add emerging threats (ET) checker

cmd/checkip.go

@@ -29,6 +29,7 @@ func main() {
 	// checkers can tell you wether the IP address is suspicious.
 	checkers := map[string]checkip.Checker{
 		"abuseipdb.com":             &checkip.AbuseIPDB{},
+		"emergingthreats.net":       &checkip.ET{},
 		"otx.alienvault.com":        &checkip.OTX{},
 		"github.com/stamparm/ipsum": &checkip.IPsum{},
 		"shodan.io":                 &checkip.Shodan{},

et.go

@@ -0,0 +1,65 @@
+package checkip
+
+import (
+	"bufio"
+	"fmt"
+	"net"
+	"os"
+)
+
+// ET (Emerging Threats) says whether the IP address was found among compromised
+// IP addresses according to rules.emergingthreats.net
+type ET struct {
+	CompromisedIP bool
+	CheckedIPs    int
+}
+
+// Check checks whether the ippaddr is not among compromised IP addresses from
+// The Emerging Threats Intelligence feed (ET).
+// https://logz.io/blog/open-source-threat-intelligence-feeds/
+func (e *ET) Check(ipaddr net.IP) (bool, error) {
+	file := "/var/tmp/et.txt"
+	url := "https://rules.emergingthreats.net/blockrules/compromised-ips.txt"
+
+	if err := update(file, url, ""); err != nil {
+		return true, fmt.Errorf("can't update %s from %s: %v", file, url, err)
+	}
+
+	if err := e.search(ipaddr, file); err != nil {
+		return true, fmt.Errorf("searching %s in %s: %v", ipaddr, file, err)
+	}
+
+	return true, nil
+}
+
+// search searches the ippadrr in filename fills in ET data.
+func (e *ET) search(ipaddr net.IP, filename string) error {
+	file, err := os.Open(filename)
+	if err != nil {
+		return err
+	}
+
+	s := bufio.NewScanner(file)
+	for s.Scan() {
+		line := s.Text()
+		e.CheckedIPs++
+		if line == ipaddr.String() {
+			e.CompromisedIP = true
+			return nil
+		}
+	}
+	if s.Err() != nil {
+		return err
+	}
+
+	return nil
+}
+
+// String returns the result of the check.
+func (e *ET) String() string {
+	s := fmt.Sprintf("found among %d compromised IP addresses", e.CheckedIPs)
+	if !e.CompromisedIP {
+		s = "not " + s
+	}
+	return s
+}