urlhaus-filter/utils/malware-domains.sh

#!/bin/sh

## Parse domains from URLhaus excluding popular domains

cat URLhaus.csv | \
# Convert DOS to Unix line ending
dos2unix | \
# Parse online URLs only
grep '"online"' | \
# Parse domains and IP address only
cut -f 6 -d '"' | \
cut -f 3 -d '/' | \
cut -f 1 -d ':' | \
# Remove www
# Only matches domains that start with www
# Not examplewww.com
sed -e 's/^www\.//g' | \
# Sort and remove duplicates
sort -u | \
# Exclude Umbrella Top 1M and well-known domains
# grep inverse match whole line
grep -Fx -vf urlhaus-top-domains.txt > malware-domains.txt
feat: include full URL for popular domains 2019-05-11 09:19:25 +00:00			`#!/bin/sh`

			`## Parse domains from URLhaus excluding popular domains`

			`cat URLhaus.csv \| \`
			`# Convert DOS to Unix line ending`
			`dos2unix \| \`
			`# Parse online URLs only`
			`grep '"online"' \| \`
			`# Parse domains and IP address only`
			`cut -f 6 -d '"' \| \`
			`cut -f 3 -d '/' \| \`
			`cut -f 1 -d ':' \| \`
			`# Remove www`
			`# Only matches domains that start with www`
			`# Not examplewww.com`
			`sed -e 's/^www\.//g' \| \`
			`# Sort and remove duplicates`
			`sort -u \| \`
			`# Exclude Umbrella Top 1M and well-known domains`
			`# grep inverse match whole line`
perf: grep using urlhaus-top-domains.txt instead of much larger top-1m.txt 2019-05-12 02:59:52 +00:00			`grep -Fx -vf urlhaus-top-domains.txt > malware-domains.txt`