Merge branch 'main' of github.com:MISP/misp-warninglists into main

2020-07-08 14:54:14 +02:00 · 2020-07-08 14:54:14 +02:00 · 7a28900663
parent 82fdf528e9 1acdef286a
commit 7a28900663
3 changed files with 289 additions and 40 deletions
--- a/lists/google/list.json
+++ b/lists/google/list.json
@ -220,6 +220,7 @@
    "elgoog.im",
    "feedburner.com",
    "foofle.com",
+    "forms.gle",
    "froogle.com",
    "g.co",
    "ggpht.com",
@ -457,6 +458,7 @@
    "goolge.com",
    "gooogle.com",
    "gv.com",
+    "gvt1.com",
    "keyhole.com",
    "like.com",
    "localguidesconnect.com",
--- a/lists/tlds/list.json
+++ b/lists/tlds/list.json
--- a/tools/generate-tlds.py
+++ b/tools/generate-tlds.py
@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import requests
+import json
+import datetime
+
+url = 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt'
+r = requests.get(url)
+tlds = []
+for tld in r.text.splitlines():
+    if tld.startswith('#'):
+        continue
+    tlds.append(tld)
+
+warninglist = {
+    'name': 'TLDs as known by IANA',
+    'version': int(datetime.date.today().strftime('%Y%m%d')),
+    'description': 'Event contains one or more TLDs as attribute with an IDS flag set',
+    'list': sorted(set(tlds)),
+    'matching_attributes': ["hostname", "domain", "domain|ip"],
+    'type': 'string',
+}
+
+with open('../lists/tlds/list.json', 'w') as data_file:
+    json.dump(warninglist, data_file, indent=2, sort_keys=True)
+    data_file.write("\n")