Merge branch 'main' of github.com:MISP/misp-warninglists into main

lists/google/list.json

@@ -220,6 +220,7 @@
     "elgoog.im",
     "feedburner.com",
     "foofle.com",
+    "forms.gle",
     "froogle.com",
     "g.co",
     "ggpht.com",
@@ -457,6 +458,7 @@
     "goolge.com",
     "gooogle.com",
     "gv.com",
+    "gvt1.com",
     "keyhole.com",
     "like.com",
     "localguidesconnect.com",

tools/generate-tlds.py

@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import requests
+import json
+import datetime
+
+url = 'https://data.iana.org/TLD/tlds-alpha-by-domain.txt'
+r = requests.get(url)
+tlds = []
+for tld in r.text.splitlines():
+    if tld.startswith('#'):
+        continue
+    tlds.append(tld)
+
+warninglist = {
+    'name': 'TLDs as known by IANA',
+    'version': int(datetime.date.today().strftime('%Y%m%d')),
+    'description': 'Event contains one or more TLDs as attribute with an IDS flag set',
+    'list': sorted(set(tlds)),
+    'matching_attributes': ["hostname", "domain", "domain|ip"],
+    'type': 'string',
+}
+
+with open('../lists/tlds/list.json', 'w') as data_file:
+    json.dump(warninglist, data_file, indent=2, sort_keys=True)
+    data_file.write("\n")