IP reputation check

This topic contains 3 replies, has 3 voices, and was last updated by Profile photo of josephkingstone josephkingstone 1 year, 8 months ago.

  • Author
    Posts
  • #27476
    Profile photo of josephkingstone
    josephkingstone
    Participant

    So, I made this little script as a way to quickly check several different websites for the reputation on an IP address. I do have a question though........well 2

    First, run the script, and see how I had to open up several different IE browser windows. Is there a way to keep all of this in one window, and still input the necessary info?

    Also, I have an issue with a website that really needs to be able to be queried, it's one of our real go to guys.

    http://www.dnsbl.info

    Any suggestions on how to get to query this website like the other ones listed in this script? I am new to powershell, so any advice would help.

    And if anyone else does IT security, this script has definitely been a pretty quick and easy way to tell if an IP is malicious or not.

    ====================================================================
    $host.ui.rawui.ForegroundColor="Red"
    $a = (Get-Host).UI.RawUI
    $b = $a.WindowSize
    $b.Width = 50
    $b.Height = 20
    $a.WindowSize = $b
    $global=$name = Read-Host 'Which IP do you want to scan?'
    $ie = New-Object -com InternetExplorer.Application
    $ie.visible=$true

    start-sleep 1

    $ie.navigate2("http://www.ipvoid.com")
    $ie.top = 0; $ie.width = 600; $ie.height = 600; $ie.Left = 0
    while($ie.ReadyState -ne 4) {start-sleep -m 100}
    $ie.document.getElementById("ip_address").value= "$name"
    start-sleep 1
    $submit = $ie.Document.getElementsByTagName('button') | where-object {$_.type -eq "submit"}
    $submit.Click()

    $ie = New-Object -com InternetExplorer.Application
    $ie.visible=$true
    $ie.navigate("http://www.trustedsource.org/")
    $ie.top = 0; $ie.width = 600; $ie.height = 600; $ie.Left = 600
    while($ie.ReadyState -ne 4) {start-sleep -m 100}
    $ie.document.getElementById("q").value= "$name"
    start-sleep 1
    $ie.document.getElementById("dummy").Click()

    $ie = New-Object -com InternetExplorer.Application
    $ie.visible=$true
    $ie.navigate("http://urlquery.net")
    $ie.top = 0; $ie.width = 600; $ie.height = 600; $ie.Left = 1200
    while($ie.ReadyState -ne 4) {start-sleep -m 100}
    $ie.document.getElementById("url").value= "$name"
    start-sleep 1
    $ie.document.getElementById("url-submit").Click()

    $ie = New-Object -com InternetExplorer.Application
    $ie.visible=$true
    $ie.navigate("http://whois.domaintools.com")
    $ie.top = 600; $ie.width = 600; $ie.height = 600; $ie.Left = 0
    while($ie.ReadyState -ne 4) {start-sleep -m 100}
    $ie.document.getElementById("landing-whois").value= ("$name")
    start-sleep 1
    $ie.document.getElementById("whois-search").Click()

    $ie = New-Object -com InternetExplorer.Application
    $ie.visible=$true
    $ie.navigate("zulu.zscaler.com")
    $ie.top = 600; $ie.width = 600; $ie.height = 600; $ie.Left = 600
    while($ie.ReadyState -ne 4) {start-sleep -m 100}
    $ie.document.getElementById("submission_submission").value= "$name"
    start-sleep 1
    $submit = $ie.Document.getElementsByTagName('input') | where-object {$_.type -eq "image"}
    $submit.Click()

    $ie = New-Object -com InternetExplorer.Application
    $ie.visible=$true
    $ie.navigate("http://www.borderware.com")
    $ie.top = 600; $ie.width = 600; $ie.height = 600; $ie.Left = 1200
    while($ie.ReadyState -ne 4) {start-sleep -m 100}
    $ie.document.getElementById("ip").value= ("$name")
    start-sleep 1
    $ie.document.getElementById("submit").Click()

  • #27485
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    instead of using IE you can use Invoke-WebRequest like this
    PS D:\> Invoke-WebRequest -Uri http://www.dnsbl.info/dnsbl-database-check.php -Method Post -Body @{'ip'='8.8.8.8'}
    and analyze returned object.
    but you make your own dnsbl checker –
    to check for example 87.242.67.15 by b.barracudacentral.org you can use
    [system.net.dns]::resolve('15.67.242.87.b.barracudacentral.org')
    and so you can use other dnsbl services.
    It is fair play 🙂

  • #27491
    Profile photo of Rob Simmers
    Rob Simmers
    Participant

    To answer your question about browser tabs, you can pass a BrowserNavConstant (navOpenInNewTab = 2048) to the .Navigate method.

    $ie = New-Object -com InternetExplorer.Application
    $ie.visible=$true
    $ie.navigate("http://www.google.com")
    $ie.navigate("http://www.yahoo.com", 2048)
    
  • #27552
    Profile photo of josephkingstone
    josephkingstone
    Participant

    Thanks for the help guys. I was able to get some help and query all information I needed. Great tool.

You must be logged in to reply to this topic.