Sunday, January 26, 2014

Did I Visit a Malicious Site?



A Perl script that will download the Malware Domain List hosts file and compare the domains listed in the file to domains present in the Chrome History database (an SQLite DB).  It will print out a list of any domains in the History DB that are listed on the Malware Domain list.  Note: the script assumes that a copy of the History DB is in the same directory as the script. 

#!usr/bin/perl

use DBI;
use List::MoreUtils qw(uniq);
use List::Compare;
use LWP::Simple;
use strict;
use warnings;

my @MalDomains;
my @VisitedDomains;

#obtains a list of malicious domains from a the malware domain list hosts file
my $MalHosts = get 'http://www.malwaredomainlist.com/hostslist/hosts.txt';
open( my $hosts, '<', \$MalHosts );
while(<$hosts>){
   my $host=$_;     
   #remove loopback from each entry
   if($host=~s/127\.0\.0\.1  //){
      #remove newline
      $host =~ s/\r?\n$//;
      push(@MalDomains, $host);
   };
}
close $hosts;

#opens the History database and pulls out all visited domains
my $dbh = DBI->connect("dbi:SQLite:dbname=History","","");
my $sth=$dbh->selectall_arrayref( "SELECT url FROM urls" );
foreach my $data (@$sth) {
               (my $url)=@$data;
               #obtain domain from visited URL
               my $url2 = URI->new("$url");
    my $domain = $url2->host;
    push(@VisitedDomains, $domain);
}

#remove duplicate domains to speed processing
my @UVDomains = uniq(@VisitedDomains);

#finds the intersection of each array
my $lc = List::Compare->new(\@MalDomains, \@UVDomains);
my @intersection = $lc->get_intersection;

print "You browsed the following malicious domains: \n";
foreach(@intersection){
               print $_ . "\n";
}

No comments: