Filters for IP and shodan
This commit is contained in:
parent
1fc11e7a4e
commit
5b1bfbc195
|
@ -2,53 +2,51 @@ package filters
|
|||
|
||||
import (
|
||||
"bufio"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
// IsAkamai checks for the presence of the given IP in the Akamain CIDR.
|
||||
func IsAkamai(ip net.IP) bool {
|
||||
var file *os.File
|
||||
var err error
|
||||
var (
|
||||
_, b, _, _ = runtime.Caller(0)
|
||||
basepath = filepath.Dir(b)
|
||||
)
|
||||
|
||||
// RunFilters runs the battery of filters for an IP.
|
||||
func RunIPFilters(ip net.IP) bool {
|
||||
if ip.To4() != nil {
|
||||
file, err = os.Open("filters/data/akamai.cidr")
|
||||
path := basepath + "/data/ipv4/"
|
||||
sliceIPv4, err := ioutil.ReadDir(path)
|
||||
if err != nil {
|
||||
logrus.Fatal("filters#IsAkamai", err)
|
||||
logrus.Warn("filters#ReadDir#ipv4", err)
|
||||
}
|
||||
|
||||
for _, name := range sliceIPv4 {
|
||||
f, err := os.OpenFile(path+name.Name(), 1, 0644)
|
||||
if err != nil {
|
||||
logrus.Warn("filters#OpenFile#", err)
|
||||
}
|
||||
scanner := bufio.NewScanner(f)
|
||||
for scanner.Scan() {
|
||||
_, ipNet, err := net.ParseCIDR(scanner.Text())
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
if ipNet.Contains(ip) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
} else if ip.To16() != nil {
|
||||
file, err = os.Open("filters/data/akamaiv6.cidr")
|
||||
if err != nil {
|
||||
logrus.Fatal("filters#IsAkamai", err)
|
||||
}
|
||||
// run ipv6 filter battery
|
||||
} else {
|
||||
logrus.Error("filters#IsAkamai#invalid ip format")
|
||||
logrus.Error("filters#invalid IP format")
|
||||
return false
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
scanner := bufio.NewScanner(file)
|
||||
for scanner.Scan() {
|
||||
_, ipNet, err := net.ParseCIDR(scanner.Text())
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
if ipNet.Contains(ip) {
|
||||
return true
|
||||
}
|
||||
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// Check the version of the IP address (IPv4 or IPv6).
|
||||
func checkIPversion(ip string) (string, bool) {
|
||||
if net.ParseIP(ip).To4() != nil {
|
||||
return "IPv4", true
|
||||
} else if net.ParseIP(ip).To16() != nil {
|
||||
return "IPv6", true
|
||||
} else {
|
||||
return "", false
|
||||
}
|
||||
}
|
||||
|
|
54
filters/main.go
Normal file
54
filters/main.go
Normal file
|
@ -0,0 +1,54 @@
|
|||
package filters
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"net"
|
||||
"os"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
// IsAkamai checks for the presence of the given IP in the Akamain CIDR.
|
||||
func IsAkamai(ip net.IP) bool {
|
||||
var file *os.File
|
||||
var err error
|
||||
if ip.To4() != nil {
|
||||
file, err = os.Open("filters/data/akamai.cidr")
|
||||
if err != nil {
|
||||
logrus.Fatal("filters#IsAkamai", err)
|
||||
}
|
||||
} else if ip.To16() != nil {
|
||||
file, err = os.Open("filters/data/akamaiv6.cidr")
|
||||
if err != nil {
|
||||
logrus.Fatal("filters#IsAkamai", err)
|
||||
}
|
||||
} else {
|
||||
logrus.Error("filters#IsAkamai#invalid ip format")
|
||||
return false
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
scanner := bufio.NewScanner(file)
|
||||
for scanner.Scan() {
|
||||
_, ipNet, err := net.ParseCIDR(scanner.Text())
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
if ipNet.Contains(ip) {
|
||||
return true
|
||||
}
|
||||
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// Check the version of the IP address (IPv4 or IPv6).
|
||||
func checkIPversion(ip string) (string, bool) {
|
||||
if net.ParseIP(ip).To4() != nil {
|
||||
return "IPv4", true
|
||||
} else if net.ParseIP(ip).To16() != nil {
|
||||
return "IPv6", true
|
||||
} else {
|
||||
return "", false
|
||||
}
|
||||
}
|
4
main.go
4
main.go
|
@ -156,8 +156,8 @@ func shodanRoutine(client *shodan.Client, shodanChan chan *shodan.HostData, conn
|
|||
|
||||
shodanNode := models.BuildShodanNode(banner)
|
||||
// first filter poc
|
||||
if !filters.IsAkamai(shodanNode.Data.IP) {
|
||||
fmt.Println("is not Akamai", shodanNode.Data.IP)
|
||||
if !filters.RunIPFilters(shodanNode.Data.IP) {
|
||||
fmt.Println("#### not found in filters", shodanNode.Data.IP)
|
||||
hostnames := shodanNode.Data.Hostnames
|
||||
if len(hostnames) != 0 {
|
||||
saveSingleValues(conn, "shodan_stream", "hostname", shodanNode.ID, hostnames)
|
||||
|
|
Loading…
Reference in a new issue