mx",
|
|
|
|
|
|
|
|
# Domains used in Canada
|
|
|
|
"yahoo.ca", "hotmail.ca", "bell.net", "shaw.ca", "sympatico.ca", "rogers.com",
|
|
|
|
|
|
|
|
# Domains used in Brazil
|
|
|
|
"yahoo.com.br", "hotmail.com.br", "outlook.com.br", "uol.com.br", "bol.com.br", "terra.com.br", "ig.com.br",
|
|
|
|
"r7.com", "zipmail.com.br", "globo.com", "globomail.com", "oi.com.br",
|
|
|
|
|
|
|
|
# Custom extension
|
|
|
|
# Domains used in Czechia
|
|
|
|
"seznam.cz", "atlas.cz", "centrum.cz",
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
2021-06-14 23:26:44 +02:00
|
|
|
dns = Dns(create_resolver())
|
2021-06-13 14:49:57 +02:00
|
|
|
|
2021-06-14 23:26:44 +02:00
|
|
|
spf_ranges = []
|
|
|
|
p = multiprocessing.dummy.Pool(40)
|
|
|
|
for domain_ranges in p.map(lambda d: dns.get_ip_ranges_from_spf(d), domains):
|
|
|
|
spf_ranges.extend(domain_ranges)
|
2021-06-13 14:49:57 +02:00
|
|
|
|
|
|
|
warninglist = {
|
|
|
|
'name': "List of known SMTP sending IP ranges",
|
|
|
|
'version': get_version(),
|
2021-06-14 23:26:44 +02:00
|
|
|
'description': "List of IP ranges for known SMTP servers.",
|
2024-04-22 09:20:14 +02:00
|
|
|
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"],
|
2021-06-13 14:49:57 +02:00
|
|
|
'type': 'cidr',
|
2021-06-14 23:26:44 +02:00
|
|
|
'list': consolidate_networks(spf_ranges),
|
2021-06-13 14:49:57 +02:00
|
|
|
}
|
|
|
|
write_to_file(warninglist, "smtp-sending-ips")
|
2021-06-14 23:26:44 +02:00
|
|
|
|
|
|
|
mx_ips = []
|
|
|
|
for domain_ranges in p.map(lambda d: dns.get_mx_ips_for_domain(d), domains):
|
|
|
|
mx_ips.extend(domain_ranges)
|
|
|
|
|
|
|
|
warninglist = {
|
|
|
|
'name': "List of known SMTP receiving IP addresses",
|
|
|
|
'version': get_version(),
|
|
|
|
'description': "List of IP addresses for known SMTP servers.",
|
2024-04-22 09:20:14 +02:00
|
|
|
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"],
|
2021-06-14 23:26:44 +02:00
|
|
|
'type': 'cidr',
|
|
|
|
'list': map(str, mx_ips),
|
|
|
|
}
|
|
|
|
write_to_file(warninglist, "smtp-receiving-ips")
|