Infected-Domain-Trigger Script

Table of Contents

On Github: https://github.com/cumulodev/hoster-tools#infected-domains-trigger

This tool polls the nimbusec API in an specified interval for infected domains and performs certain actions on it. An example use case would be the automatic disabling of infected domains.

Installation

If you have Go installed, the infected-domain-trigger can simply be installed by go get:

go get github.com/cumulodev/hoster-tools/infected-domain-trigger

Usage

As key and secret please use your assigned API key and secret (can be found at https://portal.nimbusec.com/einstellungen/serveragent).

infected-domain-trigger -key abc -secret abc -action 'echo "infected $DOMAIN"' -reload 'echo "reloading httpd"'
  • action: The action command will be executed for each infected domain. The command will be executed in an shell, where the environment variable DOMAIN is set to the name of the infected domain.
  • reload: The reload command will be executed after each interval if nimbusec reported infected domains. This can be used to issue e.g. Apache to reload the configuration.

To disable for example all infected domains hosted by Apache, specify the following actions:

infected-domain-trigger -key abc -secret abc -action 'a2dissite $DOMAIN' -reload 'apachectl graceful'

If one of the actions is not required, just specify for example the shell builtin true command:

infected-domain-trigger -key abc -secret abc -action 'disable.sh' -reload 'true'
Still need help? Get in touch!
Last updated on 23rd Aug 2022