I'd like to share a small project which might come in handy for other infosec people: A bot which posts security related RSS news into an IRC channel.

TL;DR

I've implemented and setup a RSS 2 IRC bot which parses security related RSS feeds and posts them into the ##securityfeed channel on freenode.org.

Background

I've been following security news by subscribing to different well-known mailinglists. A couple of days ago, I asked some people if they know other good mailinglists or sources of information. While discussing this, @CiaranmaK mentioned that he used to run a bot which subscribed certain RSS feeds and posted new entries to an IRC channel.

I thought this idea was brilliant and started to implement a quick & dirty IRC bot for that task. My IRC bouncer is idling in multiple channels anyway and this allows me to easily read the backlog.

A couple of hours later I registered ##securityfeed on freenode and filled the channel with the first news.

Code & Usage

Python was the language of my choice. The feedparser and irc modules did a good job to facilitate the implementation. I ran into some problems with multithreaded sqlite, but sqlite3worker took care of it.

You can find the code on Github - python-rss2irc, but I doubt that it is bug free and I'd still say it's beta. But feel free to improve something and open a PR.

The bot exposes some basic commands to IRC users:

Help:
    Send all commands as a private message to Feed
    - !help         Prints this help
    - !list         Prints all feeds
    - !stats        Prints some statistics
    - !last         Prints the last 25 entries
    - !lastfeed <feedid> Prints the last 25 entries from a specific feed

Otherwise it simply fetches, parses and posts new news into a IRC channel every 15 minutes. The frequency can be configured on a per-feed basis.

You can find a full feature list and setup instructions in the README.

Feeds

So far the following RSS feeds are checked:

• SecurityFocus Vulnerabilities
• Project Zero
• Packet Storm
• Schneier on Security
• Dan Kaminskys Blog
• Full Disclosure
• Bugtraq
• Exploit-DB Updates
• Foxglovesecurity
• Debian Security
• Ubuntu Security Notices
• FreeBSD Security Advisories
• US-CERT Alerts
• National Vulnerability Database
• lcamtufs blog
• Errata Security
• Krebs on Security
• Have I been pwned? latest breaches

Feel free to leave a comment or send me a dm on the IRC channel if you have other good RSS feeds.

I'll constantly add new feeds or features when I find a spare minute. However, there's always another warm place in ##securityfocus channel :)

-=-