GithubFollow/Surge_by_SukkaW
1
0
Fork 0
mirror of https://github.com/SukkaW/Surge.git synced 2025-12-12 01:00:34 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Polish phishing rule

Browse Source
This commit is contained in:
SukkaW 2023-07-31 16:35:46 +08:00
parent 1f1f9cebe0
commit dbbeca0cd5
1 changed files with 39 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
Build/build-phishing-domainset.js
View File

@ -3,6 +3,7 @@ const { processFilterRules } = require('./lib/parse-filter.js');
const path = require('path'); const path = require('path');
const { withBannerArray } = require('./lib/with-banner.js'); const { withBannerArray } = require('./lib/with-banner.js');
const { compareAndWriteFile } = require('./lib/string-array-compare'); const { compareAndWriteFile } = require('./lib/string-array-compare');
const { processLine } = require('./lib/process-line.js');
const WHITELIST_DOMAIN = new Set([ const WHITELIST_DOMAIN = new Set([
'w3s.link', 'w3s.link',
@ -13,7 +14,7 @@ const WHITELIST_DOMAIN = new Set([
'page.link', // Firebase URL Shortener 'page.link', // Firebase URL Shortener
'fleek.cool' 'fleek.cool'
]); ]);
const BLACK_TLD = Array.from(new Set([ const BLACK_TLD = new Set([
'xyz', 'xyz',
'top', 'top',
'win', 'win',
@ -45,8 +46,12 @@ const BLACK_TLD = Array.from(new Set([
'ml', 'ml',
'cc', 'cc',
'cn', 'cn',
'codes' 'codes',
])); 'cloud',
'club',
'click',
'cfd'
]);
(async () => { (async () => {
const domainSet = Array.from( const domainSet = Array.from(
@ -57,31 +62,43 @@ const BLACK_TLD = Array.from(new Set([
const domainCountMap = {}; const domainCountMap = {};
for (let i = 0, len = domainSet.length; i < len; i++) { for (let i = 0, len = domainSet.length; i < len; i++) {
const line = domainSet[i]; const line = processLine(domainSet[i]);
// starts with # if (!line) continue;
if (line.charCodeAt(0) === 35) {
continue;
}
if (line.trim().length === 0) {
continue;
}
const domain = line.charCodeAt(0) === 46 ? line.slice(1) : line; const domain = line.charCodeAt(0) === 46 ? line.slice(1) : line;
if (domain.length > 19) { const apexDomain = tldts.getDomain(domain, { allowPrivateDomains: true });
const apexDomain = tldts.getDomain(domain, { allowPrivateDomains: true });
if (apexDomain) { if (apexDomain) {
if (WHITELIST_DOMAIN.has(apexDomain)) { if (WHITELIST_DOMAIN.has(apexDomain)) {
continue; continue;
}
domainCountMap[apexDomain] ||= 0;
let isPhishingDomainMockingAmazon = false;
if (domain.startsWith('amaz')) {
domainCountMap[apexDomain] += 0.5;
isPhishingDomainMockingAmazon = true;
if (domain.startsWith('amazon-')) {
domainCountMap[apexDomain] += 4.5;
} }
} else if (domain.startsWith('customer')) {
domainCountMap[apexDomain] += 0.25;
}
if (domain.includes('-co-jp')) {
domainCountMap[apexDomain] += (isPhishingDomainMockingAmazon ? 4.5 : 0.5);
}
const tld = tldts.getPublicSuffix(domain, { allowPrivateDomains: true }); const tld = tldts.getPublicSuffix(domain, { allowPrivateDomains: true });
if (!tld || !BLACK_TLD.includes(tld)) continue; if (!tld || !BLACK_TLD.has(tld)) continue;
domainCountMap[apexDomain] ||= 0; domainCountMap[apexDomain] += 1;
domainCountMap[apexDomain] += 1;
if (domain.length > 19) {
// Add more weight if the domain is long enough // Add more weight if the domain is long enough
if (domain.length > 44) { if (domain.length > 44) {
domainCountMap[apexDomain] += 3.5; domainCountMap[apexDomain] += 3.5;
@ -106,6 +123,8 @@ const BLACK_TLD = Array.from(new Set([
} }
const results = []; const results = [];
console.log(domainCountMap['serveusers.com']);
Object.entries(domainCountMap).forEach(([domain, count]) => { Object.entries(domainCountMap).forEach(([domain, count]) => {
if ( if (
count >= 5 count >= 5