├── .github └── FUNDING.yml ├── .gitignore ├── Build └── Manage-Module.ps1 ├── Docs ├── Readme.md ├── Search-BlackList.md └── Start-ReportBlackLists.md ├── Examples ├── Search-BlackList-Manual.ps1 ├── Search-BlackList-Report.ps1 ├── Search-Blacklist-Advanced.ps1 └── Search-Blacklist-SpeedComparison.ps1 ├── LICENSE ├── PSBlackListChecker.AzurePipelines.yml ├── PSBlackListChecker.Tests.ps1 ├── PSBlackListChecker.psd1 ├── PSBlackListChecker.psm1 ├── Private ├── Emails │ ├── Set-EmailBody.ps1 │ ├── Set-EmailHead.ps1 │ ├── Set-EmailReportBranding.ps1 │ └── Set-EmailReportDetails.ps1 ├── Parameters │ └── Script.Blacklists.ps1 ├── RunSpaces │ ├── Script.BlockNetDNS.ps1 │ └── Script.BlockResolveDNS.ps1 └── ScriptBlocks │ ├── Script.BlockNetDNSSlow.ps1 │ └── Script.BlockResolveDNSSlow.ps1 ├── Public ├── Search-Blacklist.ps1 └── Start-ReportBlacklists.ps1 ├── README.md └── Tests ├── Search-Blacklists.Tests.ps1 └── Start-ReportBlacklists.Tests.ps1 /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: PrzemyslawKlys 4 | custom: https://paypal.me/PrzemyslawKlys -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | Ignore/* 2 | .vs/* 3 | Releases/* 4 | ReleasesUnpacked/* 5 | .vscode/* 6 | *.html 7 | Artefacts/* -------------------------------------------------------------------------------- /Build/Manage-Module.ps1: -------------------------------------------------------------------------------- 1 | Clear-Host 2 | 3 | Invoke-ModuleBuild -ModuleName 'PSBlackListChecker' { 4 | # Usual defaults as per standard module 5 | $Manifest = @{ 6 | # Version number of this module. 7 | ModuleVersion = '0.8.X' 8 | 9 | # ID used to uniquely identify this module 10 | GUID = '2a79c18e-b153-48b9-9f6c-164d00caa1cb' 11 | # Author of this module 12 | Author = 'Przemyslaw Klys' 13 | # Company or vendor of this module 14 | CompanyName = 'Evotec' 15 | # Copyright statement for this module 16 | Copyright = "(c) 2011 - $((Get-Date).Year) Przemyslaw Klys @ Evotec. All rights reserved." 17 | 18 | # Minimum version of the Windows PowerShell engine required by this module 19 | PowerShellVersion = '5.1' 20 | 21 | # Supported PSEditions 22 | CompatiblePSEditions = @('Desktop', 'Core') 23 | 24 | Description = "This module allows you to easily check if your defined list of IPs are on any of defined blacklists. 25 | It additionally allows you to easily setup Task Scheduled monitoring and send you reports daily / hourly or weekly if needed. 26 | In new version you now have ability to send notificatins to Microsoft Teams, Slack and Discord. 27 | " 28 | # Tags applied to this module. These help with module discovery in online galleries. 29 | Tags = 'blacklist', 'exchange', 'dnsbl', 'msexchange', 'microsoft', 'slack', 'teams', 'discord', 'windows' 30 | 31 | # A URL to the main website for this project. 32 | ProjectUri = 'https://github.com/EvotecIT/PSBlackListChecker' 33 | 34 | # A URL to an icon representing this module. 35 | IconUri = 'https://evotec.xyz/wp-content/uploads/2018/10/PSBlackListChecker.png' 36 | } 37 | New-ConfigurationManifest @Manifest 38 | 39 | New-ConfigurationModule -Type RequiredModule -Name 'PSWriteColor' -Guid Auto -Version Latest 40 | New-ConfigurationModule -Type RequiredModule -Name @( 41 | 'PSSharedGoods' 42 | 'PSTeams' 43 | 'PSDiscord' 44 | ) -Guid Auto -Version Latest 45 | 46 | New-ConfigurationModule -Type ApprovedModule -Name 'PSWriteColor', 'Connectimo', 'PSUnifi', 'PSWebToolbox', 'PSMyPassword', 'PSSharedGoods' 47 | 48 | New-ConfigurationModuleSkip -IgnoreModuleName @( 49 | 'Microsoft.PowerShell.Security' 50 | 'DnsClient' 51 | 'PSSlack' 52 | ) -IgnoreFunctionName 'New-SlackMessage', 'New-SlackMessageAttachment', 'Send-SlackMessage' 53 | 54 | $ConfigurationFormat = [ordered] @{ 55 | RemoveComments = $true 56 | RemoveEmptyLines = $true 57 | 58 | PlaceOpenBraceEnable = $true 59 | PlaceOpenBraceOnSameLine = $true 60 | PlaceOpenBraceNewLineAfter = $true 61 | PlaceOpenBraceIgnoreOneLineBlock = $false 62 | 63 | PlaceCloseBraceEnable = $true 64 | PlaceCloseBraceNewLineAfter = $false 65 | PlaceCloseBraceIgnoreOneLineBlock = $false 66 | PlaceCloseBraceNoEmptyLineBefore = $true 67 | 68 | UseConsistentIndentationEnable = $true 69 | UseConsistentIndentationKind = 'space' 70 | UseConsistentIndentationPipelineIndentation = 'IncreaseIndentationAfterEveryPipeline' 71 | UseConsistentIndentationIndentationSize = 4 72 | 73 | UseConsistentWhitespaceEnable = $true 74 | UseConsistentWhitespaceCheckInnerBrace = $true 75 | UseConsistentWhitespaceCheckOpenBrace = $true 76 | UseConsistentWhitespaceCheckOpenParen = $true 77 | UseConsistentWhitespaceCheckOperator = $true 78 | UseConsistentWhitespaceCheckPipe = $true 79 | UseConsistentWhitespaceCheckSeparator = $true 80 | 81 | AlignAssignmentStatementEnable = $true 82 | AlignAssignmentStatementCheckHashtable = $true 83 | 84 | UseCorrectCasingEnable = $true 85 | } 86 | # format PSD1 and PSM1 files when merging into a single file 87 | # enable formatting is not required as Configuration is provided 88 | New-ConfigurationFormat -ApplyTo 'OnMergePSM1', 'OnMergePSD1' -Sort None @ConfigurationFormat 89 | # format PSD1 and PSM1 files within the module 90 | # enable formatting is required to make sure that formatting is applied (with default settings) 91 | New-ConfigurationFormat -ApplyTo 'DefaultPSD1', 'DefaultPSM1' -EnableFormatting -Sort None 92 | # when creating PSD1 use special style without comments and with only required parameters 93 | New-ConfigurationFormat -ApplyTo 'DefaultPSD1', 'OnMergePSD1' -PSD1Style 'Minimal' 94 | # configuration for documentation, at the same time it enables documentation processing 95 | New-ConfigurationDocumentation -Enable:$false -StartClean -UpdateWhenNew -PathReadme 'Docs\Readme.md' -Path 'Docs' 96 | 97 | New-ConfigurationImportModule -ImportSelf 98 | 99 | New-ConfigurationBuild -Enable:$true -SignModule -MergeModuleOnBuild -MergeFunctionsFromApprovedModules -CertificateThumbprint '483292C9E317AA13B07BB7A96AE9D1A5ED9E7703' 100 | 101 | #New-ConfigurationTest -TestsPath "$PSScriptRoot\..\Tests" -Enable 102 | 103 | New-ConfigurationArtefact -Type Unpacked -Enable -Path "$PSScriptRoot\..\Artefacts\Unpacked" -AddRequiredModules 104 | New-ConfigurationArtefact -Type Packed -Enable -Path "$PSScriptRoot\..\Artefacts\Packed" -ArtefactName '.v.zip' 105 | 106 | # options for publishing to github/psgallery 107 | #New-ConfigurationPublish -Type PowerShellGallery -FilePath 'C:\Support\Important\PowerShellGalleryAPI.txt' -Enabled:$true 108 | #New-ConfigurationPublish -Type GitHub -FilePath 'C:\Support\Important\GitHubAPI.txt' -UserName 'EvotecIT' -Enabled:$true 109 | } -ExitCode -------------------------------------------------------------------------------- /Docs/Readme.md: -------------------------------------------------------------------------------- 1 | --- 2 | Module Name: PSBlackListChecker 3 | Module Guid: 2a79c18e-b153-48b9-9f6c-164d00caa1cb 4 | Download Help Link: {{Please enter FwLink manually}} 5 | Help Version: {{Please enter version of help manually (X.X.X.X) format}} 6 | Locale: en-US 7 | --- 8 | 9 | # PSBlackListChecker Module 10 | ## Description 11 | {{Manually Enter Description Here}} 12 | 13 | ## PSBlackListChecker Cmdlets 14 | ### [Search-BlackList](Search-BlackList.md) 15 | {{Fill in the Synopsis}} 16 | 17 | ### [Start-ReportBlackLists](Start-ReportBlackLists.md) 18 | {{Fill in the Synopsis}} 19 | 20 | -------------------------------------------------------------------------------- /Docs/Search-BlackList.md: -------------------------------------------------------------------------------- 1 | --- 2 | external help file: PSBlackListChecker-help.xml 3 | Module Name: PSBlackListChecker 4 | online version: 5 | schema: 2.0.0 6 | --- 7 | 8 | # Search-BlackList 9 | 10 | ## SYNOPSIS 11 | {{Fill in the Synopsis}} 12 | 13 | ## SYNTAX 14 | 15 | ``` 16 | Search-BlackList [[-IPs] ] [[-BlacklistServers] ] [-ReturnAll] [[-RunType] ] 17 | [[-SortBy] ] [-SortDescending] [-QuickTimeout] [[-MaxRunspaces] ] [[-DNSServer] ] 18 | [-ExtendedOutput] [] 19 | ``` 20 | 21 | ## DESCRIPTION 22 | {{Fill in the Description}} 23 | 24 | ## EXAMPLES 25 | 26 | ### Example 1 27 | ```powershell 28 | PS C:\> {{ Add example code here }} 29 | ``` 30 | 31 | {{ Add example description here }} 32 | 33 | ## PARAMETERS 34 | 35 | ### -IPs 36 | {{Fill IPs Description}} 37 | 38 | ```yaml 39 | Type: String[] 40 | Parameter Sets: (All) 41 | Aliases: IP 42 | 43 | Required: False 44 | Position: 1 45 | Default value: None 46 | Accept pipeline input: False 47 | Accept wildcard characters: False 48 | ``` 49 | 50 | ### -BlacklistServers 51 | {{Fill BlacklistServers Description}} 52 | 53 | ```yaml 54 | Type: String[] 55 | Parameter Sets: (All) 56 | Aliases: 57 | 58 | Required: False 59 | Position: 2 60 | Default value: None 61 | Accept pipeline input: False 62 | Accept wildcard characters: False 63 | ``` 64 | 65 | ### -ReturnAll 66 | {{Fill ReturnAll Description}} 67 | 68 | ```yaml 69 | Type: SwitchParameter 70 | Parameter Sets: (All) 71 | Aliases: 72 | 73 | Required: False 74 | Position: Named 75 | Default value: None 76 | Accept pipeline input: False 77 | Accept wildcard characters: False 78 | ``` 79 | 80 | ### -RunType 81 | {{Fill RunType Description}} 82 | 83 | ```yaml 84 | Type: String 85 | Parameter Sets: (All) 86 | Aliases: 87 | 88 | Required: False 89 | Position: 3 90 | Default value: None 91 | Accept pipeline input: False 92 | Accept wildcard characters: False 93 | ``` 94 | 95 | ### -SortBy 96 | {{Fill SortBy Description}} 97 | 98 | ```yaml 99 | Type: String 100 | Parameter Sets: (All) 101 | Aliases: 102 | 103 | Required: False 104 | Position: 4 105 | Default value: None 106 | Accept pipeline input: False 107 | Accept wildcard characters: False 108 | ``` 109 | 110 | ### -SortDescending 111 | {{Fill SortDescending Description}} 112 | 113 | ```yaml 114 | Type: SwitchParameter 115 | Parameter Sets: (All) 116 | Aliases: 117 | 118 | Required: False 119 | Position: Named 120 | Default value: None 121 | Accept pipeline input: False 122 | Accept wildcard characters: False 123 | ``` 124 | 125 | ### -QuickTimeout 126 | {{Fill QuickTimeout Description}} 127 | 128 | ```yaml 129 | Type: SwitchParameter 130 | Parameter Sets: (All) 131 | Aliases: 132 | 133 | Required: False 134 | Position: Named 135 | Default value: None 136 | Accept pipeline input: False 137 | Accept wildcard characters: False 138 | ``` 139 | 140 | ### -MaxRunspaces 141 | {{Fill MaxRunspaces Description}} 142 | 143 | ```yaml 144 | Type: Int32 145 | Parameter Sets: (All) 146 | Aliases: 147 | 148 | Required: False 149 | Position: 5 150 | Default value: None 151 | Accept pipeline input: False 152 | Accept wildcard characters: False 153 | ``` 154 | 155 | ### -DNSServer 156 | {{Fill DNSServer Description}} 157 | 158 | ```yaml 159 | Type: String[] 160 | Parameter Sets: (All) 161 | Aliases: 162 | 163 | Required: False 164 | Position: 6 165 | Default value: None 166 | Accept pipeline input: False 167 | Accept wildcard characters: False 168 | ``` 169 | 170 | ### -ExtendedOutput 171 | {{Fill ExtendedOutput Description}} 172 | 173 | ```yaml 174 | Type: SwitchParameter 175 | Parameter Sets: (All) 176 | Aliases: 177 | 178 | Required: False 179 | Position: Named 180 | Default value: None 181 | Accept pipeline input: False 182 | Accept wildcard characters: False 183 | ``` 184 | 185 | ### CommonParameters 186 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 187 | 188 | ## INPUTS 189 | 190 | ### None 191 | 192 | ## OUTPUTS 193 | 194 | ### System.Object 195 | ## NOTES 196 | 197 | ## RELATED LINKS 198 | -------------------------------------------------------------------------------- /Docs/Start-ReportBlackLists.md: -------------------------------------------------------------------------------- 1 | --- 2 | external help file: PSBlackListChecker-help.xml 3 | Module Name: PSBlackListChecker 4 | online version: 5 | schema: 2.0.0 6 | --- 7 | 8 | # Start-ReportBlackLists 9 | 10 | ## SYNOPSIS 11 | {{Fill in the Synopsis}} 12 | 13 | ## SYNTAX 14 | 15 | ``` 16 | Start-ReportBlackLists [[-EmailParameters] ] [[-FormattingParameters] ] 17 | [[-ReportOptions] ] [-OutputErrors] [] 18 | ``` 19 | 20 | ## DESCRIPTION 21 | {{Fill in the Description}} 22 | 23 | ## EXAMPLES 24 | 25 | ### Example 1 26 | ```powershell 27 | PS C:\> {{ Add example code here }} 28 | ``` 29 | 30 | {{ Add example description here }} 31 | 32 | ## PARAMETERS 33 | 34 | ### -EmailParameters 35 | {{Fill EmailParameters Description}} 36 | 37 | ```yaml 38 | Type: IDictionary 39 | Parameter Sets: (All) 40 | Aliases: 41 | 42 | Required: False 43 | Position: 0 44 | Default value: None 45 | Accept pipeline input: False 46 | Accept wildcard characters: False 47 | ``` 48 | 49 | ### -FormattingParameters 50 | {{Fill FormattingParameters Description}} 51 | 52 | ```yaml 53 | Type: IDictionary 54 | Parameter Sets: (All) 55 | Aliases: 56 | 57 | Required: False 58 | Position: 1 59 | Default value: None 60 | Accept pipeline input: False 61 | Accept wildcard characters: False 62 | ``` 63 | 64 | ### -OutputErrors 65 | {{Fill OutputErrors Description}} 66 | 67 | ```yaml 68 | Type: SwitchParameter 69 | Parameter Sets: (All) 70 | Aliases: 71 | 72 | Required: False 73 | Position: Named 74 | Default value: None 75 | Accept pipeline input: False 76 | Accept wildcard characters: False 77 | ``` 78 | 79 | ### -ReportOptions 80 | {{Fill ReportOptions Description}} 81 | 82 | ```yaml 83 | Type: IDictionary 84 | Parameter Sets: (All) 85 | Aliases: 86 | 87 | Required: False 88 | Position: 2 89 | Default value: None 90 | Accept pipeline input: False 91 | Accept wildcard characters: False 92 | ``` 93 | 94 | ### CommonParameters 95 | This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). 96 | 97 | ## INPUTS 98 | 99 | ### None 100 | 101 | ## OUTPUTS 102 | 103 | ### System.Object 104 | ## NOTES 105 | 106 | ## RELATED LINKS 107 | -------------------------------------------------------------------------------- /Examples/Search-BlackList-Manual.ps1: -------------------------------------------------------------------------------- 1 | Import-Module ..\PSBlackListChecker -Force 2 | 3 | $IP = '89.74.48.96' 4 | $IP1 = '89.74.48.97' 5 | $MultipleIP = $IP, $IP1 6 | 7 | Write-Color "Test 1" -Color Red 8 | Search-BlackList -IP $IP | Format-Table -AutoSize 9 | Write-Color "Test 2" -Color Red 10 | Search-BlackList -IP $IP -ReturnAll | Format-Table -AutoSize -------------------------------------------------------------------------------- /Examples/Search-BlackList-Report.ps1: -------------------------------------------------------------------------------- 1 | $EmailParameters = @{ 2 | EmailFrom = "monitoring@domain.pl" 3 | EmailTo = "przemyslaw.klys@domain.pl" # 4 | EmailCC = "" 5 | EmailBCC = "" 6 | EmailServer = "" 7 | EmailServerPassword = "" 8 | EmailServerPort = "587" 9 | EmailServerLogin = "" 10 | EmailServerEnableSSL = 1 11 | EmailEncoding = "Unicode" 12 | EmailSubject = "[Reporting] Blacklist monitoring" 13 | EmailPriority = "Low" # Normal, High 14 | } 15 | $FormattingParameters = @{ 16 | CompanyBrandingTemplate = 'TemplateDefault' 17 | CompanyBranding = @{ 18 | Logo = "https://evotec.xyz/wp-content/uploads/2015/05/Logo-evotec-012.png" 19 | Width = "200" 20 | Height = "" 21 | Link = "https://evotec.xyz" 22 | Inline = $false 23 | } 24 | FontFamily = "Calibri Light" 25 | FontSize = "9pt" 26 | 27 | FontHeadingFamily = "Calibri Light" 28 | FontHeadingSize = "12pt" 29 | 30 | FontTableHeadingFamily = "Calibri Light" 31 | FontTableHeadingSize = "9pt" 32 | 33 | FontTableDataFamily = "Calibri Light" 34 | FontTableDataSize = "9pt" 35 | } 36 | $ReportOptions = @{ 37 | SortBy = 'IsListed' # Options: 'IP', 'BlackList', 'IsListed', 'Answer', 'FQDN 38 | SortDescending = $true 39 | 40 | MonitoredIps = @{ 41 | Ip1 = '89.25.253.1' 42 | Ip2 = '188.117.129.1' 43 | # you can add as many Ip's as you want / IP1,2,3,4,5 etc 44 | } 45 | NotificationsEmail = @{ 46 | Use = $false 47 | EmailPriorityWhenBlacklisted = 'High' 48 | EmailPriorityStandard = 'Low' 49 | EmailAllResults = $false 50 | EmailAlways = $true 51 | } 52 | # Module uses PSTeams - it comes embedded with PSBlackListChedcker 53 | NotificationsTeams = @{ 54 | Use = $false 55 | TeamsID = '' 56 | MessageTitle = 'IP Blacklisted' 57 | MessageText = 'Everybody panic!' 58 | MessageImageLink = 'https://raw.githubusercontent.com/EvotecIT/PSTeams/master/Links/Asset%20130.png' 59 | MessageButtons = $true 60 | } 61 | # Module uses PSSlack - it comes embedded with PSBlackListChecker 62 | NotificationsSlack = @{ 63 | Use = $false 64 | Uri = "" 65 | MessageTitle = 'IP Blacklisted' 66 | MessageText = 'Everybody panic!' 67 | MessageButtons = $true 68 | MessageEmoji = ':hankey:' # Emoji List https://www.webpagefx.com/tools/emoji-cheat-sheet/ 69 | MessageAsUser = 'PSBlackListChecker' 70 | } 71 | # Module uses PSDiscord - it comes embedded with PSBlackListChedcker 72 | NotificationsDiscord = @{ 73 | Use = $false 74 | Uri = 'https://discordapp.com/api/webhooks/...' 75 | MessageImageLink = 'https://raw.githubusercontent.com/EvotecIT/PSTeams/master/Links/Asset%20130.png' 76 | MessageColor = 'blue' 77 | MessageText = 'Everybody panic!' 78 | MessageAsUser = 'PSBlackListChecker' 79 | MessageAsUserImage = 'https://raw.githubusercontent.com/EvotecIT/PSTeams/master/Links/Asset%20130.png' 80 | MessageInline = $false 81 | } 82 | } 83 | 84 | Start-ReportBlackLists -EmailParameters $EmailParameters -FormattingParameters $FormattingParameters -ReportOptions $ReportOptions -------------------------------------------------------------------------------- /Examples/Search-Blacklist-Advanced.ps1: -------------------------------------------------------------------------------- 1 | Import-Module ..\PSSharedGoods\PSSharedGoods.psd1 -Force 2 | Import-Module ..\PSBlackListChecker -Force 3 | 4 | $IP = '89.74.48.96' 5 | $IP1 = '89.74.48.97' 6 | $MultipleIP = $IP, $IP1 7 | 8 | Write-Color "Test 3" -Color Red 9 | Search-BlackList -IP $IP -RunType RunSpaceWithResolveDNS | Format-Table -AutoSize 10 | Write-Color "Test 4" -Color Red 11 | Search-BlackList -IP $IP -RunType RunSpaceWithNetDNS | Format-Table -AutoSize 12 | Write-Color "Test 5" -Color Red 13 | Search-Blacklist -IP $IP -RunType NoWorkflowAndRunSpaceNetDNS | Format-Table 14 | Write-Color "Test 6" -Color Red 15 | Search-BlackList -IP $IP -ReturnAll | Format-Table -AutoSize 16 | Write-Color "Test 7" -Color Red 17 | Search-BlackList -IP $IP -ReturnAll -SortBy IsListed -SortDescending | Format-Table -AutoSize 18 | Write-Color "Test 8" -Color Red 19 | Search-BlackList -IP $MultipleIP -ReturnAll -SortBy Ip | Format-Table -AutoSize 20 | Write-Color "Test 9" -Color Red 21 | Search-BlackList -IP $MultipleIP -ReturnAll -SortBy BlackList | Format-Table -AutoSize 22 | -------------------------------------------------------------------------------- /Examples/Search-Blacklist-SpeedComparison.ps1: -------------------------------------------------------------------------------- 1 | Clear-Host 2 | Import-Module PSBlackListChecker -Force 3 | 4 | $RunTypes = 'NoWorkflowAndRunSpaceNetDNS', 'NoWorkflowAndRunSpaceResolveDNS', 'WorkflowResolveDNS', 'WorkflowWithNetDNS', 'RunSpaceWithResolveDNS', 'RunSpaceWithNetDNS' 5 | 6 | $IPs = '89.74.48.96' #, '89.74.48.97', '89.74.48.98', '89.74.48.99' 7 | 8 | $Results = @() 9 | foreach ($RunType in $RunTypes) { 10 | Write-Color '[', 'start ', ']', ' Testing ', $RunType -Color White, Green, White, White, Yellow 11 | $StopWatch = [System.Diagnostics.Stopwatch]::StartNew() 12 | $BlackList = Search-BlackList -IP $IPs -RunType $RunType -ReturnAll 13 | $StopWatch.Stop() 14 | $BlackListListed = $BlackList | Where-Object { $_.Islisted -eq $true } 15 | $BlackListListed | Format-Table -AutoSize 16 | Write-Color '[', 'output', ']', ' Blacklist Count ', $Blacklist.Count, ' Blacklist Listed Count ', $($BlackListListed.Count) -Color White, Yellow, White, White, Gray, White, Green 17 | Write-Color '[', 'end ', ']', ' Elapsed ', $RunType, ' minutes: ', $StopWatch.Elapsed.Minutes, ' seconds: ', $StopWatch.Elapsed.Seconds, ' Milliseconds: ', $StopWatch.Elapsed.Milliseconds -Color White, Red, White, White, Yellow, White, Yellow, White, Green, White, Green, White, Green 18 | 19 | $Results += [PsCustomObject][ordered]@{ 20 | 'RunType' = $RunType 21 | 'BlackList All' = $Blacklist.Count 22 | 'BlackList Found' = $BlackListListed.Count 23 | 'Time Minutes' = $StopWatch.Elapsed.Minutes 24 | 'Time Seconds' = $StopWatch.Elapsed.Seconds 25 | 'Time Milliseconds' = $StopWatch.Elapsed.Milliseconds 26 | } 27 | } 28 | 29 | $Results | Format-Table -Autosize -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Przemyslaw Klys 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /PSBlackListChecker.AzurePipelines.yml: -------------------------------------------------------------------------------- 1 | jobs: 2 | - job: Build_PS_Win2016 3 | pool: 4 | vmImage: vs2017-win2016 5 | steps: 6 | - powershell: | 7 | Install-Module -Name Pester -Repository PSGallery -Force -SkipPublisherCheck 8 | .\PSBlackListChecker.Tests.ps1 $(TEAMSPESTERID) $(SLACKPESTERID) $(DISCORDURL) 9 | displayName: "Run Pester Tests - PowerShell 5" 10 | # - script: | 11 | # pwsh -c '.\PSBlackListChecker.Tests.ps1' $(TEAMSPESTERID) $(SLACKPESTERID) $(DISCORDURL) 12 | # displayName: "Run Pester Tests - PowerShell 6+" 13 | 14 | - job: Build_PSCore_Ubuntu1604 15 | pool: 16 | vmImage: ubuntu-16.04 17 | steps: 18 | - script: | 19 | curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - 20 | curl https://packages.microsoft.com/config/ubuntu/16.04/prod.list | sudo tee /etc/apt/sources.list.d/microsoft.list 21 | sudo apt-get update 22 | sudo apt-get install -y powershell 23 | displayName: "Install PowerShell Core" 24 | - script: | 25 | pwsh -c '.\PSBlackListChecker.Tests.ps1' $(TEAMSPESTERID) $(SLACKPESTERID) $(DISCORDURL) 26 | displayName: "Run Pester Tests" 27 | 28 | - job: Build_PSCore_MacOS1013 29 | pool: 30 | vmImage: xcode9-macos10.13 31 | steps: 32 | - script: | 33 | brew update 34 | brew tap caskroom/cask 35 | brew install mono-libgdiplus 36 | brew cask install powershell 37 | displayName: "Install PowerShell Core" 38 | - script: | 39 | pwsh -c '.\PSBlackListChecker.Tests.ps1' $(TEAMSPESTERID) $(SLACKPESTERID) $(DISCORDURL) 40 | displayName: "Run Pester Tests" 41 | -------------------------------------------------------------------------------- /PSBlackListChecker.Tests.ps1: -------------------------------------------------------------------------------- 1 | param ( 2 | $TeamsID = $Env:TEAMSPESTERID, 3 | $SlackID = $Env:SLACKPESTERID, 4 | $DiscordID = $Env:DISCORDURL 5 | ) 6 | $PSVersionTable.PSVersion 7 | 8 | $ModuleName = (Get-ChildItem -Path $PSScriptRoot\*.psd1).BaseNam 9 | $ModulePath = (Get-ChildItem -Path $PSScriptRoot\*.psd1).FullName 10 | 11 | $Pester = (Get-Module -ListAvailable pester) 12 | if ($null -eq $Pester -or ($Pester[0].Version.Major -le 4 -and $Pester[0].Version.Minor -lt 4)) { 13 | Write-Warning "$ModuleName - Downloading Pester from PSGallery" 14 | Install-Module -Name Pester -Repository PSGallery -Force -SkipPublisherCheck -Scope CurrentUser 15 | } 16 | 17 | 18 | $RequiredModules = (Get-Content -Raw $PSScriptRoot\*.psd1) | Invoke-Expression | ForEach-Object RequiredModules 19 | foreach ($Module in $RequiredModules) { 20 | if ($Module -is [hashtable]) { 21 | $ModuleRequiredName = $Module.ModuleName 22 | } elseif ($Module) { 23 | $ModuleRequiredName = $Module 24 | } 25 | $ModuleFound = Get-Module -ListAvailable $ModuleRequiredName 26 | if ($null -eq $ModuleFound) { 27 | Write-Warning "$ModuleName - Downloading $ModuleRequiredName from PSGallery" 28 | Install-Module -Name $ModuleRequiredName -Repository PSGallery -Force -Scope CurrentUser 29 | } 30 | } 31 | Import-Module -Name $ModulePath -Force -ErrorAction Stop 32 | 33 | $result = Invoke-Pester -Script @{ Path = "$($PSScriptRoot)\Tests"; Parameters = @{ TeamsID = $TeamsID; SlackID = $SlackID; DiscordID = $DiscordID } } -EnableExit 34 | 35 | if ($result.FailedCount -gt 0) { 36 | throw "$($result.FailedCount) tests failed." 37 | } -------------------------------------------------------------------------------- /PSBlackListChecker.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | AliasesToExport = @() 3 | Author = 'Przemyslaw Klys' 4 | CmdletsToExport = @() 5 | CompanyName = 'Evotec' 6 | CompatiblePSEditions = @('Desktop', 'Core') 7 | Copyright = '(c) 2011 - 2024 Przemyslaw Klys @ Evotec. All rights reserved.' 8 | Description = 'This module allows you to easily check if your defined list of IPs are on any of defined blacklists. 9 | It additionally allows you to easily setup Task Scheduled monitoring and send you reports daily / hourly or weekly if needed. 10 | In new version you now have ability to send notificatins to Microsoft Teams, Slack and Discord. 11 | ' 12 | FunctionsToExport = @('Search-BlackList', 'Start-ReportBlackLists') 13 | GUID = '2a79c18e-b153-48b9-9f6c-164d00caa1cb' 14 | ModuleVersion = '0.8.7' 15 | PowerShellVersion = '5.1' 16 | PrivateData = @{ 17 | PSData = @{ 18 | IconUri = 'https://evotec.xyz/wp-content/uploads/2018/10/PSBlackListChecker.png' 19 | ProjectUri = 'https://github.com/EvotecIT/PSBlackListChecker' 20 | Tags = @('blacklist', 'exchange', 'dnsbl', 'msexchange', 'microsoft', 'slack', 'teams', 'discord', 'windows') 21 | } 22 | } 23 | RequiredModules = @(@{ 24 | Guid = '0b0ba5c5-ec85-4c2b-a718-874e55a8bc3f' 25 | ModuleName = 'PSWriteColor' 26 | ModuleVersion = '1.0.1' 27 | }, @{ 28 | Guid = 'ee272aa8-baaa-4edf-9f45-b6d6f7d844fe' 29 | ModuleName = 'PSSharedGoods' 30 | ModuleVersion = '0.0.294' 31 | }, @{ 32 | Guid = 'a46c3b0b-5687-4d62-89c5-753ae01e0926' 33 | ModuleName = 'PSTeams' 34 | ModuleVersion = '2.4.0' 35 | }, @{ 36 | Guid = 'd5ae39b1-56a4-4f43-b251-e402b0c3c485' 37 | ModuleName = 'PSDiscord' 38 | ModuleVersion = '0.2.4' 39 | }) 40 | RootModule = 'PSBlackListChecker.psm1' 41 | } -------------------------------------------------------------------------------- /PSBlackListChecker.psm1: -------------------------------------------------------------------------------- 1 | #Get public and private function definition files. 2 | $Public = @( Get-ChildItem -Path $PSScriptRoot\Public\*.ps1 -ErrorAction SilentlyContinue -Recurse ) 3 | $Private = @( Get-ChildItem -Path $PSScriptRoot\Private\*.ps1 -ErrorAction SilentlyContinue -Recurse) 4 | 5 | #Dot source the files 6 | Foreach ($import in @($Public + $Private)) { 7 | Try { 8 | . $import.fullname 9 | } Catch { 10 | Write-Error -Message "Failed to import function $($import.fullname): $_" 11 | } 12 | } 13 | 14 | Export-ModuleMember -Function * -Alias * -------------------------------------------------------------------------------- /Private/Emails/Set-EmailBody.ps1: -------------------------------------------------------------------------------- 1 | function Set-EmailBody($TableData, $TableWelcomeMessage) { 2 | $body = @( 3 | "

$TableWelcomeMessage" 4 | if ($($TableData | Measure-Object).Count -gt 0) { 5 | $TableData | ConvertTo-Html -Fragment | Out-String 6 | $body = $body -replace ' Added', " Added" 7 | $body = $body -replace ' Removed', " Removed" 8 | $body = $body -replace ' Deleted', " Deleted" 9 | $body = $body -replace ' Changed', " Changed" 10 | $body = $body -replace ' Change', " Change" 11 | $body = $body -replace ' Disabled', " Disabled" 12 | $body = $body -replace ' Enabled', " Enabled" 13 | $body = $body -replace ' Locked out', " Locked out" 14 | $body = $body -replace ' Lockouts', " Lockouts" 15 | $body = $body -replace ' Unlocked', " Unlocked" 16 | $body = $body -replace ' Reset', " Reset" 17 | '

' 18 | } else { 19 | '
No changes happend during that period.

' 20 | } 21 | ) 22 | return $body 23 | } 24 | -------------------------------------------------------------------------------- /Private/Emails/Set-EmailHead.ps1: -------------------------------------------------------------------------------- 1 | function Set-EmailHead { 2 | [cmdletBinding()] 3 | param( 4 | [System.Collections.IDictionary] $FormattingOptions 5 | ) 6 | $head = @" 7 | 8 | 9 | 10 | 11 | 75 | 76 | "@ 77 | return $Head 78 | } -------------------------------------------------------------------------------- /Private/Emails/Set-EmailReportBranding.ps1: -------------------------------------------------------------------------------- 1 | function Set-EmailReportBranding { 2 | param( 3 | [alias('FormattingOptions')] $FormattingParameters 4 | ) 5 | if ($FormattingParameters.CompanyBranding.Link) { 6 | $Report = "" 7 | } else { 8 | $Report = '' 9 | } 10 | if ($FormattingParameters.CompanyBranding.Inline) { 11 | $Report += " height= src=`"cid:logo`" border=`"0`" class=`"company-logo`" alt=`"company-logo`">" 12 | } else { 13 | $Report += " height= src=`"$($FormattingParameters.CompanyBranding.Logo)`" border=`"0`" class=`"company-logo`" alt=`"company-logo`">" 14 | } 15 | if ($FormattingParameters.CompanyBranding.Width -ne "") { 16 | $Report = $Report -replace "width=", "width=$($FormattingParameters.CompanyBranding.Width)" 17 | } else { 18 | $Report = $Report -replace "width=", "" 19 | } 20 | if ($FormattingParameters.CompanyBranding.Height -ne "") { 21 | $Report = $Report -replace "height=", "height=$($FormattingParameters.CompanyBranding.Height)" 22 | } else { 23 | $Report = $Report -replace "height=", "" 24 | } 25 | return $Report 26 | } -------------------------------------------------------------------------------- /Private/Emails/Set-EmailReportDetails.ps1: -------------------------------------------------------------------------------- 1 | function Set-EmailReportDetails { 2 | param( 3 | $FormattingOptions, 4 | $ReportOptions, 5 | $TimeToGenerate 6 | ) 7 | $DateReport = get-date 8 | # HTML Report settings 9 | $Report = @( 10 | "

" 11 | "Report Time: $DateReport
" 12 | "Time to generate: $($TimeToGenerate.Hours) hours, $($TimeToGenerate.Minutes) minutes, $($TimeToGenerate.Seconds) seconds, $($TimeToGenerate.Milliseconds) milliseconds
" 13 | 14 | if ($PSVersionTable.Platform -ne 'Unix') { 15 | "Account Executing Report : $env:userdomain\$($env:username.toupper()) on $($env:ComputerName.toUpper())
" 16 | } else { 17 | # needs filling in. 18 | } 19 | 'Checking for monitored IPs :' 20 | '

    ' 21 | foreach ($ip in $ReportOptions.MonitoredIps.Values) { 22 | "
  • ip: $ip
    • " 23 | } 24 | '
' 25 | '

' 26 | ) 27 | return $Report 28 | } -------------------------------------------------------------------------------- /Private/Parameters/Script.Blacklists.ps1: -------------------------------------------------------------------------------- 1 | [string[]] $Script:BlackLists = @( 2 | 'b.barracudacentral.org' 3 | 'spam.rbl.msrbl.net' 4 | 'zen.spamhaus.org' 5 | 'bl.deadbeef.com' 6 | #'bl.emailbasura.org' dead as per https://github.com/EvotecIT/PSBlackListChecker/issues/8 7 | 'bl.spamcop.net' 8 | 'blackholes.five-ten-sg.com' 9 | 'blacklist.woody.ch' 10 | 'bogons.cymru.com' 11 | 'cbl.abuseat.org' 12 | 'combined.abuse.ch' 13 | 'combined.rbl.msrbl.net' 14 | 'db.wpbl.info' 15 | 'dnsbl-1.uceprotect.net' 16 | 'dnsbl-2.uceprotect.net' 17 | 'dnsbl-3.uceprotect.net' 18 | 'dnsbl.cyberlogic.net' 19 | 'dnsbl.inps.de' 20 | #'dnsbl.sorbs.net' # https://github.com/EvotecIT/PSBlackListChecker/issues/11 21 | 'drone.abuse.ch' 22 | 'drone.abuse.ch' 23 | 'duinv.aupads.org' 24 | 'dul.dnsbl.sorbs.net' 25 | 'dul.ru' 26 | 'dyna.spamrats.com' 27 | # 'dynip.rothen.com' dead as per https://github.com/EvotecIT/PSBlackListChecker/issues/9 28 | #'http.dnsbl.sorbs.net' # https://github.com/EvotecIT/PSBlackListChecker/issues/11 29 | 'images.rbl.msrbl.net' 30 | 'ips.backscatterer.org' 31 | 'ix.dnsbl.manitu.net' 32 | 'korea.services.net' 33 | #'misc.dnsbl.sorbs.net' # https://github.com/EvotecIT/PSBlackListChecker/issues/11 34 | 'noptr.spamrats.com' 35 | 'ohps.dnsbl.net.au' 36 | 'omrs.dnsbl.net.au' 37 | 'orvedb.aupads.org' 38 | 'osps.dnsbl.net.au' 39 | 'osrs.dnsbl.net.au' 40 | 'owfs.dnsbl.net.au' 41 | 'owps.dnsbl.net.au' 42 | 'pbl.spamhaus.org' 43 | 'phishing.rbl.msrbl.net' 44 | 'probes.dnsbl.net.au' 45 | 'proxy.bl.gweep.ca' 46 | 'proxy.block.transip.nl' 47 | 'psbl.surriel.com' 48 | 'rbl.interserver.net' 49 | 'rdts.dnsbl.net.au' 50 | 'relays.bl.gweep.ca' 51 | 'relays.bl.kundenserver.de' 52 | 'relays.nether.net' 53 | 'residential.block.transip.nl' 54 | 'ricn.dnsbl.net.au' 55 | 'rmst.dnsbl.net.au' 56 | 'sbl.spamhaus.org' 57 | 'short.rbl.jp' 58 | #'smtp.dnsbl.sorbs.net' # https://github.com/EvotecIT/PSBlackListChecker/issues/11 59 | #'socks.dnsbl.sorbs.net' # https://github.com/EvotecIT/PSBlackListChecker/issues/11 60 | 'spam.abuse.ch' 61 | #'spam.dnsbl.sorbs.net' # https://github.com/EvotecIT/PSBlackListChecker/issues/11 62 | 'spam.spamrats.com' 63 | 'spamlist.or.kr' 64 | 'spamrbl.imp.ch' 65 | 't3direct.dnsbl.net.au' 66 | 'ubl.lashback.com' 67 | 'ubl.unsubscore.com' 68 | 'virbl.bit.nl' 69 | 'virus.rbl.jp' 70 | 'virus.rbl.msrbl.net' 71 | #'web.dnsbl.sorbs.net' # https://github.com/EvotecIT/PSBlackListChecker/issues/11 72 | 'wormrbl.imp.ch' 73 | 'xbl.spamhaus.org' 74 | #'zombie.dnsbl.sorbs.net' # https://github.com/EvotecIT/PSBlackListChecker/issues/11 75 | #'bl.spamcannibal.org' now a parked domain 76 | #'tor.ahbl.org' # as per https://ahbl.org/ was terminated in 2015 77 | #'tor.dnsbl.sectoor.de' parked domain 78 | #'torserver.tor.dnsbl.sectoor.de' as above 79 | #'dnsbl.njabl.org' # supposedly doesn't work properly anymore 80 | # 'dnsbl.ahbl.org' # as per https://ahbl.org/ was terminated in 2015 81 | # 'cdl.anti-spam.org.cn' Inactive 82 | ) -------------------------------------------------------------------------------- /Private/RunSpaces/Script.BlockNetDNS.ps1: -------------------------------------------------------------------------------- 1 | $Script:ScriptBlockNetDNS = { 2 | param ( 3 | [string] $Server, 4 | [string] $IP, 5 | [bool] $QuickTimeout, 6 | [bool] $Verbose 7 | ) 8 | if ($Verbose) { 9 | $verbosepreference = 'continue' 10 | } 11 | $ReversedIP = ($IP -split '\.')[3..0] -join '.' 12 | $FQDN = "$ReversedIP.$Server" 13 | try { 14 | $DnsCheck = [Net.DNS]::GetHostAddresses($fqdn) 15 | } catch { 16 | $DnsCheck = $null 17 | } 18 | if ($null -ne $DnsCheck) { 19 | $ServerData = [PSCustomObject] @{ 20 | IP = $IP 21 | FQDN = $FQDN 22 | BlackList = $Server 23 | IsListed = if ($null -eq $DNSCheck.IPAddressToString) { $false } else { $true } 24 | Answer = $DnsCheck.IPAddressToString -join ', ' 25 | TTL = '' 26 | } 27 | } else { 28 | $ServerData = [PSCustomObject] @{ 29 | IP = $IP 30 | FQDN = $FQDN 31 | BlackList = $Server 32 | IsListed = $false 33 | Answer = "" 34 | TTL = '' 35 | } 36 | } 37 | 38 | return $ServerData 39 | } -------------------------------------------------------------------------------- /Private/RunSpaces/Script.BlockResolveDNS.ps1: -------------------------------------------------------------------------------- 1 | $Script:ScriptBlockResolveDNS = { 2 | param ( 3 | [string] $Server, 4 | [string] $IP, 5 | [bool] $QuickTimeout, 6 | [bool] $Verbose, 7 | [string[]] $DNSServer = '' 8 | ) 9 | if ($Verbose) { 10 | $verbosepreference = 'continue' 11 | } 12 | [string] $ReversedIP = ($IP -split '\.')[3..0] -join '.' 13 | [string] $FQDN = "$ReversedIP.$Server" 14 | 15 | [int] $Count = 0 16 | [bool] $Loaded = $false 17 | Do { 18 | try { 19 | Import-Module -Name 'DnsClient' -Verbose:$false 20 | $Loaded = $true 21 | } catch { 22 | Write-Warning "DNSClient Import Error ($Server / $FQDN / $IP): $_. Retrying." 23 | } 24 | $Count++ 25 | if ($Loaded -eq $false -and $Count -eq 5) { 26 | Write-Warning "DNSClient Import failed. Skipping check on $Server / $FQDN / $IP" 27 | } 28 | } until ($Loaded -eq $false -or $Count -eq 5) 29 | 30 | if ($DNSServer -ne '') { 31 | $DnsCheck = Resolve-DnsName -Name $fqdn -ErrorAction SilentlyContinue -NoHostsFile -QuickTimeout:$QuickTimeout -Server $DNSServer -DnsOnly # Impact of using -QuickTimeout unknown 32 | } else { 33 | $DnsCheck = Resolve-DnsName -Name $fqdn -ErrorAction SilentlyContinue -NoHostsFile -QuickTimeout:$QuickTimeout -DnsOnly 34 | } 35 | 36 | 37 | if ($null -ne $DnsCheck) { 38 | $ServerData = [PSCustomObject] @{ 39 | IP = $IP 40 | FQDN = $FQDN 41 | BlackList = $Server 42 | IsListed = if ($null -eq $DNSCheck.IpAddress) { $false } else { $true } 43 | Answer = $DnsCheck.IPAddress -join ', ' 44 | TTL = $DnsCheck.TTL -join ', ' 45 | } 46 | } else { 47 | $ServerData = [PSCustomObject] @{ 48 | IP = $IP 49 | FQDN = $FQDN 50 | BlackList = $Server 51 | IsListed = $false 52 | Answer = '' 53 | TTL = '' 54 | } 55 | } 56 | return $ServerData 57 | } -------------------------------------------------------------------------------- /Private/ScriptBlocks/Script.BlockNetDNSSlow.ps1: -------------------------------------------------------------------------------- 1 | $Script:ScriptBlockNetDNSSlow = { 2 | param ( 3 | [string[]] $Servers, 4 | [string[]] $IPs, 5 | [bool] $QuickTimeout, 6 | [bool] $Verbose 7 | ) 8 | if ($Verbose) { 9 | $verbosepreference = 'continue' 10 | } 11 | 12 | $Blacklisted = foreach ($Server in $Servers) { 13 | foreach ($IP in $IPS) { 14 | [string] $ReversedIP = ($IP -split '\.')[3..0] -join '.' 15 | [string] $FQDN = "$ReversedIP.$Server" 16 | try { 17 | $DnsCheck = [Net.DNS]::GetHostAddresses($FQDN) 18 | } catch { 19 | $DnsCheck = $null 20 | } 21 | if ($null -ne $DnsCheck) { 22 | [PSCustomObject] @{ 23 | IP = $ip 24 | FQDN = $fqdn 25 | BlackList = $server 26 | IsListed = if ($null -eq $DNSCheck.IPAddressToString) { $false } else { $true } 27 | Answer = $DnsCheck.IPAddressToString -join ', ' 28 | TTL = '' 29 | } 30 | } else { 31 | [PSCustomObject] @{ 32 | IP = $IP 33 | FQDN = $FQDN 34 | BlackList = $Server 35 | IsListed = $false 36 | Answer = '' 37 | TTL = '' 38 | } 39 | } 40 | } 41 | } 42 | return $Blacklisted 43 | } -------------------------------------------------------------------------------- /Private/ScriptBlocks/Script.BlockResolveDNSSlow.ps1: -------------------------------------------------------------------------------- 1 | $Script:ScriptBlockResolveDNSSlow = { 2 | param ( 3 | [string[]] $Servers, 4 | [string[]] $IPs, 5 | [bool] $QuickTimeout, 6 | [bool] $Verbose, 7 | [string[]] $DNSServer = '' 8 | ) 9 | if ($Verbose) { 10 | $verbosepreference = 'continue' 11 | } 12 | $Blacklisted = foreach ($Server in $Servers) { 13 | foreach ($IP in $IPS) { 14 | $ReversedIP = ($IP -split '\.')[3..0] -join '.' 15 | $FQDN = "$ReversedIP.$Server" 16 | if ($DNSServer -ne '') { 17 | $DnsCheck = Resolve-DnsName -Name $fqdn -ErrorAction SilentlyContinue -NoHostsFile -QuickTimeout:$QuickTimeout -Server $DNSServer -DnsOnly # Impact of using -QuickTimeout unknown 18 | } else { 19 | $DnsCheck = Resolve-DnsName -Name $fqdn -ErrorAction SilentlyContinue -NoHostsFile -QuickTimeout:$QuickTimeout -DnsOnly 20 | } 21 | if ($null -ne $DnsCheck) { 22 | [PSCustomObject] @{ 23 | IP = $IP 24 | FQDN = $FQDN 25 | BlackList = $Server 26 | IsListed = if ($null -eq $DNSCheck.IpAddress) { $false } else { $true } 27 | Answer = $DnsCheck.IPAddress -join ', ' 28 | TTL = $DnsCheck.TTL -join ', ' 29 | } 30 | } else { 31 | [PSCustomObject] @{ 32 | IP = $IP 33 | FQDN = $FQDN 34 | BlackList = $Server 35 | IsListed = $false 36 | Answer = '' 37 | TTL = '' 38 | } 39 | } 40 | } 41 | } 42 | return $Blacklisted 43 | } 44 | -------------------------------------------------------------------------------- /Public/Search-Blacklist.ps1: -------------------------------------------------------------------------------- 1 | function Search-BlackList { 2 | <# 3 | .SYNOPSIS 4 | Search-Blacklist searches if particular IP is blacklisted on DNSBL Blacklists. 5 | 6 | .DESCRIPTION 7 | Long description 8 | 9 | .PARAMETER IPs 10 | Parameter description 11 | 12 | .PARAMETER BlacklistServers 13 | Parameter description 14 | 15 | .PARAMETER ReturnAll 16 | Parameter description 17 | 18 | .PARAMETER RunType 19 | Parameter description 20 | 21 | .PARAMETER SortBy 22 | Parameter description 23 | 24 | .PARAMETER SortDescending 25 | Parameter description 26 | 27 | .PARAMETER QuickTimeout 28 | Parameter description 29 | 30 | .PARAMETER MaxRunspaces 31 | Parameter description 32 | 33 | .PARAMETER ExtendedOutput 34 | Parameter description 35 | 36 | .EXAMPLE 37 | Search-BlackList -IP '89.25.253.1' | Format-Table 38 | 39 | .EXAMPLE 40 | Search-BlackList -IP '89.25.253.1' -SortBy Blacklist | Format-Table 41 | 42 | .EXAMPLE 43 | Search-BlackList -IP '89.25.253.1','195.55.55.55' -SortBy Ip -ReturnAll | Format-Table 44 | 45 | .NOTES 46 | General notes 47 | #> 48 | 49 | [cmdletbinding()] 50 | param 51 | ( 52 | [alias('IP')][string[]] $IPs, 53 | [string[]] $BlacklistServers = $Script:BlackLists, 54 | [switch] $ReturnAll, 55 | [ValidateSet('NoWorkflowAndRunSpaceNetDNS', 'NoWorkflowAndRunSpaceResolveDNS', 'RunSpaceWithResolveDNS', 'RunSpaceWithNetDNS', 'WorkflowResolveDNS', 'WorkflowWithNetDNS')] 56 | [string]$RunType, 57 | [ValidateSet('IP', 'BlackList', 'IsListed', 'Answer', 'FQDN')][string] $SortBy = 'IsListed', 58 | [switch] $SortDescending, 59 | [switch] $QuickTimeout, 60 | [int] $MaxRunspaces = 10, 61 | [string[]] $DNSServer = '', 62 | [switch] $ExtendedOutput 63 | ) 64 | if ($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) { $Verbose = $true } else { $Verbose = $false } 65 | 66 | # will remove this after a while 67 | if ($RunType -eq 'WorkflowResolveDNS') { 68 | Write-Warning 'Worflows are not supported anymore due to PowerShell 6 complaining. Please use other modes.' 69 | Exit 70 | } elseif ($RunType -eq 'WorkflowWithNetDNS') { 71 | Write-Warning 'Worflows are not supported anymore due to PowerShell 6 complaining. Please use other modes.' 72 | Exit 73 | } 74 | 75 | # no parameter given (and it's expected) 76 | if ($RunType -eq '') { 77 | #$RunType = 'RunSpaceWithNetDNS' 78 | if ($PSVersionTable.Platform -eq 'Unix') { 79 | $RunType = 'RunSpaceWithNetDNS' 80 | } else { 81 | $RunType = 'RunSpaceWithResolveDNS' 82 | } 83 | } 84 | 85 | # checks whether Runspaces are not set for use on Unix (usually forced by user) 86 | if ($PSVersionTable.Platform -eq 'Unix') { 87 | if ($RunType -eq 'RunSpaceWithResolveDNS') { 88 | $RunType = 'RunSpaceWithNetDNS' 89 | Write-Warning 'Search-BlackList - changing RunType to RunSpaceWithNetDNS since Resolve-DNSName is not available on Linux/MacOS' 90 | } elseif ($RunType -eq 'NoWorkflowAndRunSpaceResolveDNS') { 91 | $RunType = 'NoWorkflowAndRunSpaceNetDNS' 92 | Write-Warning 'Search-BlackList - changing RunType to RunSpaceWithNetDNS since Resolve-DNSName is not available on Linux/MacOS' 93 | } 94 | } 95 | 96 | if ($DNSServer -ne '' -and $RunType -like 'NetDNS') { 97 | Write-Warning 'Search-BlackList - Setting DNSServer is not supported for Net.DNS. Resetting to default values.' 98 | $DNSServer = '' 99 | } 100 | 101 | Write-Verbose "Search-Blacklist - Runtype: $RunType ReturnAll: $ReturnAll, SortBy: $SortBy MaxRunspaces: $MaxRunspaces SortDescending: $SortDescending" 102 | 103 | If ($RunType -eq 'NoWorkflowAndRunSpaceNetDNS') { 104 | $Table = Invoke-Command -ScriptBlock $Script:ScriptBlockNetDNSSlow -ArgumentList $BlacklistServers, $IPs, $QuickTimeout, $Verbose 105 | } elseif ($RunType -eq 'NoWorkflowAndRunSpaceResolveDNS') { 106 | $Table = Invoke-Command -ScriptBlock $Script:ScriptBlockResolveDNSSlow -ArgumentList $BlacklistServers, $IPs, $QuickTimeout, $Verbose, $DNSServer 107 | } elseif ($RunType -eq 'RunSpaceWithResolveDNS') { 108 | ### Define Runspace START 109 | $pool = New-Runspace -MaxRunspaces $maxRunspaces -Verbose:$Verbose 110 | ### Define Runspace END 111 | $runspaces = foreach ($Server in $BlacklistServers) { 112 | foreach ($IP in $IPs) { 113 | $Parameters = @{ 114 | Server = $Server 115 | IP = $IP 116 | QuickTimeout = $QuickTimeout 117 | Verbose = $Verbose 118 | DNSServer = $DNSServer 119 | } 120 | Start-Runspace -ScriptBlock $Script:ScriptBlockResolveDNS -Parameters $Parameters -RunspacePool $pool -Verbose:$Verbose 121 | } 122 | } 123 | ### End Runspaces START 124 | $Output = Stop-Runspace -Runspaces $runspaces -FunctionName 'Search-BlackList' -RunspacePool $pool -Verbose:$Verbose -ErrorAction Continue -ErrorVariable MyErrors -ExtendedOutput:$ExtendedOutput 125 | if ($ExtendedOutput) { 126 | $Output # returns hashtable of Errors and Output 127 | Exit 128 | } else { 129 | $Table = $Output 130 | } 131 | ### End Runspaces END 132 | 133 | } elseif ($RunType -eq 'RunSpaceWithNetDNS') { 134 | ### Define Runspace START 135 | $pool = New-Runspace -MaxRunspaces $maxRunspaces -Verbose:$Verbose 136 | ### Define Runspace END 137 | $runspaces = foreach ($server in $BlacklistServers) { 138 | foreach ($ip in $IPs) { 139 | $Parameters = @{ 140 | Server = $Server 141 | IP = $IP 142 | QuickTimeout = $QuickTimeout 143 | Verbose = $Verbose 144 | #DNSServer = $DNSServer 145 | } 146 | Start-Runspace -ScriptBlock $Script:ScriptBlockNetDNS -Parameters $Parameters -RunspacePool $pool -Verbose:$Verbose 147 | } 148 | } 149 | ### End Runspaces START 150 | $Output = Stop-Runspace -Runspaces $runspaces -FunctionName 'Search-BlackList' -RunspacePool $pool -Verbose:$Verbose -ExtendedOutput:$ExtendedOutput 151 | if ($ExtendedOutput) { 152 | $Output # returns hashtable of Errors and Output 153 | Exit 154 | } else { 155 | $Table = $Output 156 | } 157 | ### End Runspaces END 158 | } 159 | if ($SortDescending -eq $true) { 160 | $Table = $Table | Sort-Object $SortBy -Descending 161 | } else { 162 | $Table = $Table | Sort-Object $SortBy 163 | } 164 | if ($ReturnAll -eq $true) { 165 | return $Table | Select-Object IP, FQDN, BlackList, IsListed, Answer, TTL 166 | } else { 167 | return $Table | Where-Object { $_.IsListed -eq $true } | Select-Object IP, FQDN, BlackList, IsListed, Answer, TTL 168 | } 169 | } -------------------------------------------------------------------------------- /Public/Start-ReportBlacklists.ps1: -------------------------------------------------------------------------------- 1 | function Start-ReportBlackLists { 2 | [cmdletbinding()] 3 | param( 4 | [System.Collections.IDictionary] $EmailParameters, 5 | [System.Collections.IDictionary] $FormattingParameters, 6 | [System.Collections.IDictionary] $ReportOptions, 7 | [switch] $OutputErrors 8 | ) 9 | $Errors = @{ 10 | Teams = $false 11 | Slack = $false 12 | Discord = $false 13 | } 14 | $TeamID = Format-FirstXChars -Text $ReportOptions.NotificationsTeams.TeamsID -NumberChars 25 15 | $SlackID = Format-FirstXChars -Text $ReportOptions.NotificationsSlack.Uri -NumberChars 25 16 | $DiscordID = Format-FirstXChars -Text $ReportOptions.NotificationsDiscord.Uri -NumberChars 25 17 | 18 | Write-Verbose "Start-ReportBlackLists - TeamsID: $TeamID" 19 | Write-Verbose "Start-ReportBlackLists - SlackID: $SlackID" 20 | Write-Verbose "Start-ReportBlackLists - DiscordID: $DiscordID" 21 | 22 | $Ips = foreach ($ip in $ReportOptions.MonitoredIps.Values) { 23 | $ip 24 | } 25 | 26 | if ($null -eq $ReportOptions.NotificationsEmail) { 27 | # Not upgraded config / Legacy config 28 | $ReportOptions.NotificationsEmail = @{ 29 | Use = $true 30 | EmailPriorityWhenBlacklisted = $ReportOptions.EmailPriorityWhenBlacklisted 31 | EmailPriorityStandard = $ReportOptions.EmailPriorityStandard 32 | EmailAllResults = $ReportOptions.EmailAllResults 33 | EmailAlways = $ReportOptions.EmailAlways 34 | } 35 | } 36 | 37 | $Time = Measure-Command -Expression { 38 | if ($null -eq $ReportOptions.SortBy) { 39 | $ReportOptions.SortBy = 'IsListed' 40 | } 41 | if ($null -eq $ReportOptions.SortDescending) { 42 | $ReportOptions.SortDescending = $true 43 | } 44 | 45 | if ($ReportOptions.NotificationsEmail.EmailAllResults) { 46 | $BlackListCheck = Search-BlackList -IP $Ips -SortBy $ReportOptions.SortBy -SortDescending:$ReportOptions.SortDescending -ReturnAll -Verbose 47 | } else { 48 | $BlackListCheck = Search-BlackList -IP $Ips -SortBy $ReportOptions.SortBy -SortDescending:$ReportOptions.SortDescending -Verbose 49 | } 50 | } 51 | $EmailBody = @( 52 | Set-EmailHead -FormattingOptions $FormattingParameters 53 | Set-EmailReportBranding -FormattingOptions $FormattingParameters 54 | Set-EmailReportDetails -FormattingOptions $FormattingParameters -ReportOptions $ReportOptions -TimeToGenerate $Time 55 | Set-EmailBody -TableData $BlackListCheck -TableWelcomeMessage 'Following blacklisted servers' 56 | ) 57 | 58 | if ($BlackListCheck.IsListed -contains $true) { 59 | $EmailParameters.EmailPriority = $ReportOptions.NotificationsEmail.EmailPriorityWhenBlacklisted 60 | } else { 61 | $EmailParameters.EmailPriority = $ReportOptions.NotificationsEmail.EmailPriorityStandard 62 | } 63 | 64 | [string] $Email = $EmailBody | Out-String 65 | 66 | if ($ReportOptions.NotificationsEmail.Use) { 67 | if ($ReportOptions.NotificationsEmail.EmailAlways -eq $true -or $BlackListCheck.IsListed -contains $true) { 68 | if ($FormattingParameters.CompanyBranding.Inline) { 69 | $SendMail = Send-Email -EmailParameters $EmailParameters -Body $Email -InlineAttachments @{logo = $FormattingParameters.CompanyBranding.Logo } -Verbose 70 | } else { 71 | $SendMail = Send-Email -EmailParameters $EmailParameters -Body $Email 72 | } 73 | } 74 | } 75 | 76 | if ($BlackListCheck.IsListed -contains $true) { 77 | $BlackListLimited = $BlackListCheck | Where-Object { $_.IsListed -eq $true } 78 | 79 | if ($ReportOptions.NotificationsTeams.Use) { 80 | [string] $MessageTitle = $ReportOptions.NotificationsTeams.MessageTitle 81 | [string] $ActivityImageLink = $ReportOptions.NotificationsTeams.MessageImageLink 82 | 83 | [RGBColors] $Color = [RGBColors]::Red 84 | $Sections = @( 85 | foreach ($Server in $BlackListLimited) { 86 | [string] $ActivityTitle = "Blacklisted IP **$($Server.IP)**" 87 | if ($ReportOptions.NotificationsTeams.MessageButtons) { 88 | $Button1 = New-TeamsButton -Name "Check BlackList" -Link "https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a$($Server.Ip)&run=toolpage" 89 | $Button2 = New-TeamsButton -Name "Check SMTP" -Link "https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a$($Server.Ip)&run=toolpage" 90 | 91 | New-TeamsSection ` 92 | -ActivityTitle $ActivityTitle ` 93 | -ActivitySubtitle "Found on blacklist **$($Server.Blacklist)**" ` 94 | -ActivityImageLink $ActivityImageLink ` 95 | -ActivityText "Everybody panic!" ` 96 | -Buttons $Button1, $Button2 97 | } else { 98 | New-TeamsSection ` 99 | -ActivityTitle $ActivityTitle ` 100 | -ActivitySubtitle "Found on blacklist **$($Server.Blacklist)**" ` 101 | -ActivityImageLink $ActivityImageLink ` 102 | -ActivityText "Responses: $($Server.Answer)" 103 | } 104 | } 105 | ) 106 | 107 | try { 108 | $TeamsOutput = Send-TeamsMessage ` 109 | -Uri $ReportOptions.NotificationsTeams.TeamsID ` 110 | -MessageTitle $MessageTitle ` 111 | -Color $Color ` 112 | -Sections $Sections ` 113 | -Supress $false 114 | } catch { 115 | $ErrorMessage = $_.Exception.Message -replace "`n", " " -replace "`r", " " 116 | Write-Warning "Couldn't send to Teams - Error occured: $ErrorMessage" 117 | $Errors.Teams = $true 118 | } 119 | #Write-Color @script:WriteParameters -Text "[i] Teams output: ", $Data -Color White, Yellow 120 | } 121 | if ($ReportOptions.NotificationsSlack.Use) { 122 | 123 | if (Get-Module -ListAvailable -Name PSSlack -ErrorAction SilentlyContinue) { 124 | Import-Module -Name PSSlack -Force -ErrorAction SilentlyContinue 125 | } else { 126 | Write-Warning "PSSlack module not found. Please install it using Install-Module -Name PSSlack" 127 | return 128 | } 129 | 130 | $MessageTitle = $ReportOptions.NotificationsSlack.MessageTitle 131 | [string] $ActivityImageLink = $ReportOptions.NotificationsSlack.MessageImageLink 132 | 133 | $Attachments = @( 134 | foreach ($Server in $BlackListLimited) { 135 | New-SlackMessageAttachment -Color $_PSSlackColorMap.red ` 136 | -Title "IP $($Server.IP) is Blacklisted" ` 137 | -TitleLink "https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a$($Server.Ip)&run=toolpage" ` 138 | -Text $ReportOptions.NotificationsSlack.MessageText ` 139 | -Pretext "Found on blacklist $($Server.Blacklist)" ` 140 | -Fallback 'Your client is bad' 141 | } 142 | ) 143 | 144 | try { 145 | $SlackOutput = New-SlackMessage -Attachments $Attachments ` 146 | -Channel $ReportOptions.NotificationsSlack.Channel ` 147 | -IconEmoji $ReportOptions.NotificationsSlack.MessageEmoji ` 148 | -AsUser ` 149 | -Username $ReportOptions.NotificationsSlack.MessageAsUser | ` 150 | Send-SlackMessage -Uri $ReportOptions.NotificationsSlack.URI 151 | } catch { 152 | $ErrorMessage = $_.Exception.Message -replace "`n", " " -replace "`r", " " 153 | Write-Warning "Couldn't send to Slack - Error occured: $ErrorMessage" 154 | $Errors.Slack = $true 155 | } 156 | #Write-Color @script:WriteParameters -Text "[i] Slack output: ", $Data -Color White, Yellow 157 | } 158 | 159 | if ($ReportOptions.NotificationsDiscord.Use) { 160 | if ($null -eq $ReportOptions.NotificationsDiscord.MessageInline) { 161 | $ReportOptions.NotificationsDiscord.MessageInline = $false 162 | } 163 | 164 | try { 165 | $Facts = foreach ($Server in $BlackListLimited) { 166 | [string] $ActivityTitle = "Blacklisted IP $($Server.IP)" 167 | [string] $ActivityValue = "Found on blacklist $($Server.Blacklist)" 168 | 169 | New-DiscordFact -Name $ActivityTitle -Value $ActivityValue -Inline $ReportOptions.NotificationsDiscord.MessageInline 170 | } 171 | 172 | $Thumbnail = New-DiscordThumbnail -Url $ReportOptions.NotificationsDiscord.MessageImageLink 173 | $Author = New-DiscordAuthor -Name 'PSBlacklistChecker' -IconUrl $ReportOptions.NotificationsDiscord.MessageImageLink 174 | $Section = New-DiscordSection -Title $ReportOptions.NotificationsDiscord.MessageText ` 175 | -Description '' ` 176 | -Facts $Facts ` 177 | -Color $ReportOptions.NotificationsDiscord.MessageColor ` 178 | -Author $Author ` 179 | -Thumbnail $Thumbnail #-Image $Thumbnail 180 | 181 | Send-DiscordMessage -WebHookUrl $ReportOptions.NotificationsDiscord.Uri ` 182 | -Sections $Section ` 183 | -AvatarName $ReportOptions.NotificationsDiscord.MessageAsUser ` 184 | -AvatarUrl $ReportOptions.NotificationsDiscord.MessageAsUserImage -Verbose 185 | 186 | } catch { 187 | $ErrorMessage = $_.Exception.Message -replace "`n", " " -replace "`r", " " 188 | Write-Warning "Couldn't send to Discord - Error occured: $ErrorMessage" 189 | $Errors.Discord = $true 190 | } 191 | } 192 | if ($OutputErrors) { 193 | return $Errors 194 | } 195 | } 196 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 | 4 | 5 | 6 |

7 | 8 |

9 | 10 | 11 | 12 | 13 |

14 | 15 |

16 | 17 | 18 | 19 |

20 | 21 | # PSBlackListChecker - PowerShell module 22 | 23 | Basic functionality of this module is ability to quickly verify if given IP address is on any of over 80 defined DNSBL lists. Below code will return results only if IP is on any of the lists. Advanced functionality of this module is ability to send reports to your email when things get bad on one of those 80 defined DNSBL listrs. 24 | 25 | Full Description for this project at: 26 | 27 | ## Functionality 28 | 29 | - [x] Manual Tests 30 | - [x] Email Alerts (just **blacklisted**, or all) 31 | - [x] Microsoft Teams Alerts (just **blacklisted**) 32 | - [x] Slack Alerts (just **blacklisted**) 33 | - [x] Discord Alerts (just **blacklisted**) 34 | 35 | ## Changelog 36 | 37 | - 0.8.7 - 2024.07.21 38 | - - Remove `SORBS.NET` from Blacklists as per [#11](https://github.com/EvotecIT/PSBlackListChecker/issues/11) 39 | - 0.8.6 - 2020.10.3 40 | - Removed blacklist (tnx williamb1024) 41 | - 0.8.5 - 2019.11.1 42 | - Removed blacklist (tnx SNicolini) 43 | - 0.8.4 - 2019.05.30 44 | - Removed some blacklists (tnx Narfmeister) 45 | - 0.8.3 - 2019.05.26 46 | - Fix for email options (tnx lucwuyts) 47 | - 0.8.2 - 2019.05.08 48 | - Removed few blacklists that seem dead (tnx Narfmeister) 49 | - 0.7 - 2018.11.03 - [Full blog ppost](https://evotec.xyz/psblacklistchecker-added-discord-support/) 50 | - Added Discord support 51 | - 0.6 - 2018.11.02 - [Full blog post](https://evotec.xyz/psblacklistchecker-notifications-to-microsoft-teams-slack-of-blacklisted-ips/) 52 | - Added Teams support 53 | - Added Slack support 54 | - Rewritten logic - added runspaces 55 | - 0.3 - 2018.05.06 56 | - First working release 57 | - 0.1 - 2018.04.27 58 | - First draft release 59 | 60 | ## Install How-To 61 | 62 | ```powershell 63 | Install-Module PSBlackListChecker 64 | ``` 65 | 66 | ## Update How-To 67 | 68 | ```powershell 69 | Update-Module PSBlackListChecker 70 | ``` 71 | 72 | ## Dependancy 73 | 74 | This module has dependency on couple of modules that are installed along PSBlackListChecker. Just in case it doesn't install, or you do things manually make sure you have those: 75 | 76 | ```powershell 77 | Install-Module PSTeams 78 | Install-Module PSSharedGoods 79 | Install-Module PSSlack 80 | ``` 81 | 82 | ## Time to execute using different approaches 83 | 84 | Following is a speed comparision table - By default RunSpaceWithResolveDNS is used, but you can overwrite it in settings. 85 | 86 | ```powershell 87 | RunType BlackList All BlackList Found Time Minutes Time Seconds Time Milliseconds 88 | ------- ------------- --------------- ------------ ------------ ----------------- 89 | NoWorkflowAndRunSpaceNetDNS 78 3 0 50 57 90 | NoWorkflowAndRunSpaceResolveDNS 78 3 0 38 980 91 | WorkflowResolveDNS 78 3 0 42 191 92 | WorkflowWithNetDNS 78 3 0 39 973 93 | RunSpaceWithResolveDNS 78 3 0 12 376 94 | RunSpaceWithNetDNS 78 3 0 10 615 95 | ``` 96 | 97 | ### Example output (Manual) 98 | 99 | ![image](https://evotec.xyz/wp-content/uploads/2018/04/img_5ae61b3ba2c75.png) 100 | 101 | ### Example screen (Email) 102 | 103 | ![image](https://evotec.xyz/wp-content/uploads/2018/04/img_5ae624e384d2c.png) 104 | 105 | ### Example screen (Microsoft Teams) 106 | 107 | ![image](https://evotec.xyz/wp-content/uploads/2018/11/img_5bdca1f52c3c8.png) 108 | 109 | ### Example screen (Slack) 110 | 111 | ![image](https://evotec.xyz/wp-content/uploads/2018/11/img_5bdca221efcaf.png) 112 | 113 | ### Example screen (Discord) 114 | 115 | ![image](https://evotec.xyz/wp-content/uploads/2018/11/img_5bddf4c2bfdcc.png) 116 | -------------------------------------------------------------------------------- /Tests/Search-Blacklists.Tests.ps1: -------------------------------------------------------------------------------- 1 | param ( 2 | $TeamsID = $Env:TEAMSPESTERID, 3 | $SlackID = $Env:SLACKPESTERID, 4 | $DiscordID = $Env:DISCORDURL 5 | ) 6 | 7 | Describe 'Search-Blacklists - Should test IP for blacklists' { 8 | $IP = '89.74.48.96' 9 | 10 | It 'Given 1 IP - Standard Way - Should return at least 2 blackslists' { 11 | $BlackList = Search-BlackList -IP $IP 12 | $BlackList.Count | Should -BeGreaterThan 1 13 | $BlackList.Count | Should -BeLessThan 10 14 | $BlackList.IsListed | Should -Contain $True 15 | } 16 | It 'Given 1 IP - Standard way with -ReturnAll switch - should return 73 lists' { 17 | $BlackList = Search-BlackList -IP $IP -ReturnAll 18 | $BlackList.Count | Should -Be 72 19 | $BlackList.IsListed | Should -Contain $True 20 | } 21 | It 'Given 1 IP - No Workflow or RunSpaces using [Net.DNS]- Should return at least 2 listed blacklists' { 22 | $BlackList = Search-Blacklist -IP $IP -RunType NoWorkflowAndRunSpaceNetDNS 23 | $BlackList.Count | Should -BeGreaterThan 1 24 | $BlackList.IsListed | Should -Contain $True 25 | } 26 | It 'Given 1 IP - No Workflow or RunSpaces using [Resolve-DnsName] - Should return at least 2 listed blacklists' { 27 | $BlackList = Search-Blacklist -IP $IP -RunType NoWorkflowAndRunSpaceResolveDNS 28 | $BlackList.Count | Should -BeGreaterThan 1 29 | $BlackList.IsListed | Should -Contain $True 30 | } 31 | It 'Given 1 IP - RunSpaces using [Net.DNS] - Should return at least 2 listed blacklists' { 32 | $BlackList = Search-Blacklist -IP $IP -RunType RunSpaceWithNetDNS 33 | $BlackList.Count | Should -BeGreaterThan 1 34 | $BlackList.IsListed | Should -Contain $True 35 | } 36 | It 'Given 1 IP - RunSpaces using [Resolve-DnsName] - Should return at least 2 listed blacklists' { 37 | $BlackList = Search-Blacklist -IP $IP -RunType RunSpaceWithResolveDNS 38 | $BlackList.Count | Should -BeGreaterThan 1 39 | $BlackList.IsListed | Should -Contain $True 40 | } 41 | It 'Given 1 IP - RunSpaces using [Resolve-DnsName] - Should return at least 2 listed blacklists, Sorted by IsListed' { 42 | $BlackList = Search-Blacklist -IP $IP -SortBy IsListed 43 | $BlackList.Count | Should -BeGreaterThan 1 44 | $BlackList[-1].IsListed | Should -Contain $True 45 | } 46 | It 'Given 1 IP - RunSpaces using [Resolve-DnsName] - Should return at least 2 listed blacklists, Sorted by IsListed, Descending' { 47 | $BlackList = Search-Blacklist -IP $IP -SortBy IsListed -SortDescending 48 | $BlackList.Count | Should -BeGreaterThan 1 49 | $BlackList[0].IsListed | Should -Contain $True 50 | } 51 | } 52 | 53 | Describe 'Search-Blacklists - Should test multiple IPs for blacklists' { 54 | $IP = '89.74.48.96','89.74.48.97','89.74.48.98' 55 | 56 | It 'Given 3 IP - Standard Way - Should return at least 3 blackslists' { 57 | $BlackList = Search-BlackList -IP $IP 58 | $BlackList.IP | Should -Contain '89.74.48.96' 59 | $BlackList.IP | Should -Contain '89.74.48.97' 60 | $BlackList.IP | Should -Contain '89.74.48.98' 61 | $BlackList.Count | Should -BeGreaterThan 3 62 | $BlackList.Count | Should -BeLessThan 20 63 | $BlackList.IsListed | Should -Contain $True 64 | } 65 | It 'Given 3 IP - Standard way with -ReturnAll switch - should return 219 lists' { 66 | $BlackList = Search-BlackList -IP $IP -ReturnAll 67 | $BlackList.Count | Should -Be 216 68 | $BlackList.IsListed | Should -Contain $True 69 | } 70 | It 'Given 3 IP - No Workflow or RunSpaces using [Net.DNS]- Should return at least 2 listed blacklists' { 71 | $BlackList = Search-Blacklist -IP $IP -RunType NoWorkflowAndRunSpaceNetDNS 72 | $BlackList.Count | Should -BeGreaterOrEqual 6 73 | $BlackList.IsListed | Should -Contain $True 74 | } 75 | It 'Given 3 IP - No Workflow or RunSpaces using [Resolve-DnsName] - Should return at least 2 listed blacklists' { 76 | $BlackList = Search-Blacklist -IP $IP -RunType NoWorkflowAndRunSpaceResolveDNS 77 | $BlackList.Count | Should -BeGreaterOrEqual 6 78 | $BlackList.IsListed | Should -Contain $True 79 | } 80 | It 'Given 3 IP - RunSpaces using [Net.DNS] - Should return at least 2 listed blacklists' { 81 | $BlackList = Search-Blacklist -IP $IP -RunType RunSpaceWithNetDNS 82 | $BlackList.Count | Should -BeGreaterOrEqual 6 83 | $BlackList.IsListed | Should -Contain $True 84 | } 85 | It 'Given 3 IP - RunSpaces using [Resolve-DnsName] - Should return at least 2 listed blacklists' { 86 | $BlackList = Search-Blacklist -IP $IP -RunType RunSpaceWithResolveDNS -DNSServer '1.1.1.1', '8.8.8.8' 87 | $BlackList.Count | Should -BeGreaterOrEqual 6 88 | $BlackList.IsListed | Should -Contain $True 89 | } 90 | } -------------------------------------------------------------------------------- /Tests/Start-ReportBlacklists.Tests.ps1: -------------------------------------------------------------------------------- 1 | param ( 2 | $TeamsID = $Env:TEAMSPESTERID, 3 | $SlackID = $Env:SLACKPESTERID, 4 | $DiscordID = $Env:DISCORDURL 5 | ) 6 | 7 | $EmailParameters = @{ 8 | EmailFrom = "monitoring@domain.pl" 9 | EmailTo = "przemyslaw.klys@domain.pl" # 10 | EmailCC = "" 11 | EmailBCC = "" 12 | EmailServer = "" 13 | EmailServerPassword = "" 14 | EmailServerPort = "587" 15 | EmailServerLogin = "" 16 | EmailServerEnableSSL = 1 17 | EmailEncoding = "Unicode" 18 | EmailSubject = "[Reporting] Blacklist monitoring" 19 | EmailPriority = "Low" # Normal, High 20 | } 21 | $FormattingParameters = @{ 22 | CompanyBrandingTemplate = 'TemplateDefault' 23 | CompanyBranding = @{ 24 | Logo = "https://evotec.xyz/wp-content/uploads/2015/05/Logo-evotec-012.png" 25 | Width = "200" 26 | Height = "" 27 | Link = "https://evotec.xyz" 28 | Inline = $false 29 | } 30 | FontFamily = "Calibri Light" 31 | FontSize = "9pt" 32 | 33 | FontHeadingFamily = "Calibri Light" 34 | FontHeadingSize = "12pt" 35 | 36 | FontTableHeadingFamily = "Calibri Light" 37 | FontTableHeadingSize = "9pt" 38 | 39 | FontTableDataFamily = "Calibri Light" 40 | FontTableDataSize = "9pt" 41 | } 42 | $ReportOptions = @{ 43 | SortBy = 'IsListed' # Options: 'IP', 'BlackList', 'IsListed', 'Answer', 'FQDN 44 | SortDescending = $true 45 | 46 | MonitoredIps = @{ 47 | IP = '89.74.48.96' 48 | IP1 = '89.74.48.97' 49 | # you can add as many Ip's as you want / IP1,2,3,4,5 etc 50 | } 51 | NotificationsEmail = @{ 52 | Use = $false 53 | EmailPriorityWhenBlacklisted = 'High' 54 | EmailPriorityStandard = 'Low' 55 | EmailAllResults = $false 56 | EmailAlways = $true 57 | } 58 | # Module uses PSTeams - it comes embedded with PSBlackListChedcker 59 | NotificationsTeams = @{ 60 | Use = $true 61 | TeamsID = $TeamsID 62 | MessageTitle = 'IP Blacklisted' 63 | MessageText = 'Everybody panic!' 64 | MessageImageLink = 'https://raw.githubusercontent.com/EvotecIT/PSTeams/master/Links/Asset%20130.png' 65 | MessageButtons = $true 66 | } 67 | # Module uses PSSlack - it comes embedded with PSBlackListChecker 68 | NotificationsSlack = @{ 69 | Use = $true 70 | Uri = $SlackID 71 | MessageTitle = 'IP Blacklisted' 72 | MessageText = 'Everybody panic!' 73 | MessageButtons = $true 74 | MessageEmoji = ':hankey:' # Emoji List https://www.webpagefx.com/tools/emoji-cheat-sheet/ 75 | MessageAsUser = 'PSBlackListChecker' 76 | } 77 | # Module uses PSDiscord - it comes embedded with PSBlackListChedcker 78 | NotificationsDiscord = @{ 79 | Use = $true 80 | Uri = $DiscordID 81 | MessageImageLink = 'https://raw.githubusercontent.com/EvotecIT/PSTeams/master/Links/Asset%20130.png' 82 | MessageColor = 'blue' 83 | MessageText = 'Everybody panic!' 84 | MessageAsUser = 'PSBlackListChecker' 85 | MessageAsUserImage = 'https://raw.githubusercontent.com/EvotecIT/PSTeams/master/Links/Asset%20130.png' 86 | MessageInline = $false 87 | } 88 | } 89 | 90 | Describe 'Start-ReportBlackLists - Should check blacklists' { 91 | It 'Given 2 IP - Should send notifications to teams, slack and discord' { 92 | $Errors = Start-ReportBlackLists -EmailParameters $EmailParameters -FormattingParameters $FormattingParameters -ReportOptions $ReportOptions -Verbose -OutputErrors 93 | $Errors.Teams | Should -Be $false 94 | $Errors.Slack | Should -Be $false 95 | $Errors.Discord | Should -Be $false 96 | } 97 | } 98 | --------------------------------------------------------------------------------