PoshCode Archive  Artifact [fb8a1e1af9]

Artifact fb8a1e1af910877e1a36130d51d77a03dbab36904f7e607636528f6f9029e94e:

  • File RBL-Black-list-checker.ps1 — part of check-in [1d14b2b21e] at 2018-06-10 13:59:57 on branch trunk — this script will check a list of IP’s versus the most common RBL’s online – it will mail results of each IP with a list of the blacklists it was found on. If you run it during the 9am -10am hours it will send Negitive emails also for a sanity check – (user: Munsonisim size: 5001)

# encoding: ascii
# api: powershell
# title: RBL Black list checker
# description: this script will check a list of IP’s versus the most common RBL’s online – it will mail results of each IP with a list of the blacklists it was found on. If you run it during the 9am -10am hours it will send Negitive emails also for a sanity check – 
# version: 1.0
# type: script
# author: Munsonisim
# license: CC0
# function: Get-Blacklist
# x-poshcode-id: 5716
# x-archived: 2017-03-31T03:18:26
# x-published: 2017-01-26T20:18:00
# This script is also powered from an input file names Octet.csv – one column, header “Octet” – Use this and the honeypot scroipt to gather Black list information on your IP’s
## Script Name:     Get-Blacklist-Function
## Created On:      01/2015
## Author:          A.J. Geddes
## File:            Get-Blacklist-Function.ps1
## Usage:           Get-Blacklist ($IP)
## Version:         1.0
## Purpose:         check an IP or IP's to see if Blacklisted, send email to notify yes is, or no is not.
## Requirements:    PowerShell Version 3.0+
## Last Updated:    01/12/2015

function Get-Blacklist
	checks IP's against most common Blacklists
	This script will use a list of common RBL sites and attempt to resolve a list of IP addresses to each RBL, if found it will send an email to the defined admin with the BL list info and the IP.
	foreach ($NAT in $ExternalNAT)
	$address = $NAT.Octet
	Get-blacklist $address
	the IP address (IPV4 only!) to be checked
		v 1.0 - Set up, BL lists to check, and Function Creation.

$adminemail = 'admin@yourdomain.com'
$fromemail = 'BLACKLIST-CHECK@yourdomain.com'
$mailserver = 'mailrelay.yourdomain.com'
$subjectfail = 'RBL listing detected! '+$IP
$subjectpass = 'RBL not listed :)'

$reversedIP = ($IP -split '\.')[3..0] -join '.'

$blacklistServers = @(

$blacklistedOn = @()

foreach ($server in $blacklistServers)
    $fqdn = "$reversedIP.$server"
        $null = [System.Net.Dns]::GetHostEntry($fqdn)
        $blacklistedOn += $server
    catch { }

if ($blacklistedOn.Count -gt 0)
    # The IP was blacklisted on one or more servers; send your email here.  $blacklistedOn is an array of the servers that returned positive results.
    send-mailmessage -Priority High -from $fromemail -to $adminemail -SMTPServer $mailserver -body "$IP is blacklisted on the following servers: $($blacklistedOn -join ', ')" -Subject $subjectfail
    Write-Host "$IP is not currently blacklisted on any server."

#If you want to get an email once a day so you know its still working.   
 if ((Get-Date).Hour -eq 10)
        # The IP was not blacklisted, but it's between 9:00 and 10:00 AM (local time); you can send your sanity email here
    send-mailmessage -from $fromemail -to $adminemail -SMTPServer $mailserver -body "$IP is not blacklisted" -Subject $subjectpass