Filters for IP and shodan

filters/akamai.go

@@ -2,53 +2,51 @@ package filters
 
 import (
 	"bufio"
+	"io/ioutil"
 	"net"
 	"os"
+	"path/filepath"
+	"runtime"
 
 	"github.com/sirupsen/logrus"
 )
 
-// IsAkamai checks for the presence of the given IP in the Akamain CIDR.
-func IsAkamai(ip net.IP) bool {
-	var file *os.File
-	var err error
+var (
+	_, b, _, _ = runtime.Caller(0)
+	basepath   = filepath.Dir(b)
+)
+
+// RunFilters runs the battery of filters for an IP.
+func RunIPFilters(ip net.IP) bool {
 	if ip.To4() != nil {
-		file, err = os.Open("filters/data/akamai.cidr")
+		path := basepath + "/data/ipv4/"
+		sliceIPv4, err := ioutil.ReadDir(path)
 		if err != nil {
-			logrus.Fatal("filters#IsAkamai", err)
+			logrus.Warn("filters#ReadDir#ipv4", err)
+		}
+
+		for _, name := range sliceIPv4 {
+			f, err := os.OpenFile(path+name.Name(), 1, 0644)
+			if err != nil {
+				logrus.Warn("filters#OpenFile#", err)
+			}
+			scanner := bufio.NewScanner(f)
+			for scanner.Scan() {
+				_, ipNet, err := net.ParseCIDR(scanner.Text())
+				if err != nil {
+					continue
+				}
+				if ipNet.Contains(ip) {
+					return true
+				}
+			}
 		}
 	} else if ip.To16() != nil {
-		file, err = os.Open("filters/data/akamaiv6.cidr")
-		if err != nil {
-			logrus.Fatal("filters#IsAkamai", err)
-		}
+		// run ipv6 filter battery
 	} else {
-		logrus.Error("filters#IsAkamai#invalid ip format")
+		logrus.Error("filters#invalid IP format")
 		return false
 	}
-	defer file.Close()
 
-	scanner := bufio.NewScanner(file)
-	for scanner.Scan() {
-		_, ipNet, err := net.ParseCIDR(scanner.Text())
-		if err != nil {
-			continue
-		}
-		if ipNet.Contains(ip) {
-			return true
-		}
-
-	}
 	return false
 }
-
-// Check the version of the IP address (IPv4 or IPv6).
-func checkIPversion(ip string) (string, bool) {
-	if net.ParseIP(ip).To4() != nil {
-		return "IPv4", true
-	} else if net.ParseIP(ip).To16() != nil {
-		return "IPv6", true
-	} else {
-		return "", false
-	}
-}

filters/main.go

@@ -0,0 +1,54 @@
+package filters
+
+import (
+	"bufio"
+	"net"
+	"os"
+
+	"github.com/sirupsen/logrus"
+)
+
+// IsAkamai checks for the presence of the given IP in the Akamain CIDR.
+func IsAkamai(ip net.IP) bool {
+	var file *os.File
+	var err error
+	if ip.To4() != nil {
+		file, err = os.Open("filters/data/akamai.cidr")
+		if err != nil {
+			logrus.Fatal("filters#IsAkamai", err)
+		}
+	} else if ip.To16() != nil {
+		file, err = os.Open("filters/data/akamaiv6.cidr")
+		if err != nil {
+			logrus.Fatal("filters#IsAkamai", err)
+		}
+	} else {
+		logrus.Error("filters#IsAkamai#invalid ip format")
+		return false
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		_, ipNet, err := net.ParseCIDR(scanner.Text())
+		if err != nil {
+			continue
+		}
+		if ipNet.Contains(ip) {
+			return true
+		}
+
+	}
+	return false
+}
+
+// Check the version of the IP address (IPv4 or IPv6).
+func checkIPversion(ip string) (string, bool) {
+	if net.ParseIP(ip).To4() != nil {
+		return "IPv4", true
+	} else if net.ParseIP(ip).To16() != nil {
+		return "IPv6", true
+	} else {
+		return "", false
+	}
+}

main.go

@@ -156,8 +156,8 @@ func shodanRoutine(client *shodan.Client, shodanChan chan *shodan.HostData, conn
 
 			shodanNode := models.BuildShodanNode(banner)
 			// first filter poc
-			if !filters.IsAkamai(shodanNode.Data.IP) {
-				fmt.Println("is not Akamai", shodanNode.Data.IP)
+			if !filters.RunIPFilters(shodanNode.Data.IP) {
+				fmt.Println("#### not found in filters", shodanNode.Data.IP)
 				hostnames := shodanNode.Data.Hostnames
 				if len(hostnames) != 0 {
 					saveSingleValues(conn, "shodan_stream", "hostname", shodanNode.ID, hostnames)