Skip to content →

[Perl] Vérifier vos sites automatiquement avec SafeBrowsing

SafeBrowsing est la base anti malware / anti phishing de Google. Intégré à Firefox et Google Chrome, il permet de valider que le site n’est pas un nid à malware ou tentative de phishing.

Exemple SafeBrowsing

Pour tester par site :

http://www.google.com/safebrowsing/diagnostic?site=beufa.net

Ou par AS :

http://www.google.com/safebrowsing/diagnostic?site=AS:15069

Des modules existent en Perl pour automatiser ces vérifications :

use Net::Google::SafeBrowsing2;
use Net::Google::SafeBrowsing2::Storage;
use Net::Google::SafeBrowsing2::Sqlite;

Ensuite, quelques lignes de Perl suffit à vérifier une liste de sites (qu’il est possible d’inclure depuis une base MySQL !)

my @sites =(
		'http://flashupdate.co.cc/',
		'https://beufa.net/',
		'http://www.fortinet.com/',
		'http://www.gumblar.cn'
		);

Créer une base locale, qui permettra de stocker les hashs localement

 my $storage_malware_db = Net::Google::SafeBrowsing2::Sqlite->new(file => 'goog-malware-shavar.db');
  my $malware_db = Net::Google::SafeBrowsing2->new(
        key     => "YOUR_KEY",
        storage => $storage_malware_db,
	error	=> 1,
##      debug   => 1,
##      mac     => 1,
        list    => MALWARE,
##	force	=> 1
  );

Il est possible de télécharger 2 bases (paramètre LIST) : MALWARE (goog-malware-shava.db) ou PHISHING (googpub-phish-shavar.db)

Vérifier les mises à jour :

  my $last_db1 = $storage_malware_db->last_update(list => 'goog-malware-shavar')->{time};
  my $next_db1 = $last_db1+$storage_malware_db->last_update(list => 'goog-malware-shavar')->{wait};
  my $last_db2 = $storage_phishing_db->last_update(list => 'googpub-phish-shavar')->{time};
  my $next_db2 = $last_db2+$storage_phishing_db->last_update(list => 'googpub-phish-shavar')->{wait};

  print color 'reset'; print color 'bold yellow';
  print "---   ----------------------------------   ----n";
  print "---   Updates of Google SafeBrowsing DBs   ----n";
  print "---   ----------------------------------   ----n";
  print color 'reset';  print color 'cyan';
  print "t > Last Up. (google-malware-shavar) : ".scalar(localtime($last_db1))."n";
  print "t > Next Up. (google-malware-shavar) : ".scalar(localtime($next_db1))."n";
  print "t > Last Up. (googpub-phish-shavar)  : ".scalar(localtime($last_db2))."n";
  print "t > Next Up. (googpub-phish-shavar)  : ".scalar(localtime($next_db2))."n";
  print color 'reset';

Vérifiez ensuite que chacun des sites n’est pas dans les hashs Google SafeBrowsing :

print color 'reset'; print color 'bold yellow';
  print "--- -------------------------------------- ----n";
  print "--- Checking for Malwares Distribution URL ----n";
  print "--- -------------------------------------- ----n";
  foreach $site (@sites) {
	my $match_malware = $malware_db->lookup(url => $site);
	if ($match_malware eq MALWARE) {
		print color 'reset'; print color 'bold red';
        	print "t(MAL)tNOK => ".$site." => MALWARE n";
	}
	else {
		print color 'reset'; print color 'green';
        	print "ttOK  => ".$site."n";
	}
  }
  print color 'reset';
  print color 'reset'; print color 'red';
  print "--- Errors for Malwares Distribution Check ----n";
  print "Last malware_db error: ", $malware_db->last_error(), "n";
  print "--- -------------------------------------- ----n";
  $storage_malware_db->close();

Le résultat :

user@pc:~$ perl Bureau/safeb
---   ----------------------------------   ----
---   Updates of Google SafeBrowsing DBs   ----
---   ----------------------------------   ----
	 > Last Up. (google-malware-shavar) : Fri Nov 11 10:44:43 2011
	 > Next Up. (google-malware-shavar) : Fri Nov 11 11:14:49 2011
	 > Last Up. (googpub-phish-shavar)  : Fri Nov 11 10:44:57 2011
	 > Next Up. (googpub-phish-shavar)  : Fri Nov 11 11:16:36 2011
--- -------------------------------------- ----
--- Checking for Malwares Distribution URL ----
--- -------------------------------------- ----
	(MAL)	NOK => http://flashupdate.co.cc/ => MALWARE
		OK  => https://beufa.net
		OK  => http://fortinet.com
		OK  => http://gumblar.cn
--- Errors for Malwares Distribution Check ----
Last malware_db error:
--- -------------------------------------- ----
--- -------------------------------------- ----
--- Checking for Phishing Distribution URL ----
--- -------------------------------------- ----
		OK  => http://flashupdate.co.cc/
		OK  => https://beufa.net
		OK  => http://fortinet.com
		OK  => http://gumblar.cn
--- Errors for Phishing Distribution Check ----
Last phishing_db error:
--- -------------------------------------- ----

Bon amusement !

A venir : scan de pages avec ClamAV et son module File::Scan::ClamAV

Published in Perl Script

en_USEN