{"id":2386,"date":"2011-11-11T10:43:57","date_gmt":"2011-11-11T09:43:57","guid":{"rendered":"http:\/\/blog.beufa.net\/?p=15"},"modified":"2011-11-11T10:43:57","modified_gmt":"2011-11-11T09:43:57","slug":"perl-verifier-vos-sites-automatiquement-avec-safebrowsing","status":"publish","type":"post","link":"https:\/\/beufa.net\/fr\/blog\/perl-verifier-vos-sites-automatiquement-avec-safebrowsing\/","title":{"rendered":"[Perl] V\u00e9rifier vos sites automatiquement avec SafeBrowsing"},"content":{"rendered":"

SafeBrowsing est la base anti malware \/ anti phishing de Google. Int\u00e9gr\u00e9 \u00e0 Firefox et Google Chrome, il permet de valider que le site n’est pas un nid \u00e0 malware ou tentative de phishing.<\/p>\n

\"\"<\/a>
Exemple SafeBrowsing<\/figcaption><\/figure>\n

Pour tester par site :<\/p>\n

http:\/\/www.google.com\/safebrowsing\/diagnostic?site=beufa.net<\/a><\/span><\/p>\n

Ou par AS :<\/p>\n

http:\/\/www.google.com\/safebrowsing\/diagnostic?site=AS:15069<\/a><\/span><\/p>\n

Des modules existent en Perl pour automatiser ces v\u00e9rifications :<\/p>\n

use Net::Google::SafeBrowsing2;\nuse Net::Google::SafeBrowsing2::Storage;\nuse Net::Google::SafeBrowsing2::Sqlite;<\/pre>\n
Ensuite, quelques lignes de Perl suffit \u00e0 v\u00e9rifier une liste de sites (qu’il est possible d’inclure depuis une base MySQL !)<\/p>\n
my @sites =(\n\t\t'http:\/\/flashupdate.co.cc\/',\n\t\t'https:\/\/beufa.net\/',\n\t\t'http:\/\/www.fortinet.com\/',\n\t\t'http:\/\/www.gumblar.cn'\n\t\t);<\/pre>\n
Cr\u00e9er une base locale, qui permettra de stocker les hashs localement<\/p>\n
 my $storage_malware_db = Net::Google::SafeBrowsing2::Sqlite->new(file => 'goog-malware-shavar.db');\n  my $malware_db = Net::Google::SafeBrowsing2->new(\n        key     => \"YOUR_KEY\",\n        storage => $storage_malware_db,\n\terror\t=> 1,\n##      debug   => 1,\n##      mac     => 1,\n        list    => MALWARE,\n##\tforce\t=> 1\n  );<\/pre>\n
Il est possible de t\u00e9l\u00e9charger 2 bases (param\u00e8tre LIST) : MALWARE (goog-malware-shava.db) ou PHISHING (googpub-phish-shavar.db)<\/p>\n
V\u00e9rifier les mises \u00e0 jour :<\/p>\n
  my $last_db1 = $storage_malware_db->last_update(list => 'goog-malware-shavar')->{time};\n  my $next_db1 = $last_db1+$storage_malware_db->last_update(list => 'goog-malware-shavar')->{wait};\n  my $last_db2 = $storage_phishing_db->last_update(list => 'googpub-phish-shavar')->{time};\n  my $next_db2 = $last_db2+$storage_phishing_db->last_update(list => 'googpub-phish-shavar')->{wait};\n\n  print color 'reset'; print color 'bold yellow';\n  print \"---   ----------------------------------   ----n\";\n  print \"---   Updates of Google SafeBrowsing DBs   ----n\";\n  print \"---   ----------------------------------   ----n\";\n  print color 'reset';  print color 'cyan';\n  print \"t > Last Up. (google-malware-shavar) : \".scalar(localtime($last_db1)).\"n\";\n  print \"t > Next Up. (google-malware-shavar) : \".scalar(localtime($next_db1)).\"n\";\n  print \"t > Last Up. (googpub-phish-shavar)  : \".scalar(localtime($last_db2)).\"n\";\n  print \"t > Next Up. (googpub-phish-shavar)  : \".scalar(localtime($next_db2)).\"n\";\n  print color 'reset';<\/pre>\n
V\u00e9rifiez ensuite que chacun des sites n’est pas dans les hashs Google SafeBrowsing :<\/p>\n
print color 'reset'; print color 'bold yellow';\n  print \"--- -------------------------------------- ----n\";\n  print \"--- Checking for Malwares Distribution URL ----n\";\n  print \"--- -------------------------------------- ----n\";\n  foreach $site (@sites) {\n\tmy $match_malware = $malware_db->lookup(url => $site);\n\tif ($match_malware eq MALWARE) {\n\t\tprint color 'reset'; print color 'bold red';\n        \tprint \"t(MAL)tNOK => \".$site.\" => MALWARE n\";\n\t}\n\telse {\n\t\tprint color 'reset'; print color 'green';\n        \tprint \"ttOK  => \".$site.\"n\";\n\t}\n  }\n  print color 'reset';\n  print color 'reset'; print color 'red';\n  print \"--- Errors for Malwares Distribution Check ----n\";\n  print \"Last malware_db error: \", $malware_db->last_error(), \"n\";\n  print \"--- -------------------------------------- ----n\";\n  $storage_malware_db->close();<\/pre>\n
Le r\u00e9sultat :<\/p>\n
user@pc:~$ perl Bureau\/safeb\n---   ----------------------------------   ----\n---   Updates of Google SafeBrowsing DBs   ----\n---   ----------------------------------   ----\n\t > Last Up. (google-malware-shavar) : Fri Nov 11 10:44:43 2011\n\t > Next Up. (google-malware-shavar) : Fri Nov 11 11:14:49 2011\n\t > Last Up. (googpub-phish-shavar)  : Fri Nov 11 10:44:57 2011\n\t > Next Up. (googpub-phish-shavar)  : Fri Nov 11 11:16:36 2011\n--- -------------------------------------- ----\n--- Checking for Malwares Distribution URL ----\n--- -------------------------------------- ----\n\t(MAL)\tNOK => http:\/\/flashupdate.co.cc\/ => MALWARE\n\t\tOK  => https:\/\/beufa.net\n\t\tOK  => http:\/\/fortinet.com\n\t\tOK  => http:\/\/gumblar.cn\n--- Errors for Malwares Distribution Check ----\nLast malware_db error:\n--- -------------------------------------- ----\n--- -------------------------------------- ----\n--- Checking for Phishing Distribution URL ----\n--- -------------------------------------- ----\n\t\tOK  => http:\/\/flashupdate.co.cc\/\n\t\tOK  => https:\/\/beufa.net\n\t\tOK  => http:\/\/fortinet.com\n\t\tOK  => http:\/\/gumblar.cn\n--- Errors for Phishing Distribution Check ----\nLast phishing_db error:\n--- -------------------------------------- ----<\/pre>\n
Bon amusement !<\/p>\n
A venir : scan de pages avec ClamAV et son module File::Scan::ClamAV<\/a><\/p>","protected":false},"excerpt":{"rendered":"
SafeBrowsing est la base anti malware \/ anti phishing de Google. Int\u00e9gr\u00e9 \u00e0 Firefox et Google Chrome, il permet de valider que le site n’est…<\/p>\n
Continue reading[Perl] V\u00e9rifier vos sites automatiquement avec SafeBrowsing<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[37,49,66,76,79],"class_list":["post-2386","post","type-post","status-publish","format-standard","hentry","category-perl-script","tag-automatisation","tag-google","tag-perl","tag-safebrowsing","tag-securite","entry"],"_links":{"self":[{"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/posts\/2386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/comments?post=2386"}],"version-history":[{"count":0,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/posts\/2386\/revisions"}],"wp:attachment":[{"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/media?parent=2386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/categories?post=2386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/tags?post=2386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}