Snup is a python package to check IPs, Hashes, Emails, Domains, or URLs against blackhole lists and DNS services.
Readme
Snub is a python package that enables users to retrieve whether or not a given IP, Hash, Email, Domain, or URL is on a blackhole list via the CLI or Flask API. You can specify whether to check if one of the indicators above is on a text based list or a DNSBL list. Alternatively you can specify your own static (known bad) indicators.
If you clone this repository you can also use the provided docker-compose.yml file to utilize an API built around Snub.
To use Snub as a Python package with in your project or a CLI tool, you can install it via pip or pip3.
pip3 install snub
In order to utilize the provided Flask API, you will need to clone this repository and build the image:
git clone https://github.com/swimlane/snub.git
Once Snub is installed using pip or from the repository, you can import the Python package within your project:
from snub import Snub
snub = Snub()
# You can check an indicator against all or a specific snubbed list
# By default snub checks all lists for the given indicator
snub.check('10.103.79.86')
# To select to use a specific list provide one of the following value set to `True` or any combination of the following.
snub.check('10.103.79.86', text_list=True, dns_list=True, static_list=True)
# Snub also includes another python package called Hopper (https://github.com/MSAdministrator/hopper).
# By using the `analyze` method within Snub you can pass in a email message raw string header and get information about the received from hops as well as whether they are on any of Snubs lists
snub.analyze('''
Delivered-To: money@capitalism.com
Received: by 10.129.52.209 with SMTP id b200csp1430876ywa;
Tue, 10 Oct 2017 01:17:02 -0700 (PDT)
X-Received: by 10.31.153.20 with SMTP id b20mr6116862vke.110.1507623422746;
Tue, 10 Oct 2017 01:17:02 -0700 (PDT)
Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65])
by mx.google.com with SMTPS id b31sor1345013uaa.124.2017.10.10.01.17.02
for <money@capitalism.com>
(Google Transport Security);
Tue, 10 Oct 2017 01:17:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of bags@test_email.ua.edu designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65;
X-Received: by 10.176.85.196 with SMTP id w4mr6874179uaa.75.1507623422198; Tue, 10 Oct 2017 01:17:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.79.86 with HTTP; Tue, 10 Oct 2017 01:17:01 -0700 (PDT)
From: Mr. Money Bags <bags@moneyrules.com>
Date: Tue, 10 Oct 2017 01:17:01 -0700
Subject:
To: money@capitalism.com;
Content-Type: text/plain; charset="UTF-8"
Bcc: satan@wallstreet.com
A business opportunity awaits
''')
# You can provide any of the same lists types as optional paramters. By default it will search all from and receivedBy indicators against all lists.
You first need to build the Docker image:
docker build --force-rm -t snub .
You can run the docker image in a few different ways:
If running the CLI tool inside of Docker then you can run the container with the value you are wanting to search blackhole or DNS based lists for:
docker run -t -i -p 5000:5000 snub {SOME_VALUE_HERE}
An example would be:
docker run -t -i -p 5000:5000 snub tfvai.marketer.mobi
If you want to run the API, then simply emit the value you want to search:
NOTE: You must now use docker-compose to expose the api directly
docker-compose up
If you have made changes to either of the defined lists (yml files) file then you must rebuild docker-compose:
docker-compose build
Then run docker-compose:
docker-compose up
There are several new API endpoints available:
To search all snubbed lists then navigate to your browser at:
http://0.0.0.0:5000/snub/search/{SOME_VALUE_HERE}
To search just the text based snubbed lists then navigate to your browser at:
http://0.0.0.0:5000/snub/blackhole/{SOME_VALUE_HERE}
To search DNS blackhole lists then navigate to your browser at:
http://0.0.0.0:5000/snub/dns/{SOME_VALUE_HERE}
To search only your static list then navigate to your browser at:
http://0.0.0.0:5000/snub/static/{SOME_VALUE_HERE}
This will return any information found about the value you are searching for.
FAQs
Snup is a python package to check IPs, Hashes, Emails, Domains, or URLs against blackhole lists and DNS services.
We found that snub demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.