line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package WWW::Honeypot::httpBL; |
2
|
|
|
|
|
|
|
|
3
|
3
|
|
|
3
|
|
67921
|
use 5.008008; |
|
3
|
|
|
|
|
9
|
|
|
3
|
|
|
|
|
103
|
|
4
|
3
|
|
|
3
|
|
18
|
use strict; |
|
3
|
|
|
|
|
14
|
|
|
3
|
|
|
|
|
97
|
|
5
|
3
|
|
|
3
|
|
15
|
use warnings; |
|
3
|
|
|
|
|
8
|
|
|
3
|
|
|
|
|
81
|
|
6
|
|
|
|
|
|
|
|
7
|
3
|
|
|
3
|
|
14
|
use Carp; |
|
3
|
|
|
|
|
5
|
|
|
3
|
|
|
|
|
292
|
|
8
|
3
|
|
|
3
|
|
2615
|
use Net::hostent; |
|
3
|
|
|
|
|
17782
|
|
|
3
|
|
|
|
|
79
|
|
9
|
3
|
|
|
3
|
|
3670
|
use Socket; |
|
3
|
|
|
|
|
11930
|
|
|
3
|
|
|
|
|
1812
|
|
10
|
|
|
|
|
|
|
|
11
|
3
|
|
|
3
|
|
22
|
use constant 'LOOKUP_DOMAIN' => 'dnsbl.httpbl.org'; |
|
3
|
|
|
|
|
5
|
|
|
3
|
|
|
|
|
3030
|
|
12
|
|
|
|
|
|
|
|
13
|
|
|
|
|
|
|
our $VERSION = '0.01'; |
14
|
|
|
|
|
|
|
|
15
|
|
|
|
|
|
|
my $search_engines = { |
16
|
|
|
|
|
|
|
'0' => 'Undocumented', |
17
|
|
|
|
|
|
|
'1' => 'Alta Vista', |
18
|
|
|
|
|
|
|
'2' => 'Ask', |
19
|
|
|
|
|
|
|
'3' => 'Baidu', |
20
|
|
|
|
|
|
|
'4' => 'Excite', |
21
|
|
|
|
|
|
|
'5' => 'Google', |
22
|
|
|
|
|
|
|
'6' => 'Looksmart', |
23
|
|
|
|
|
|
|
'7' => 'Lycos', |
24
|
|
|
|
|
|
|
'8' => 'MSN', |
25
|
|
|
|
|
|
|
'9' => 'Yahoo', |
26
|
|
|
|
|
|
|
'10' => 'InfoSeek', |
27
|
|
|
|
|
|
|
'11' => 'Miscellaneous' |
28
|
|
|
|
|
|
|
}; |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
sub new { |
31
|
0
|
|
|
0
|
0
|
|
my $pkg = shift; |
32
|
|
|
|
|
|
|
|
33
|
0
|
|
|
|
|
|
my $self = {}; |
34
|
0
|
|
|
|
|
|
bless $self, $pkg; |
35
|
|
|
|
|
|
|
|
36
|
0
|
0
|
|
|
|
|
if (! $self->_init(@_)) { |
37
|
0
|
|
|
|
|
|
return undef; |
38
|
|
|
|
|
|
|
} |
39
|
|
|
|
|
|
|
|
40
|
0
|
|
|
|
|
|
return $self; |
41
|
|
|
|
|
|
|
} |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
sub _init { |
44
|
0
|
|
|
0
|
|
|
my $self = shift; |
45
|
0
|
0
|
|
|
|
|
my $args = (ref($_[0]) eq "HASH") ? shift : {@_}; |
46
|
|
|
|
|
|
|
|
47
|
0
|
|
|
|
|
|
$self->{'_debug'} = $args->{'debug'}; |
48
|
0
|
|
|
|
|
|
$self->{'_key'} = $args->{'access_key'}; |
49
|
0
|
|
|
|
|
|
$self->{'_current_ip'} = ''; |
50
|
0
|
|
|
|
|
|
$self->{'_current_response'} = ''; |
51
|
0
|
|
|
|
|
|
$self->{'_current_response_octets'} = []; |
52
|
|
|
|
|
|
|
|
53
|
0
|
|
|
|
|
|
return 1; |
54
|
|
|
|
|
|
|
} |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
sub access_key { |
57
|
0
|
|
|
0
|
0
|
|
my $self = shift; |
58
|
0
|
|
|
|
|
|
my $key = shift; |
59
|
|
|
|
|
|
|
|
60
|
0
|
0
|
|
|
|
|
if ($key) { |
61
|
0
|
|
|
|
|
|
$self->{'_key'} = $key; |
62
|
|
|
|
|
|
|
} |
63
|
|
|
|
|
|
|
|
64
|
0
|
|
|
|
|
|
return $self->{'_key'}; |
65
|
|
|
|
|
|
|
} |
66
|
|
|
|
|
|
|
|
67
|
|
|
|
|
|
|
sub fetch { |
68
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
69
|
0
|
|
|
|
|
|
my $ip = shift; |
70
|
|
|
|
|
|
|
|
71
|
0
|
|
|
|
|
|
$self->_reset(); |
72
|
|
|
|
|
|
|
|
73
|
0
|
0
|
0
|
|
|
|
carp("No Access Key!") && return unless $self->access_key(); |
74
|
0
|
0
|
0
|
|
|
|
carp("Nothing to fetch!") && return unless $ip; |
75
|
|
|
|
|
|
|
|
76
|
0
|
0
|
|
|
|
|
unless ($ip =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) { |
77
|
0
|
|
|
|
|
|
my $err_str = "That doesn't look like an IP address!"; |
78
|
0
|
0
|
|
|
|
|
carp($err_str) && return $err_str; |
79
|
|
|
|
|
|
|
} |
80
|
|
|
|
|
|
|
|
81
|
0
|
|
|
|
|
|
$self->_lookup($self->_reverse_IP($ip)); |
82
|
|
|
|
|
|
|
|
83
|
0
|
0
|
|
|
|
|
return $self->{_current_response} ? ($self->_parse_response()) : undef; |
84
|
|
|
|
|
|
|
} |
85
|
|
|
|
|
|
|
|
86
|
|
|
|
|
|
|
sub threat_score { |
87
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
88
|
|
|
|
|
|
|
|
89
|
0
|
|
|
|
|
|
return ( $self->{_current_response} && !$self->is_search_engine() ) ? |
90
|
0
|
0
|
0
|
|
|
|
${$self->{_current_response_octets}}[2] : undef; |
91
|
|
|
|
|
|
|
} |
92
|
|
|
|
|
|
|
|
93
|
|
|
|
|
|
|
sub days_since_last_actvity { |
94
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
95
|
|
|
|
|
|
|
|
96
|
0
|
|
|
|
|
|
return ( $self->{_current_response} && !$self->is_search_engine() ) ? |
97
|
0
|
0
|
0
|
|
|
|
${$self->{_current_response_octets}}[1] : undef; |
98
|
|
|
|
|
|
|
} |
99
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
sub is_search_engine { |
101
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
102
|
|
|
|
|
|
|
|
103
|
0
|
0
|
|
|
|
|
return undef unless $self->{_current_response}; |
104
|
|
|
|
|
|
|
|
105
|
0
|
0
|
|
|
|
|
if ( ${$self->{_current_response_octets}}[3] == 0 ) { |
|
0
|
|
|
|
|
|
|
106
|
0
|
|
|
|
|
|
my $serial_number = ${$self->{_current_response_octets}}[2]; |
|
0
|
|
|
|
|
|
|
107
|
0
|
|
|
|
|
|
return $search_engines->{$serial_number}; |
108
|
|
|
|
|
|
|
} else { |
109
|
0
|
|
|
|
|
|
return; |
110
|
|
|
|
|
|
|
} |
111
|
|
|
|
|
|
|
} |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
sub is_suspicious { |
114
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
115
|
|
|
|
|
|
|
|
116
|
0
|
0
|
|
|
|
|
return undef unless $self->{_current_response}; |
117
|
|
|
|
|
|
|
|
118
|
0
|
|
|
|
|
|
my $c = ${$self->{_current_response_octets}}[3]; |
|
0
|
|
|
|
|
|
|
119
|
0
|
0
|
0
|
|
|
|
if ($c == 1 || $c == 3 || $c == 5 || $c == 7) { |
|
|
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
120
|
0
|
|
|
|
|
|
return 1; |
121
|
|
|
|
|
|
|
} else { |
122
|
0
|
|
|
|
|
|
return undef; |
123
|
|
|
|
|
|
|
} |
124
|
|
|
|
|
|
|
} |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
sub is_harvester { |
127
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
128
|
|
|
|
|
|
|
|
129
|
0
|
0
|
|
|
|
|
return undef unless $self->{_current_response}; |
130
|
|
|
|
|
|
|
|
131
|
0
|
|
|
|
|
|
my $c = ${$self->{_current_response_octets}}[3]; |
|
0
|
|
|
|
|
|
|
132
|
0
|
0
|
0
|
|
|
|
if ($c == 2 || $c == 3 || $c == 6 || $c == 7) { |
|
|
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
133
|
0
|
|
|
|
|
|
return 1; |
134
|
|
|
|
|
|
|
} else { |
135
|
0
|
|
|
|
|
|
return undef; |
136
|
|
|
|
|
|
|
} |
137
|
|
|
|
|
|
|
} |
138
|
|
|
|
|
|
|
|
139
|
|
|
|
|
|
|
sub is_comment_spammer { |
140
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
141
|
|
|
|
|
|
|
|
142
|
0
|
0
|
|
|
|
|
return undef unless $self->{_current_response}; |
143
|
|
|
|
|
|
|
|
144
|
0
|
|
|
|
|
|
my $c = ${$self->{_current_response_octets}}[3]; |
|
0
|
|
|
|
|
|
|
145
|
|
|
|
|
|
|
|
146
|
0
|
0
|
0
|
|
|
|
if ($c == 4 || $c == 5 || $c == 6 || $c == 7) { |
|
|
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
147
|
0
|
|
|
|
|
|
return 1; |
148
|
|
|
|
|
|
|
} else { |
149
|
0
|
|
|
|
|
|
return undef; |
150
|
|
|
|
|
|
|
} |
151
|
|
|
|
|
|
|
} |
152
|
|
|
|
|
|
|
|
153
|
|
|
|
|
|
|
# Internal methods below |
154
|
|
|
|
|
|
|
|
155
|
|
|
|
|
|
|
sub _lookup { |
156
|
0
|
|
|
0
|
|
|
my $self = shift; |
157
|
0
|
|
|
|
|
|
my $reversed_ip = shift; |
158
|
|
|
|
|
|
|
|
159
|
0
|
|
|
|
|
|
my $str = join('.', $self->access_key(), $reversed_ip, LOOKUP_DOMAIN); |
160
|
|
|
|
|
|
|
|
161
|
0
|
|
|
|
|
|
my $h = gethost($str); |
162
|
|
|
|
|
|
|
|
163
|
0
|
0
|
|
|
|
|
return unless $h; |
164
|
|
|
|
|
|
|
|
165
|
0
|
|
|
|
|
|
$self->{_current_response} = inet_ntoa($h->addr); |
166
|
|
|
|
|
|
|
} |
167
|
|
|
|
|
|
|
|
168
|
|
|
|
|
|
|
sub _reverse_IP { |
169
|
0
|
|
|
0
|
|
|
my $self = shift; |
170
|
0
|
|
|
|
|
|
my $ip = shift; |
171
|
|
|
|
|
|
|
|
172
|
0
|
|
|
|
|
|
my @parts = split(/\./, $ip); |
173
|
0
|
|
|
|
|
|
return join('.', reverse(@parts)); |
174
|
|
|
|
|
|
|
} |
175
|
|
|
|
|
|
|
|
176
|
|
|
|
|
|
|
sub _parse_response { |
177
|
0
|
|
|
0
|
|
|
my $self = shift; |
178
|
|
|
|
|
|
|
|
179
|
0
|
|
|
|
|
|
my @octets = split(/\./, $self->{_current_response}); |
180
|
0
|
|
|
|
|
|
push(@{$self->{_current_response_octets}}, @octets); |
|
0
|
|
|
|
|
|
|
181
|
0
|
|
|
|
|
|
return @octets; |
182
|
|
|
|
|
|
|
} |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
sub _reset { |
185
|
0
|
|
|
0
|
|
|
my $self = shift; |
186
|
|
|
|
|
|
|
|
187
|
0
|
|
|
|
|
|
$self->{'_current_ip'} = ''; |
188
|
0
|
|
|
|
|
|
$self->{'_current_response'} = ''; |
189
|
0
|
|
|
|
|
|
$self->{'_current_response_octets'} = []; |
190
|
|
|
|
|
|
|
} |
191
|
|
|
|
|
|
|
|
192
|
|
|
|
|
|
|
1; |
193
|
|
|
|
|
|
|
__END__ |