-
Notifications
You must be signed in to change notification settings - Fork 5
/
honeypot.js
186 lines (164 loc) · 4.24 KB
/
honeypot.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
/**
* @license
* Node Honeypot 2.3.0 <http://lodash.com/>
* Copyright 2014 Piotr Rochala <http://rocha.la/>
* Based on original PHP class by smithweb <http://smith-web.net/>
* Available under MIT license <http://opensource.org/licenses/mit-license.php>
*/
var dns = require('dns');
module.exports = function(key) {
var api_key = key;
var visitor_type = {
0: 'Search Engine Bot',
1: 'Suspicious',
2: 'Harvester',
3: 'Suspicious, Harvester',
4: 'Comment Spammer',
5: 'Suspicious, Comment Spammer',
6: 'Harvester, Comment Spammer',
7: 'Suspicious, Harvester, Comment Spammer'
};
var search_engine = {
0: 'Undocumented',
1: 'AltaVista',
2: 'Ask',
3: 'Baidu',
4: 'Excite',
5: 'Google',
6: 'Looksmart',
7: 'Lycos',
8: 'MSN',
9: 'Yahoo',
10: 'Cuil',
11: 'InfoSeek',
12: 'Miscellaneous'
};
// Raw Response from http:BL query
var _response = [];
/**
* Performs query of the httpBL service, using a DNS Query.
*
* See http://www.projecthoneypot.org/httpbl_api.php for
* information on proper format and possible responses.
*
*/
this.query = function(ip, callback) {
var reversed_ip = ip.split('.').reverse().join('.')
dns.resolve4([api_key, reversed_ip, 'dnsbl.httpbl.org'].join('.'), function(err, data) {
if (data) {
_response = data.toString().split('.').map(Number);
callback(null, data);
} else {
callback(err, null);
}
})
}
/**
* Checks if the ip address was listed in the httpBL
*
* @return bool True if listed, False if not listed
*/
this.isListed = function() {
if (_response[0] === 127) {
return true;
}
return false;
}
/**
* Returns vistor type as integer
*
* @return int|bool Vistor type or false if not in httBL
*/
this.getVisitorType = function() {
if (this.isListed()) {
return _response[3];
}
return false;
}
/**
* Returns string containing a text description of the visitor type
*
* @return string|bool Visitor type if listed in httpBL, false if not
*/
this.getFormattedVisitorType = function() {
if (this.isListed()) {
if (_response[3] === 0) {
return visitor_type[_response[3]] + ' (' + search_engine[_response[2]] + ')';
} else {
return visitor_type[_response[3]];
}
} else {
return false;
}
}
/**
* Gets the threat rating for an ip address if it is listed in the httpBL.
*
* @return int Threat score (out of a possible 255)
*/
this.getThreatRating = function() {
if (this.isListed()) {
return _response[2];
}
return 0;
}
/**
* Gets the number of days since an event was tracked for an ip address
* if it is listed in the httpBL.
*
* @return int Number of days since most recent event (up to max of 255)
*/
this.getRecency = function() {
if (this.isListed()) {
return _response[1];
}
return 0;
}
/**
* Checks whether the ip address belongs to a search engine bot or company
*
* @return boolean True of ip belongs to search engine, false if not
*/
this.isSearchEngine = function() {
if (this.isListed() && _response[3] === 0) {
return true;
}
return false;
}
/**
* @return Array containing response details
*/
this.getRawResponse = function() {
return _response;
}
/**
* Sets raw response, useful for testing
*/
this.setRawResponse = function(value) {
_response = value;
}
/*
* Returns a formatted message with details about the IP address
*
* @param string format type of output for the response, text or html
* @return string Formatted string of response info
*/
this.getFormattedResponse = function(format) {
if (!format) {
format = 'text';
}
var line_end = "\n";
var output = '';
if (format == 'html') {
line_end = "<br />\n";
}
if (this.isListed()) {
output += this.getFormattedVisitorType() + line_end;
if (!this.isSearchEngine()) {
output += "Threat Rating: " + this.getThreatRating() + " / 255" + line_end;
output += "Recency: " + this.getRecency() + " / 255" + line_end;
}
}
return output;
}
};