Blocklist Suggestions: ShadowWhisperer Collection

[KnightmareVIIVIIXC]

Developer	Lists	Homepage
ShadowWhisperer	Ads • Adult • Chat • Cryptocurrency • Dating • Dynamic • Free • Gambling • Malware • Marketing-Email • Remote • Scam • Tracking • Tunnels • Typo • URL Shortener	https://github.com/ShadowWhisperer/BlockLists

Ads              Advertisements, Banners, Widgets & Push Notifications  
Adult            Porn / 18+ Content  
Chat             Chat Dialog Popups  
Cryptocurrency   Bitcoin, Ethereum, Mining, etc. (Not malware, but could be used by it)  
Dating           Dating Sites  
Dynamic          Dynamic DNS:  DNS --> IP  
Free             Free/Cheap Hosting, Free Blogs  
Gambling         Casino, Gambling, Poker sites  
Malware          Malicious Sites, PUPs, Malware, Browser Hijackers, Phishing Sites  
Marketing-Email  Email Based Marketing  
Remote           Domains used for remote sessions  
Scam             Fake freight, gift cards, products, support, pet sales, firearms, news, etc    
Tracking         Analytics, Diagnostics, Location, Metrics, Public IP  
Tunnels          VPNs & Proxies  
Typo             Misspelling of websites / Typosquatting  
URL Shortener    URL Shorteners. Can be used to mask malicious domains 

[WaLLy3K]

@ShadowWhisperer Hello! I hope you don't mind me pinging you like this. I'd be interested in adding your content if you're okay with that, and I'd love to hear more about how you go about creating these lists and vetting the content -- whenever you have time! 🙂

[ShadowWhisperer]

Hi,

I have a bunch of scripts to aid in scanning, but my main two are 'main' and 'sub'. All done on a custom Debian netinst. I use 'screen' to run the main script, so the system is headless. I also do a lot of manual checks with the Firefox dev tools. I run dnsmasq at several locations and collect the logs. All domains not allowed or denied are checked out. If unkown, they get labeled as sus and blocked my network until something breaks. 'Screen' at the top is green if running. Number after is the version date of the scripts.

Main is an options menu, asking what I want to do, and how many subscript I want to run. (Specs of the machine determine how many sub-scirpts to run). Main checks the hostname, if it's one of my main scanning systems, this part is autoamted. After setting what I want to do and how may sub-scirpts to run, main take the input list of domain and splits them up. Main then duplicates sub and changes key variables at the beginning of the sub script. *Main does pre-checks of the system and the sub script before running.

Sub is headless, unless ran in dev mode. Most of the filters it uses are Here

If no option in Main is selected, it does the following. (very basic flowchart. Guide I have is over 50 lines and not up to date). *When sites are scanned, urls and various hash info is also saved.

• Check whois info
• Check IP info
• Download index file
• If exe, zip, image, etc are found - check hash, extract (in early stages)
• Check index for matching data points
• Score results based on multiple categories
• Check favicon hash
• etc

Here is an example to with an adult site. (I shortened it up to make it fit nicer)

Back when I first started doing this (and had way more free time), I would download trending games on my phone and look at what was being called out to.