SafeBrowsing est la base anti malware / anti phishing de Google. IntĂ©grĂ© Ă Firefox et Google Chrome, il permet de valider que le site n’est pas un nid Ă malware ou tentative de phishing.
Pour tester par site :
http://www.google.com/safebrowsing/diagnostic?site=beufa.net
Ou par AS :
http://www.google.com/safebrowsing/diagnostic?site=AS:15069
Des modules existent en Perl pour automatiser ces vérifications :
use Net::Google::SafeBrowsing2; use Net::Google::SafeBrowsing2::Storage; use Net::Google::SafeBrowsing2::Sqlite;
Ensuite, quelques lignes de Perl suffit Ă vĂ©rifier une liste de sites (qu’il est possible d’inclure depuis une base MySQL !)
my @sites =( 'http://flashupdate.co.cc/', 'https://beufa.net/', 'http://www.fortinet.com/', 'http://www.gumblar.cn' );
Créer une base locale, qui permettra de stocker les hashs localement
my $storage_malware_db = Net::Google::SafeBrowsing2::Sqlite->new(file => 'goog-malware-shavar.db');
my $malware_db = Net::Google::SafeBrowsing2->new(
key => "YOUR_KEY",
storage => $storage_malware_db,
error => 1,
## debug => 1,
## mac => 1,
list => MALWARE,
## force => 1
);
Il est possible de télécharger 2 bases (paramètre LIST) : MALWARE (goog-malware-shava.db) ou PHISHING (googpub-phish-shavar.db)
VĂ©rifier les mises Ă jour :
my $last_db1 = $storage_malware_db->last_update(list => 'goog-malware-shavar')->{time};
my $next_db1 = $last_db1+$storage_malware_db->last_update(list => 'goog-malware-shavar')->{wait};
my $last_db2 = $storage_phishing_db->last_update(list => 'googpub-phish-shavar')->{time};
my $next_db2 = $last_db2+$storage_phishing_db->last_update(list => 'googpub-phish-shavar')->{wait};
print color 'reset'; print color 'bold yellow';
print "--- ---------------------------------- ----n";
print "--- Updates of Google SafeBrowsing DBs ----n";
print "--- ---------------------------------- ----n";
print color 'reset'; print color 'cyan';
print "t > Last Up. (google-malware-shavar) : ".scalar(localtime($last_db1))."n";
print "t > Next Up. (google-malware-shavar) : ".scalar(localtime($next_db1))."n";
print "t > Last Up. (googpub-phish-shavar) : ".scalar(localtime($last_db2))."n";
print "t > Next Up. (googpub-phish-shavar) : ".scalar(localtime($next_db2))."n";
print color 'reset';
VĂ©rifiez ensuite que chacun des sites n’est pas dans les hashs Google SafeBrowsing :
print color 'reset'; print color 'bold yellow';
print "--- -------------------------------------- ----n";
print "--- Checking for Malwares Distribution URL ----n";
print "--- -------------------------------------- ----n";
foreach $site (@sites) {
my $match_malware = $malware_db->lookup(url => $site);
if ($match_malware eq MALWARE) {
print color 'reset'; print color 'bold red';
print "t(MAL)tNOK => ".$site." => MALWARE n";
}
else {
print color 'reset'; print color 'green';
print "ttOK => ".$site."n";
}
}
print color 'reset';
print color 'reset'; print color 'red';
print "--- Errors for Malwares Distribution Check ----n";
print "Last malware_db error: ", $malware_db->last_error(), "n";
print "--- -------------------------------------- ----n";
$storage_malware_db->close();
Le résultat :
user@pc:~$ perl Bureau/safeb --- ---------------------------------- ---- --- Updates of Google SafeBrowsing DBs ---- --- ---------------------------------- ---- > Last Up. (google-malware-shavar) : Fri Nov 11 10:44:43 2011 > Next Up. (google-malware-shavar) : Fri Nov 11 11:14:49 2011 > Last Up. (googpub-phish-shavar) : Fri Nov 11 10:44:57 2011 > Next Up. (googpub-phish-shavar) : Fri Nov 11 11:16:36 2011 --- -------------------------------------- ---- --- Checking for Malwares Distribution URL ---- --- -------------------------------------- ---- (MAL) NOK => http://flashupdate.co.cc/ => MALWARE OK => https://beufa.net OK => http://fortinet.com OK => http://gumblar.cn --- Errors for Malwares Distribution Check ---- Last malware_db error: --- -------------------------------------- ---- --- -------------------------------------- ---- --- Checking for Phishing Distribution URL ---- --- -------------------------------------- ---- OK => http://flashupdate.co.cc/ OK => https://beufa.net OK => http://fortinet.com OK => http://gumblar.cn --- Errors for Phishing Distribution Check ---- Last phishing_db error: --- -------------------------------------- ----
Bon amusement !
A venir : scan de pages avec ClamAV et son module File::Scan::ClamAV
Comments closed
