-
Notifications
You must be signed in to change notification settings - Fork 2
/
ff.php
29 lines (29 loc) · 1.31 KB
/
ff.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/usr/bin/php -q
<?php
echo "http://code.google.com/p/fast-flux/\n";
echo "(C) 2013 Adam Ziaja <adam@adamziaja.com> http://adamziaja.com\n";
$domain = $argv[1];
include_once 'geoip.inc'; // https://raw.github.com/maxmind/geoip-api-php/master/geoip.inc
try {
$db = new PDO('mysql:host=localhost;dbname=botnet;charset=utf8', 'LOGIN', 'PASSWORD');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$db->query('CREATE TABLE IF NOT EXISTS botnet (botnet_ip VARCHAR(15) NOT NULL UNIQUE, botnet_datetime DATETIME NOT NULL, botnet_country TEXT, botnet_asn TEXT)');
} catch (PDOException $e) {
print 'Exception : ' . $e->getMessage();
}
while (1) {
$time = date("Y-m-d H:i:s");
$ip = gethostbyname($domain);
if (filter_var($ip, FILTER_VALIDATE_IP)) {
$country = strtolower(geoip_country_code_by_name($ip));
$asn = htmlspecialchars(geoip_name_by_addr(geoip_open('/usr/share/GeoIP/GeoIPASNum.dat', GEOIP_STANDARD), $ip), ENT_QUOTES);
echo "$domain $ip\n";
try {
$db->query("INSERT IGNORE INTO botnet (botnet_ip, botnet_datetime, botnet_country, botnet_asn) VALUES ('$ip', '$time', '$country', '$asn')");
} catch (PDOException $e) {
print 'Exception : ' . $e->getMessage();
}
}
}
?>