├── .res ├── latest ├── app.ico └── logo.png ├── logs └── .gitignore ├── .github ├── CODEOWNERS ├── FUNDING.yml ├── dependabot.yml ├── ISSUE_TEMPLATE │ └── bug_report.md ├── workflows │ ├── labels.yml │ ├── released.yml │ ├── docs.yml │ └── build.yml ├── SUPPORT.md └── labels.yml ├── docs ├── .dockerignore ├── changelog.md ├── assets │ ├── logo.png │ ├── app │ │ ├── menu.png │ │ ├── dev │ │ │ ├── menu.png │ │ │ ├── sysmon │ │ │ │ ├── sysmon-install.png │ │ │ │ ├── sysmon-parsing.png │ │ │ │ └── sysmon-eventviewer.png │ │ │ ├── proxifier │ │ │ │ ├── proxifier-menu.png │ │ │ │ ├── proxifier-file-log.png │ │ │ │ ├── proxifier-services.png │ │ │ │ └── proxifier-menu-services.png │ │ │ └── wireshark │ │ │ │ ├── wireshark-capture.png │ │ │ │ ├── wireshark-parsing.png │ │ │ │ ├── wireshark-welcome.png │ │ │ │ └── wireshark-interfaces.png │ │ ├── root-folder.png │ │ └── telemetry │ │ │ ├── menu.png │ │ │ ├── ncsi │ │ │ ├── apply.png │ │ │ └── test.png │ │ │ └── firewall │ │ │ ├── menu.png │ │ │ ├── rules.png │ │ │ ├── addrules.png │ │ │ ├── removerules.png │ │ │ └── currentrules.png │ ├── favicon.ico │ ├── faq │ │ ├── ncsi-graph.png │ │ ├── no-internet-access.png │ │ └── could-not-connect-update-service.png │ ├── meta │ │ ├── favicon-128.png │ │ ├── favicon-16x16.png │ │ ├── favicon-32x32.png │ │ ├── favicon-96x96.png │ │ ├── mstile-144x144.png │ │ ├── mstile-150x150.png │ │ ├── mstile-310x150.png │ │ ├── mstile-310x310.png │ │ ├── mstile-70x70.png │ │ ├── favicon-196x196.png │ │ ├── apple-touch-icon-114x114.png │ │ ├── apple-touch-icon-120x120.png │ │ ├── apple-touch-icon-144x144.png │ │ ├── apple-touch-icon-152x152.png │ │ ├── apple-touch-icon-57x57.png │ │ ├── apple-touch-icon-60x60.png │ │ ├── apple-touch-icon-72x72.png │ │ └── apple-touch-icon-76x76.png │ ├── MSWin10_GDPR_Compliance.pdf │ ├── blocking-rules │ │ ├── eset │ │ │ └── eset-firewall.png │ │ ├── p2p │ │ │ └── p2p-win10-spy.png │ │ ├── proxifier │ │ │ └── proxifier-apply.png │ │ └── simplewall │ │ │ └── simplewall-win10-spy.png │ └── stylesheets │ │ └── extra.css ├── app │ ├── telemetry │ │ ├── index.md │ │ ├── ncsi.md │ │ └── firewall.md │ ├── dev │ │ ├── index.md │ │ ├── sysmon.md │ │ ├── wireshark.md │ │ └── proxifier.md │ └── index.md ├── blocking-rules │ ├── kaspersky.md │ ├── eset.md │ ├── proxifier.md │ ├── firewall.md │ ├── openwrt.md │ ├── p2p.md │ ├── simplewall.md │ ├── dnscrypt.md │ ├── hosts.md │ └── index.md ├── donate.md ├── Dockerfile ├── usage.md ├── download.md ├── reporting-issue.md ├── contributing.md ├── telemetry-info.md ├── index.md ├── faq.md └── _overrides │ └── main.html ├── .gitattributes ├── .gitignore ├── chocolatey ├── tools │ ├── chocolateyUninstall.ps1 │ ├── chocolateyInstall.ps1 │ └── VERIFICATION.txt └── windowsspyblocker.nuspec ├── app ├── utils │ ├── timeu │ │ └── timeu.go │ ├── pathu │ │ └── pathu.go │ ├── stringsu │ │ └── stringsu.go │ ├── print │ │ └── print.go │ ├── cmd │ │ └── cmd.go │ ├── data │ │ └── structs.go │ ├── windows │ │ └── windows.go │ ├── file │ │ └── file.go │ ├── netu │ │ └── netu.go │ ├── app │ │ └── app.go │ └── config │ │ └── config.go ├── cmds │ ├── dev │ │ ├── wireshark │ │ │ ├── interfaces.go │ │ │ └── event.go │ │ ├── extractdata.go │ │ ├── test │ │ │ ├── test.go │ │ │ ├── incompatible.go │ │ │ ├── hosts_aaaa.go │ │ │ ├── hosts.go │ │ │ └── firewall.go │ │ ├── sysmon │ │ │ ├── evtx.go │ │ │ └── event.go │ │ ├── proxifier │ │ │ └── event.go │ │ ├── mergestructs.go │ │ ├── dev.go │ │ └── diff │ │ │ └── diff.go │ └── telemetry │ │ ├── telemetry.go │ │ └── firewall │ │ └── firewall.go ├── dnsres │ ├── resolutions.go │ └── dnsres.go ├── ip6 │ └── ip6.go ├── menu │ └── menu.go └── settings.json ├── tools └── tools.go ├── .editorconfig ├── LICENSE ├── go.mod ├── main.go ├── README.md ├── data ├── proxifier │ ├── spy │ │ └── ips.txt │ └── update │ │ └── ips.txt ├── firewall │ ├── spy.txt │ └── update.txt ├── eset │ ├── spy.txt │ └── update.txt └── kaspersky │ ├── spy.txt │ └── update.txt └── mkdocs.yml /.res/latest: -------------------------------------------------------------------------------- 1 | 4.39.0 2 | -------------------------------------------------------------------------------- /logs/.gitignore: -------------------------------------------------------------------------------- 1 | *.tmp -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @crazy-max 2 | -------------------------------------------------------------------------------- /docs/.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !Dockerfile 3 | -------------------------------------------------------------------------------- /docs/changelog.md: -------------------------------------------------------------------------------- 1 | {!../CHANGELOG.md!} 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | /logs/** linguist-generated=true 2 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: crazy-max 2 | custom: https://www.paypal.me/crazyws 3 | -------------------------------------------------------------------------------- /.res/app.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/.res/app.ico -------------------------------------------------------------------------------- /.res/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/.res/logo.png -------------------------------------------------------------------------------- /docs/assets/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/logo.png -------------------------------------------------------------------------------- /docs/assets/app/menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/menu.png -------------------------------------------------------------------------------- /docs/assets/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/favicon.ico -------------------------------------------------------------------------------- /docs/assets/app/dev/menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/menu.png -------------------------------------------------------------------------------- /docs/assets/faq/ncsi-graph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/faq/ncsi-graph.png -------------------------------------------------------------------------------- /docs/assets/app/root-folder.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/root-folder.png -------------------------------------------------------------------------------- /docs/assets/meta/favicon-128.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/favicon-128.png -------------------------------------------------------------------------------- /docs/assets/app/telemetry/menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/telemetry/menu.png -------------------------------------------------------------------------------- /docs/assets/meta/favicon-16x16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/favicon-16x16.png -------------------------------------------------------------------------------- /docs/assets/meta/favicon-32x32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/favicon-32x32.png -------------------------------------------------------------------------------- /docs/assets/meta/favicon-96x96.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/favicon-96x96.png -------------------------------------------------------------------------------- /docs/assets/meta/mstile-144x144.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/mstile-144x144.png -------------------------------------------------------------------------------- /docs/assets/meta/mstile-150x150.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/mstile-150x150.png -------------------------------------------------------------------------------- /docs/assets/meta/mstile-310x150.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/mstile-310x150.png -------------------------------------------------------------------------------- /docs/assets/meta/mstile-310x310.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/mstile-310x310.png -------------------------------------------------------------------------------- /docs/assets/meta/mstile-70x70.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/mstile-70x70.png -------------------------------------------------------------------------------- /docs/assets/meta/favicon-196x196.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/favicon-196x196.png -------------------------------------------------------------------------------- /docs/assets/MSWin10_GDPR_Compliance.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/MSWin10_GDPR_Compliance.pdf -------------------------------------------------------------------------------- /docs/assets/app/telemetry/ncsi/apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/telemetry/ncsi/apply.png -------------------------------------------------------------------------------- /docs/assets/app/telemetry/ncsi/test.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/telemetry/ncsi/test.png -------------------------------------------------------------------------------- /docs/assets/faq/no-internet-access.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/faq/no-internet-access.png -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.idea 2 | /*.iml 3 | 4 | /.dev 5 | /bin 6 | /*.syso 7 | /*.exe 8 | /app.conf 9 | /app.manifest 10 | /versioninfo.json 11 | -------------------------------------------------------------------------------- /docs/assets/app/dev/sysmon/sysmon-install.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/sysmon/sysmon-install.png -------------------------------------------------------------------------------- /docs/assets/app/dev/sysmon/sysmon-parsing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/sysmon/sysmon-parsing.png -------------------------------------------------------------------------------- /docs/assets/app/telemetry/firewall/menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/telemetry/firewall/menu.png -------------------------------------------------------------------------------- /docs/assets/app/telemetry/firewall/rules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/telemetry/firewall/rules.png -------------------------------------------------------------------------------- /docs/assets/meta/apple-touch-icon-114x114.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/apple-touch-icon-114x114.png -------------------------------------------------------------------------------- /docs/assets/meta/apple-touch-icon-120x120.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/apple-touch-icon-120x120.png -------------------------------------------------------------------------------- /docs/assets/meta/apple-touch-icon-144x144.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/apple-touch-icon-144x144.png -------------------------------------------------------------------------------- /docs/assets/meta/apple-touch-icon-152x152.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/apple-touch-icon-152x152.png -------------------------------------------------------------------------------- /docs/assets/meta/apple-touch-icon-57x57.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/apple-touch-icon-57x57.png -------------------------------------------------------------------------------- /docs/assets/meta/apple-touch-icon-60x60.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/apple-touch-icon-60x60.png -------------------------------------------------------------------------------- /docs/assets/meta/apple-touch-icon-72x72.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/apple-touch-icon-72x72.png -------------------------------------------------------------------------------- /docs/assets/meta/apple-touch-icon-76x76.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/meta/apple-touch-icon-76x76.png -------------------------------------------------------------------------------- /docs/assets/app/telemetry/firewall/addrules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/telemetry/firewall/addrules.png -------------------------------------------------------------------------------- /docs/assets/app/dev/proxifier/proxifier-menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/proxifier/proxifier-menu.png -------------------------------------------------------------------------------- /docs/assets/app/dev/sysmon/sysmon-eventviewer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/sysmon/sysmon-eventviewer.png -------------------------------------------------------------------------------- /docs/assets/app/telemetry/firewall/removerules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/telemetry/firewall/removerules.png -------------------------------------------------------------------------------- /docs/assets/blocking-rules/eset/eset-firewall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/blocking-rules/eset/eset-firewall.png -------------------------------------------------------------------------------- /docs/assets/blocking-rules/p2p/p2p-win10-spy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/blocking-rules/p2p/p2p-win10-spy.png -------------------------------------------------------------------------------- /docs/assets/stylesheets/extra.css: -------------------------------------------------------------------------------- 1 | .md-header-nav__title { 2 | font-size: .85rem; 3 | } 4 | 5 | .md-typeset__table code { 6 | word-break: normal; 7 | } 8 | -------------------------------------------------------------------------------- /docs/assets/app/dev/proxifier/proxifier-file-log.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/proxifier/proxifier-file-log.png -------------------------------------------------------------------------------- /docs/assets/app/dev/proxifier/proxifier-services.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/proxifier/proxifier-services.png -------------------------------------------------------------------------------- /docs/assets/app/dev/wireshark/wireshark-capture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/wireshark/wireshark-capture.png -------------------------------------------------------------------------------- /docs/assets/app/dev/wireshark/wireshark-parsing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/wireshark/wireshark-parsing.png -------------------------------------------------------------------------------- /docs/assets/app/dev/wireshark/wireshark-welcome.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/wireshark/wireshark-welcome.png -------------------------------------------------------------------------------- /docs/assets/app/telemetry/firewall/currentrules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/telemetry/firewall/currentrules.png -------------------------------------------------------------------------------- /docs/assets/faq/could-not-connect-update-service.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/faq/could-not-connect-update-service.png -------------------------------------------------------------------------------- /docs/assets/app/dev/wireshark/wireshark-interfaces.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/wireshark/wireshark-interfaces.png -------------------------------------------------------------------------------- /docs/assets/app/dev/proxifier/proxifier-menu-services.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/app/dev/proxifier/proxifier-menu-services.png -------------------------------------------------------------------------------- /docs/assets/blocking-rules/proxifier/proxifier-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/blocking-rules/proxifier/proxifier-apply.png -------------------------------------------------------------------------------- /docs/assets/blocking-rules/simplewall/simplewall-win10-spy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/HEAD/docs/assets/blocking-rules/simplewall/simplewall-win10-spy.png -------------------------------------------------------------------------------- /chocolatey/tools/chocolateyUninstall.ps1: -------------------------------------------------------------------------------- 1 | $desktopPath = [Environment]::GetFolderPath("Desktop") 2 | $lnkPath = $desktopPath + "\WindowsSpyBlocker.lnk" 3 | 4 | if (Test-Path $lnkPath) 5 | { 6 | Write-Output "WindowsSpyBlocker: Removing Desktop shortcut file" 7 | Remove-Item $lnkPath 8 | } 9 | -------------------------------------------------------------------------------- /docs/app/telemetry/index.md: -------------------------------------------------------------------------------- 1 | # Telemetry menu 2 | 3 | ## Preview 4 | 5 | Telemetry menu allows you to apply rules to the Windows firewall and modify the NCSI. 6 | 7 | ![](../../assets/app/telemetry/menu.png) 8 | 9 | ## Menus 10 | 11 | * [**Firewall**](firewall.md) 12 | * [**NCSI**](ncsi.md) 13 | -------------------------------------------------------------------------------- /chocolatey/tools/chocolateyInstall.ps1: -------------------------------------------------------------------------------- 1 | $toolsDir = Split-Path $MyInvocation.MyCommand.Definition 2 | $desktopPath = [Environment]::GetFolderPath("Desktop") 3 | $lnkPath = $desktopPath + "\WindowsSpyBlocker.lnk" 4 | $exePath = Join-Path $toolsDir "WindowsSpyBlocker.exe" 5 | 6 | Install-ChocolateyShortcut -shortcutFilePath $lnkPath -targetPath $exePath 7 | -------------------------------------------------------------------------------- /app/utils/timeu/timeu.go: -------------------------------------------------------------------------------- 1 | package timeu 2 | 3 | import ( 4 | "fmt" 5 | "time" 6 | 7 | "github.com/akyoto/color" 8 | "github.com/hako/durafmt" 9 | ) 10 | 11 | var CurrentTime = time.Now().Local() 12 | 13 | // Track execution time 14 | func Track(start time.Time) { 15 | fmt.Print("\nTime spent: ") 16 | color.New(color.FgMagenta).Printf("%s\n", durafmt.Parse(time.Since(start))) 17 | } 18 | -------------------------------------------------------------------------------- /chocolatey/tools/VERIFICATION.txt: -------------------------------------------------------------------------------- 1 | VERIFICATION 2 | 3 | Verification is intended to assist the Chocolatey moderators and community 4 | in verifying that this package's contents are trustworthy. 5 | 6 | This package is published by CrazyMax, the author of WindowsSpyBlocker itself. 7 | Any binaries will be identical to other package types published by the project, 8 | in particular the WindowsSpyBlocker.exe artifact on GitHub. 9 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "gomod" 4 | directory: "/" 5 | schedule: 6 | interval: "daily" 7 | labels: 8 | - ":game_die: dependencies" 9 | - ":robot: bot" 10 | - package-ecosystem: "github-actions" 11 | directory: "/" 12 | schedule: 13 | interval: "daily" 14 | labels: 15 | - ":game_die: dependencies" 16 | - ":robot: bot" 17 | -------------------------------------------------------------------------------- /docs/blocking-rules/kaspersky.md: -------------------------------------------------------------------------------- 1 | # Kaspersky Firewall 2 | 3 | !!! info 4 | Kaspersky blocking rules available at [{{ config.repo_url }}tree/master/data/kaspersky]({{ config.repo_url }}tree/master/data/kaspersky) 5 | 6 | [Kaspersky Firewall](https://help.kaspersky.com/KSVLA/5.0/en-US/149707.htm) a proprietary firewall solution. 7 | 8 | You can integrate data specifically generated for Kaspersky Firewall from `data/kaspersky` folder. 9 | -------------------------------------------------------------------------------- /tools/tools.go: -------------------------------------------------------------------------------- 1 | //go:build tools 2 | // +build tools 3 | 4 | // Package tools tracks dependencies on binaries not referenced in this codebase. 5 | // https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module 6 | package tools 7 | 8 | import ( 9 | _ "github.com/josephspurrier/goversioninfo/cmd/goversioninfo" 10 | _ "github.com/kevinburke/go-bindata/go-bindata" 11 | _ "github.com/magefile/mage" 12 | ) 13 | -------------------------------------------------------------------------------- /docs/donate.md: -------------------------------------------------------------------------------- 1 | **WindowsSpyBlocker** :shield: is free and open source and always will be. 2 | 3 | All kinds of contributions are welcome! The most basic way to show your support is to 4 | [star the project]({{ config.repo_url }}), or to raise issues. 5 | 6 | You can also support this project by [**becoming a sponsor on GitHub**](https://github.com/sponsors/crazy-max) or 7 | by making a [Paypal donation](https://www.paypal.me/crazyws) to ensure this journey continues indefinitely! 8 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # This file is for unifying the coding style for different editors and IDEs. 2 | # More information at http://editorconfig.org 3 | 4 | root = true 5 | 6 | [*] 7 | charset = utf-8 8 | indent_size = 2 9 | indent_style = space 10 | end_of_line = lf 11 | insert_final_newline = true 12 | trim_trailing_whitespace = true 13 | 14 | [*.md] 15 | trim_trailing_whitespace = false 16 | 17 | [*.go] 18 | indent_style = tab 19 | 20 | [data/**] 21 | insert_final_newline = false 22 | -------------------------------------------------------------------------------- /docs/blocking-rules/eset.md: -------------------------------------------------------------------------------- 1 | # ESET Firewall 2 | 3 | !!! info 4 | ESET blocking rules available at [{{ config.repo_url }}tree/master/data/eset]({{ config.repo_url }}tree/master/data/firewall) 5 | 6 | [ESET Firewall](https://www.eset.com/us/firewall/) a proprietary firewall solution. 7 | 8 | You can integrate data specifically generated for ESET Firewall from `data/eset` folder. 9 | 10 | Here is a quick example: 11 | 12 | ![](../assets/blocking-rules/eset/eset-firewall.png) 13 | -------------------------------------------------------------------------------- /docs/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM squidfunk/mkdocs-material:7.2.6 2 | 3 | RUN apk add --no-cache \ 4 | git \ 5 | git-fast-import \ 6 | openssl \ 7 | && apk add --no-cache --virtual .build gcc musl-dev \ 8 | && pip install --no-cache-dir \ 9 | 'lunr' \ 10 | 'markdown-include' \ 11 | 'mkdocs-awesome-pages-plugin' \ 12 | 'mkdocs-exclude' \ 13 | 'mkdocs-git-revision-date-localized-plugin' \ 14 | 'mkdocs-macros-plugin' \ 15 | && apk del .build gcc musl-dev \ 16 | && rm -rf /tmp/* 17 | -------------------------------------------------------------------------------- /docs/app/dev/index.md: -------------------------------------------------------------------------------- 1 | # Dev menu 2 | 3 | ## Preview 4 | 5 | Dev menu mainly concerns developers or curious people who would like to contribute to WindowsSpyBlocker. 6 | Here several applications are used by WindowsSpyBlocker to generate, capture and audit traffic. 7 | 8 | ![](../../assets/app/dev/menu.png) 9 | 10 | ## Menus 11 | 12 | * _QEMU_ 13 | * [**Proxifier**](proxifier.md) 14 | * [**Sysmon**](sysmon.md) 15 | * [**Wireshark**](wireshark.md) 16 | * _Test_ 17 | * _Diff_ 18 | * _Merge_ 19 | * _Extract data_ 20 | -------------------------------------------------------------------------------- /docs/blocking-rules/proxifier.md: -------------------------------------------------------------------------------- 1 | # Proxifier 2 | 3 | !!! info 4 | Proxifier blocking rules available at [{{ config.repo_url }}tree/master/data/proxifier]({{ config.repo_url }}tree/master/data/proxifier) 5 | 6 | Some hosts are not blocked and required a top level application. For example you can use 7 | [Proxifier](https://www.proxifier.com/) software to block Microsoft telemetry. 8 | 9 | Copy the content of proxifier files in `data/proxifier` to a blocked rule: 10 | 11 | ![](../assets/blocking-rules/proxifier/proxifier-apply.png) 12 | -------------------------------------------------------------------------------- /app/cmds/dev/wireshark/interfaces.go: -------------------------------------------------------------------------------- 1 | package wireshark 2 | 3 | // Interface of network 4 | type Interface struct { 5 | ID int `json:"id"` 6 | Device string `json:"device"` 7 | Name string `json:"name"` 8 | } 9 | 10 | // Interfaces of network 11 | type Interfaces []Interface 12 | 13 | func (slice Interfaces) Len() int { 14 | return len(slice) 15 | } 16 | 17 | func (slice Interfaces) Less(i, j int) bool { 18 | return slice[i].ID < slice[j].ID 19 | } 20 | 21 | func (slice Interfaces) Swap(i, j int) { 22 | slice[i], slice[j] = slice[j], slice[i] 23 | } 24 | -------------------------------------------------------------------------------- /docs/usage.md: -------------------------------------------------------------------------------- 1 | # Usage 2 | 3 | The **WindowsSpyBlocker** project is split into two parts. 4 | 5 | The main part concerns the blocking rules for blocking telemetry and data collection on Windows. 6 | 7 | !!! abstract 8 | See the [Blocking rules page](blocking-rules/index.md) for more info. 9 | 10 | The other part concerns the WindowsSpyBlocker application which is composed of several menus, the main one being 11 | in charge of applying the blocking rules on your Windows firewall. 12 | 13 | !!! abstract 14 | See the [Application page](app/index.md) for more info. 15 | -------------------------------------------------------------------------------- /docs/download.md: -------------------------------------------------------------------------------- 1 | # Download 2 | 3 | WindowsSpyBlocker is available on [GitHub releases]({{ config.repo_url }}releases/latest) page. 4 | 5 | [Download WindowsSpyBlocker.exe]({{ config.repo_url }}releases/download/{{ git.tag | trim('v') }}/WindowsSpyBlocker.exe){: .md-button .md-button--primary } 6 | 7 | But also: 8 | 9 | * As a [Chocolatey package](https://chocolatey.org/packages/windowsspyblocker) that will allow you to benefit from automatic updates 10 | * As a [Scoop](https://scoop.sh/) package (`windowsspyblocker`) that will allow you to benefit from automatic updates 11 | -------------------------------------------------------------------------------- /docs/blocking-rules/firewall.md: -------------------------------------------------------------------------------- 1 | # Firewall 2 | 3 | !!! info 4 | Firewall blocking rules available at [{{ config.repo_url }}tree/master/data/firewall]({{ config.repo_url }}tree/master/data/firewall) 5 | 6 | Some queries use IPs addresses but you can stop them with your Firewall. 7 | 8 | All relative information about these IP addresses are listed in the CSV files `firewall-` in 9 | [**logs**]({{ config.repo_url }}/tree/master/logs) folder. 10 | 11 | To add/remove firewall rules or test IPs, read the instructions on the [Firewall app](../app/telemetry/firewall.md) 12 | page. 13 | -------------------------------------------------------------------------------- /app/utils/pathu/pathu.go: -------------------------------------------------------------------------------- 1 | package pathu 2 | 3 | import ( 4 | "os" 5 | "path" 6 | "path/filepath" 7 | 8 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/file" 9 | ) 10 | 11 | // List of paths relative to the executable path 12 | var ( 13 | Current, _ = filepath.Abs(filepath.Dir(os.Args[0])) 14 | Data = path.Join(Current, "data") 15 | Libs = path.Join(Current, "libs") 16 | Logs = path.Join(Current, "logs") 17 | Tmp = path.Join(Current, "tmp") 18 | ) 19 | 20 | func init() { 21 | file.CreateSubfolder(Libs) 22 | file.CreateSubfolder(Logs) 23 | file.CreateSubfolder(Tmp) 24 | } 25 | -------------------------------------------------------------------------------- /app/dnsres/resolutions.go: -------------------------------------------------------------------------------- 1 | package dnsres 2 | 3 | import ( 4 | "time" 5 | ) 6 | 7 | // Resolution structure 8 | type Resolution struct { 9 | Source string 10 | LastResolved time.Time 11 | IpOrDomain string 12 | } 13 | 14 | // Resolutions structure sorted by LastResolved 15 | type Resolutions []Resolution 16 | 17 | func (slice Resolutions) Len() int { 18 | return len(slice) 19 | } 20 | 21 | func (slice Resolutions) Less(i, j int) bool { 22 | return slice[i].LastResolved.After(slice[j].LastResolved) 23 | } 24 | 25 | func (slice Resolutions) Swap(i, j int) { 26 | slice[i], slice[j] = slice[j], slice[i] 27 | } 28 | -------------------------------------------------------------------------------- /docs/app/index.md: -------------------------------------------------------------------------------- 1 | # Application 2 | 3 | ## First launch 4 | 5 | When you execute WindowsSpyBlocker for the first time, a configuration file named `app.conf` is generated: 6 | 7 | ![](../assets/app/root-folder.png) 8 | 9 | This configuration file is especially necessary for people who want to contribute to the project through 10 | the [Dev menu](dev/index.md). 11 | 12 | ## Usage 13 | 14 | The application currently consists of two menus: 15 | 16 | * [**Telemetry** - _Block telemetry and data collection_](telemetry/index.md) 17 | * [**Dev** - _Several tools used by WindowsSpyBlocker_](dev/index.md) 18 | 19 | ![](../assets/app/menu.png) 20 | -------------------------------------------------------------------------------- /docs/blocking-rules/openwrt.md: -------------------------------------------------------------------------------- 1 | # OpenWrt 2 | 3 | !!! info 4 | OpenWrt blocking rules available at [{{ config.repo_url }}tree/master/data/openwrt]({{ config.repo_url }}tree/master/data/openwrt) 5 | 6 | DNS/IP block rules using dnsmasq/iptables are available in `data/openwrt` folder. These rules are currently compatible with 7 | OpenWrt version Chaos Calmer 15.05.1. 8 | 9 | Requires package `iptables-mod-nat-extra` for port 53 (DNS) redirect rule from dnsmasq.conf. `dnsmasq.conf` is 10 | bypassed if you use DNSCrypt on client machine (recommended) so use hosts before DNSCrypt exit point. 11 | 12 | DNSCrypt is also available in OpenWrt repo, but may be slow and CPU hungry on average routers, stay with the PC 13 | client as recommended. 14 | -------------------------------------------------------------------------------- /docs/app/telemetry/ncsi.md: -------------------------------------------------------------------------------- 1 | # NCSI 2 | 3 | Windows check a Microsoft site for connectivity, using the Network Connectivity Status Indicator site. NCSI performs a 4 | DNS lookup on `www.msftncsi.com` and sends a DNS lookup request for `dns.msftncsi.com`. 5 | 6 | You can block this probe by adding the content of the `data//extra.txt` hosts file. 7 | 8 | But you will have a ["No Internet access" warning in your system tray](../../faq.md#no-internet-access-on-my-network-card). 9 | 10 | To solve this issue you can use the Debian NCSI through `NCSI > Apply Debian NCSI`: 11 | 12 | ![](../../assets/app/telemetry/ncsi/apply.png) 13 | 14 | Then you can test your internet connection the Microsoft way: 15 | 16 | ![](../../assets/app/telemetry/ncsi/test.png) 17 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | --- 5 | 6 | ### Behaviour 7 | 8 | #### Steps to reproduce this issue 9 | 10 | 1. 11 | 2. 12 | 3. 13 | 14 | #### Expected behaviour 15 | 16 | > Tell me what should happen 17 | 18 | #### Actual behaviour 19 | 20 | > Tell me what happens instead 21 | 22 | ### Rules used 23 | 24 | > (ex: `data/firewall/spy.txt`) 25 | 26 | 1. 27 | 2. 28 | 3. 29 | 30 | ### Configuration 31 | 32 | **Country (ex. United-States)** : 33 | 34 | **Operating system (ex. Windows 10 Pro 64 bits)** : 35 | 36 | **Winver screenshot** : 37 | 38 | > Open a command prompt and type winver then take / save the screenshot of the window and drag the image file in this issue. For example: http://bit.ly/2vA5sxR 39 | -------------------------------------------------------------------------------- /docs/blocking-rules/p2p.md: -------------------------------------------------------------------------------- 1 | # P2P 2 | 3 | !!! info 4 | P2P blocking rules available at [{{ config.repo_url }}tree/master/data/p2p]({{ config.repo_url }}tree/master/data/p2p) 5 | 6 | The [P2P data format](https://en.wikipedia.org/wiki/PeerGuardian#P2P_plaintext_format) is the original format for 7 | PeerGuardian version 1.x and can be used with [PeerBlock](https://sourceforge.net/projects/peerblock), 8 | [PeerGuardian](http://sourceforge.net/projects/peerguardian/), [iplist](http://iplist.sourceforge.net/) and many others. 9 | 10 | You can integrate data specifically generated in the P2P format by copying the content of a `.txt` file located 11 | in `data/p2p`. 12 | 13 | Here is an example with PeerBlock and the data from `data/p2p/spy.txt`: 14 | 15 | ![](../assets/blocking-rules/p2p/p2p-win10-spy.png) 16 | -------------------------------------------------------------------------------- /docs/blocking-rules/simplewall.md: -------------------------------------------------------------------------------- 1 | # simplewall 2 | 3 | !!! info 4 | simplewall blocking rules available at [{{ config.repo_url }}tree/master/data/simplewall]({{ config.repo_url }}tree/master/data/simplewall) 5 | 6 | [simplewall](https://github.com/henrypp/simplewall) is a simple tool to configure Windows Filtering Platform (WFP) 7 | which can configure network activity on your computer. 8 | 9 | This application is basically a firewall using by default the spy rules of WindowsSpyBlocker embedded in the 10 | `blocklist.xml` file. 11 | 12 | You can integrate data specifically generated for simplewall from `data/simplewall` by copying the `blocklist.xml` file to the 13 | simplewall root folder. 14 | 15 | Here is an example with the `blocklist.xml` from `data/simplewall/spy/blocklist.xml`: 16 | 17 | ![](../assets/blocking-rules/simplewall/simplewall-win10-spy.png) 18 | -------------------------------------------------------------------------------- /docs/app/telemetry/firewall.md: -------------------------------------------------------------------------------- 1 | # Firewall 2 | 3 | WindowsSpyBlocker provides a tool to apply or remove network rules from your Windows firewall: 4 | 5 | ![](../../assets/app/telemetry/firewall/menu.png) 6 | 7 | To apply the WindowsSpyBlocker rules in your Windows firewall, launch `WindowsSpyBlocker.exe` and 8 | select `Firewall > Add spy rules`: 9 | 10 | ![](../../assets/app/telemetry/firewall/addrules.png) 11 | 12 | Here I choose **Add extra rules**. IPs are added in the Windows Firewall as outbound rules: 13 | 14 | ![](../../assets/app/telemetry/firewall/rules.png) 15 | 16 | If you want you can display the current rules applied in your firewall 17 | (`Firewall > Display your current WindowsSpyBlocker rules`): 18 | 19 | ![](../../assets/app/telemetry/firewall/currentrules.png) 20 | 21 | And remove them (`Firewall > Remove WindowsSpyBlocker rules`): 22 | 23 | ![](../../assets/app/telemetry/firewall/removerules.png) 24 | -------------------------------------------------------------------------------- /.github/workflows/labels.yml: -------------------------------------------------------------------------------- 1 | name: labels 2 | 3 | # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions 4 | permissions: 5 | contents: read 6 | 7 | on: 8 | push: 9 | branches: 10 | - 'master' 11 | paths: 12 | - '.github/labels.yml' 13 | - '.github/workflows/labels.yml' 14 | pull_request: 15 | paths: 16 | - '.github/labels.yml' 17 | - '.github/workflows/labels.yml' 18 | 19 | jobs: 20 | labeler: 21 | runs-on: ubuntu-latest 22 | permissions: 23 | # same as global permissions 24 | contents: read 25 | # required to update labels 26 | issues: write 27 | steps: 28 | - 29 | name: Checkout 30 | uses: actions/checkout@v3 31 | - 32 | name: Run Labeler 33 | uses: crazy-max/ghaction-github-labeler@v5 34 | with: 35 | dry-run: ${{ github.event_name == 'pull_request' }} 36 | -------------------------------------------------------------------------------- /app/cmds/dev/wireshark/event.go: -------------------------------------------------------------------------------- 1 | package wireshark 2 | 3 | import ( 4 | "bytes" 5 | "net" 6 | 7 | "github.com/crazy-max/WindowsSpyBlocker/app/dnsres" 8 | "github.com/crazy-max/WindowsSpyBlocker/app/whois" 9 | ) 10 | 11 | // Event of Wireshark 12 | type Event struct { 13 | IP string `json:"ip"` 14 | Count int `json:"count"` 15 | DnsRes dnsres.Resolutions `json:"dnsres"` 16 | Whois whois.Whois `json:"whois"` 17 | } 18 | 19 | // Events of Wireshark sorted by IP 20 | type Events []Event 21 | 22 | func (slice Events) Len() int { 23 | return len(slice) 24 | } 25 | 26 | func (slice Events) Less(i, j int) bool { 27 | ipA := net.ParseIP(slice[i].IP) 28 | ipB := net.ParseIP(slice[j].IP) 29 | switch bytes.Compare(ipA, ipB) { 30 | case -1: 31 | return true 32 | case 0, 1: 33 | return false 34 | default: 35 | return false 36 | } 37 | } 38 | 39 | func (slice Events) Swap(i, j int) { 40 | slice[i], slice[j] = slice[j], slice[i] 41 | } 42 | -------------------------------------------------------------------------------- /app/utils/stringsu/stringsu.go: -------------------------------------------------------------------------------- 1 | package stringsu 2 | 3 | import ( 4 | "strings" 5 | "unicode" 6 | ) 7 | 8 | // UcFirst make a string's first character uppercase 9 | func UcFirst(str string) string { 10 | for i, v := range str { 11 | return string(unicode.ToUpper(v)) + str[i+1:] 12 | } 13 | return "" 14 | } 15 | 16 | // StripSpaces strip spaces from a string 17 | func StripSpaces(str string) string { 18 | return strings.Map(func(r rune) rune { 19 | if unicode.IsSpace(r) { 20 | return -1 21 | } 22 | return r 23 | }, str) 24 | } 25 | 26 | // RemoveExtraSpaces remove extra spaces from a string 27 | func RemoveExtraSpaces(str string) string { 28 | return strings.Join(strings.Fields(str), " ") 29 | } 30 | 31 | // InSlice checks if a slice contains a string 32 | func InSlice(needle string, slice []string) bool { 33 | set := make(map[string]struct{}, len(slice)) 34 | for _, s := range slice { 35 | set[s] = struct{}{} 36 | } 37 | _, ok := set[needle] 38 | return ok 39 | } 40 | -------------------------------------------------------------------------------- /app/cmds/telemetry/telemetry.go: -------------------------------------------------------------------------------- 1 | package telemetry 2 | 3 | import ( 4 | "github.com/akyoto/color" 5 | "github.com/crazy-max/WindowsSpyBlocker/app/cmds/telemetry/firewall" 6 | "github.com/crazy-max/WindowsSpyBlocker/app/cmds/telemetry/ncsi" 7 | "github.com/crazy-max/WindowsSpyBlocker/app/menu" 8 | ) 9 | 10 | // Menu of Telemetry 11 | func Menu(args ...string) (err error) { 12 | menuCommands := []menu.CommandOption{ 13 | { 14 | Description: "> Firewall : Add or remove firewall rules and resolve IPs adresses", 15 | Color: color.FgYellow, 16 | Function: firewall.Menu, 17 | }, 18 | { 19 | Description: "> NCSI : Apply an alternate NCSI and test your internet connection the Microsoft way", 20 | Color: color.FgYellow, 21 | Function: ncsi.Menu, 22 | }, 23 | } 24 | 25 | menuOptions := menu.NewOptions("Telemetry", "'menu' for help [telemetry]> ", 0, "") 26 | 27 | menuN := menu.NewMenu(menuCommands, menuOptions) 28 | menuN.Start() 29 | return 30 | } 31 | -------------------------------------------------------------------------------- /app/cmds/dev/extractdata.go: -------------------------------------------------------------------------------- 1 | package dev 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "path" 7 | "strings" 8 | "time" 9 | 10 | "github.com/crazy-max/WindowsSpyBlocker/app/bindata" 11 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/pathu" 12 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 13 | ) 14 | 15 | func extractData(args ...string) (err error) { 16 | fmt.Println() 17 | 18 | if _, err := os.Stat(pathu.Data); err == nil { 19 | dataBackupPath := path.Join(pathu.Current, fmt.Sprintf("%s.%s", "data", time.Now().Format("20060102150405"))) 20 | fmt.Printf("Backing current data folder in %s... ", strings.TrimLeft(dataBackupPath, pathu.Current)) 21 | if err := os.Rename(pathu.Data, dataBackupPath); err != nil { 22 | print.Error(err) 23 | return nil 24 | } 25 | print.Ok() 26 | } 27 | 28 | fmt.Printf("Extracting data in %s... ", pathu.Data) 29 | if err := bindata.RestoreAssets(pathu.Current, "data"); err != nil { 30 | print.Error(err) 31 | } 32 | print.Ok() 33 | 34 | return nil 35 | } 36 | -------------------------------------------------------------------------------- /app/cmds/dev/test/test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "github.com/akyoto/color" 5 | "github.com/crazy-max/WindowsSpyBlocker/app/menu" 6 | ) 7 | 8 | // Menu of Firewall 9 | func Menu(args ...string) (err error) { 10 | menuCommands := []menu.CommandOption{ 11 | { 12 | Description: "Test firewall IPs", 13 | Color: color.FgHiYellow, 14 | Function: testFirewallIps, 15 | }, 16 | { 17 | Description: "Test domains lookup", 18 | Color: color.FgHiYellow, 19 | Function: testHostsLookup, 20 | }, 21 | { 22 | Description: "Test domains AAAA lookup", 23 | Color: color.FgHiYellow, 24 | Function: testHostsAAAALookup, 25 | }, 26 | { 27 | Description: "Find incompatible rules", 28 | Color: color.FgHiYellow, 29 | Function: findIncompatibleRules, 30 | }, 31 | } 32 | 33 | menuOptions := menu.NewOptions("Test", "'menu' for help [dev-test]> ", 0, "") 34 | 35 | menuN := menu.NewMenu(menuCommands, menuOptions) 36 | menuN.Start() 37 | return 38 | } 39 | -------------------------------------------------------------------------------- /.github/workflows/released.yml: -------------------------------------------------------------------------------- 1 | name: released 2 | 3 | # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions 4 | permissions: 5 | contents: read 6 | 7 | on: 8 | release: 9 | types: 10 | - published 11 | 12 | jobs: 13 | virustotal: 14 | runs-on: ubuntu-latest 15 | permissions: 16 | # required to write GitHub Release body 17 | contents: write 18 | steps: 19 | - 20 | name: VirusTotal Monitor Scan 21 | uses: crazy-max/ghaction-virustotal@v4 22 | with: 23 | vt_api_key: ${{ secrets.VT_MONITOR_API_KEY }} 24 | vt_monitor: true 25 | monitor_path: /${{ github.event.repository.name }}/${{ github.event.release.tag_name }} 26 | update_release_body: false 27 | files: | 28 | WindowsSpyBlocker.exe 29 | - 30 | name: VirusTotal Scan 31 | uses: crazy-max/ghaction-virustotal@v4 32 | with: 33 | vt_api_key: ${{ secrets.VT_API_KEY }} 34 | update_release_body: true 35 | files: | 36 | WindowsSpyBlocker.exe 37 | -------------------------------------------------------------------------------- /app/cmds/dev/sysmon/evtx.go: -------------------------------------------------------------------------------- 1 | package sysmon 2 | 3 | type Evtx struct { 4 | Event Eventx `json:"Event"` 5 | } 6 | 7 | type Eventx struct { 8 | EventData EvtxData `json:"EventData"` 9 | } 10 | 11 | type EvtxData struct { 12 | DestinationHostname string `json:"DestinationHostname"` 13 | DestinationIp string `json:"DestinationIp"` 14 | DestinationIsIpv6 string `json:"DestinationIsIpv6"` 15 | DestinationPort string `json:"DestinationPort"` 16 | DestinationPortName string `json:"DestinationPortName"` 17 | Image string `json:"Image"` 18 | Initiated string `json:"Initiated"` 19 | ProcessGuid string `json:"ProcessGuid"` 20 | ProcessId string `json:"ProcessId"` 21 | Protocol string `json:"Protocol"` 22 | SourceHostname string `json:"SourceHostname"` 23 | SourceIp string `json:"SourceIp"` 24 | SourceIsIpv6 string `json:"SourceIsIpv6"` 25 | SourcePort string `json:"SourcePort"` 26 | SourcePortName string `json:"SourcePortName"` 27 | User string `json:"User"` 28 | UtcTime string `json:"UtcTime"` 29 | } 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016-2022 CrazyMax 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /app/utils/print/print.go: -------------------------------------------------------------------------------- 1 | package print 2 | 3 | import ( 4 | "bufio" 5 | "encoding/json" 6 | "fmt" 7 | "os" 8 | 9 | "github.com/akyoto/color" 10 | ) 11 | 12 | // Error printed in red color 13 | func Error(err error) { 14 | color.New(color.FgRed).Printf("Error: %s\n", err.Error()) 15 | } 16 | 17 | // ErrorStr printed in red color 18 | func ErrorStr(str string) { 19 | color.New(color.FgRed).Printf("Error: %s\n", str) 20 | } 21 | 22 | // Ok printed in green color 23 | func Ok() { 24 | color.New(color.FgGreen).Print("OK!\n") 25 | } 26 | 27 | // RegString printed in color 28 | func RegString(name string, value string) { 29 | color.New(color.FgYellow).Printf("%s", name) 30 | fmt.Print(" = ") 31 | color.New(color.FgCyan).Printf("%s\n", value) 32 | } 33 | 34 | // Pretty print of struct or slice 35 | func Pretty(v interface{}) { 36 | b, _ := json.MarshalIndent(v, "", " ") 37 | fmt.Println(string(b)) 38 | } 39 | 40 | // QuitFatal quit the app and wait for user input 41 | func QuitFatal(err error) { 42 | color.New(color.FgHiRed, color.Bold).Printf("\nFatal: %s\n", err.Error()) 43 | fmt.Print("Press Enter to exit...") 44 | reader := bufio.NewReader(os.Stdin) 45 | reader.ReadString('\n') 46 | os.Exit(1) 47 | } 48 | -------------------------------------------------------------------------------- /docs/blocking-rules/dnscrypt.md: -------------------------------------------------------------------------------- 1 | # DNSCrypt 2 | 3 | !!! info 4 | DNSCrypt blocking rules available at [{{ config.repo_url }}tree/master/data/dnscrypt]({{ config.repo_url }}tree/master/data/firewall) 5 | 6 | [DNSCrypt](https://dnscrypt.org/) is a protocol for securing communications between a client and a DNS resolver. 7 | With this tool you can blacklist some domains with the plugin 8 | [libdcplugin_example_ldns_blocking](https://github.com/jedisct1/dnscrypt-proxy#plugins) and add domains with 9 | leading and trailing wildcards. 10 | 11 | To install DNSCrypt on Windows, read the 12 | [instructions](https://github.com/dnscrypt/dnscrypt-proxy/wiki/Installation-Windows) on the official 13 | GitHub repository. 14 | 15 | Copy the content of the dnscrypt files in the repository in a file called for example `C:\blacklisted-domains.txt` 16 | and enter this command: 17 | 18 | ```text 19 | dnscrypt-proxy -R --plugin=libdcplugin_example_ldns_blocking.dll,--domains=C:\blacklisted-domains.txt 20 | ``` 21 | 22 | Replace `` with a [public DNS resolvers supporting DNSCrypt](https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md) 23 | you want to use. Note its name in the first column (for example: `dnscrypt.org-fr`). 24 | -------------------------------------------------------------------------------- /docs/blocking-rules/hosts.md: -------------------------------------------------------------------------------- 1 | # Hosts 2 | 3 | !!! info 4 | Hosts blocking rules available at [{{ config.repo_url }}tree/master/data/hosts]({{ config.repo_url }}tree/master/data/hosts) 5 | 6 | Copy/paste the content of files from [`data/hosts`]({{ config.repo_url }}/tree/master/data/hosts) folder 7 | in your Windows hosts file located at `C:\Windows\System32\drivers\etc\hosts`. 8 | 9 | You can use the [HostsMan](http://www.abelhadigital.com/hostsman) freeware (or 10 | its [portable release](https://portapps.io/app/hostsman-portable/)) to keep update your hosts file: 11 | 12 | !!! abstract "Hosts blocklist links" 13 | * spy: [https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt](https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt) 14 | * update: [https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt](https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt) 15 | * extra: [https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt](https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt) 16 | 17 | !!! tip 18 | `[spy|update|extra]_v6.txt` handle IPv6 blocking. 19 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/crazy-max/WindowsSpyBlocker 2 | 3 | go 1.18 4 | 5 | require ( 6 | github.com/0xrawsec/golang-evtx v1.2.9 7 | github.com/PuerkitoBio/goquery v1.8.0 8 | github.com/akyoto/color v1.8.12 9 | github.com/cavaliergopher/grab/v3 v3.0.1 10 | github.com/cevaris/ordered_map v0.0.0-20190319150403-3adeae072e73 11 | github.com/go-ole/go-ole v1.2.6 12 | github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b 13 | github.com/josephspurrier/goversioninfo v1.4.0 14 | github.com/kevinburke/go-bindata v3.24.0+incompatible 15 | github.com/magefile/mage v1.14.0 16 | github.com/mcuadros/go-version v0.0.0-20190830083331-035f6764e8d2 17 | github.com/miekg/dns v1.1.50 18 | github.com/pkg/errors v0.9.1 19 | golang.org/x/sys v0.0.0-20220513210249-45d2b4557a2a 20 | ) 21 | 22 | require ( 23 | github.com/0xrawsec/golang-utils v1.3.0 // indirect 24 | github.com/akavel/rsrc v0.10.2 // indirect 25 | github.com/akyoto/colorable v0.1.7 // indirect 26 | github.com/akyoto/tty v0.1.4 // indirect 27 | github.com/andybalholm/cascadia v1.3.1 // indirect 28 | golang.org/x/mod v0.4.2 // indirect 29 | golang.org/x/net v0.0.0-20210916014120-12bc252f5db8 // indirect 30 | golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2 // indirect 31 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect 32 | ) 33 | -------------------------------------------------------------------------------- /app/utils/cmd/cmd.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "bytes" 5 | "os/exec" 6 | "strings" 7 | 8 | "golang.org/x/sys/windows" 9 | ) 10 | 11 | // Options of command 12 | type Options struct { 13 | Command string 14 | Args []string 15 | WorkingDir string 16 | HideWindow bool 17 | } 18 | 19 | // Result of command 20 | type Result struct { 21 | Options Options 22 | ExitCode int32 23 | Stdout string 24 | Stderr string 25 | } 26 | 27 | // Exec command wrapper 28 | func Exec(options Options) (Result, error) { 29 | result := Result{ 30 | Options: options, 31 | ExitCode: -1, 32 | } 33 | 34 | cmd := exec.Command(options.Command, options.Args...) 35 | cmdStdout := &bytes.Buffer{} 36 | cmdStderr := &bytes.Buffer{} 37 | cmd.Stdout = cmdStdout 38 | cmd.Stderr = cmdStderr 39 | cmd.SysProcAttr = &windows.SysProcAttr{HideWindow: options.HideWindow} 40 | 41 | if options.WorkingDir != "" { 42 | cmd.Dir = options.WorkingDir 43 | } 44 | 45 | if err := cmd.Start(); err != nil { 46 | return result, err 47 | } 48 | 49 | if err := cmd.Wait(); err != nil { 50 | if exitErr, ok := err.(*exec.ExitError); ok { 51 | if status, ok := exitErr.Sys().(windows.WaitStatus); ok { 52 | result.ExitCode = int32(status.ExitStatus()) 53 | } 54 | } 55 | } else { 56 | result.ExitCode = 0 57 | } 58 | 59 | result.Stdout = strings.TrimSpace(cmdStdout.String()) 60 | result.Stderr = strings.TrimSpace(cmdStderr.String()) 61 | return result, nil 62 | } 63 | -------------------------------------------------------------------------------- /docs/reporting-issue.md: -------------------------------------------------------------------------------- 1 | # Reporting an issue 2 | 3 | ## Before submitting an issue 4 | 5 | First, [be a good guy](https://github.com/kossnocorp/etiquette/blob/master/README.md). 6 | 7 | Please do a search in [open issues]({{ config.repo_url }}issues?utf8=%E2%9C%93&q=) to see if the issue or feature 8 | request has already been filed. 9 | 10 | If you find your issue already exists, make relevant comments and add your 11 | [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). 12 | Use a reaction in place of a "+1" comment. 13 | 14 | :+1: - upvote 15 | 16 | :-1: - downvote 17 | 18 | If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below. 19 | 20 | ## Writing good bug reports and feature requests 21 | 22 | File a single issue per problem and feature request. 23 | 24 | * Do not enumerate multiple bugs or feature requests in the same issue. 25 | * Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes. 26 | 27 | The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix. 28 | 29 | You are now ready to [create a new issue]({{ config.repo_url }}issues/new/choose)! 30 | 31 | ## Closure policy 32 | 33 | * Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines. 34 | * Issues that go a week without a response from original poster are subject to closure at our discretion. 35 | -------------------------------------------------------------------------------- /.github/SUPPORT.md: -------------------------------------------------------------------------------- 1 | # Support [![](https://isitmaintained.com/badge/resolution/crazy-max/WindowsSpyBlocker.svg)](https://isitmaintained.com/project/crazy-max/WindowsSpyBlocker) 2 | 3 | ## Reporting an issue 4 | 5 | Please do a search in [open issues](https://github.com/crazy-max/WindowsSpyBlocker/issues?utf8=%E2%9C%93&q=) to see if the issue or feature request has already been filed. 6 | 7 | If you find your issue already exists, make relevant comments and add your [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place of a "+1" comment. 8 | 9 | :+1: - upvote 10 | 11 | :-1: - downvote 12 | 13 | If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below. 14 | 15 | ## Writing good bug reports and feature requests 16 | 17 | File a single issue per problem and feature request. 18 | 19 | * Do not enumerate multiple bugs or feature requests in the same issue. 20 | * Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes. 21 | 22 | The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix. 23 | 24 | You are now ready to [create a new issue](https://github.com/crazy-max/WindowsSpyBlocker/issues/new/choose)! 25 | 26 | ## Closure policy 27 | 28 | * Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines. 29 | * Issues that go a week without a response from original poster are subject to closure at my discretion. 30 | -------------------------------------------------------------------------------- /docs/contributing.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Hi there! I'm thrilled that you'd like to contribute to this project. Your help is essential for keeping it great. 4 | 5 | Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) 6 | to the public under the [project's open source license]({{ config.repo_url }}/blob/master/LICENSE). 7 | 8 | ## Submitting a pull request 9 | 10 | 1. [Fork]({{ config.repo_url }}fork) and clone the repository 11 | 2. Create a new branch: `git checkout -b my-branch-name` 12 | 3. Make your changes 13 | 4. Build with [Mage](https://magefile.org/): `mage build` 14 | 5. Push to your fork and [submit a pull request]({{ config.repo_url }}compare) 15 | 6. Pat your self on the back and wait for your pull request to be reviewed and merged. 16 | 17 | Here are a few things you can do that will increase the likelihood of your pull request being accepted: 18 | 19 | * Make sure the `README.md` and any other relevant **documentation are kept up-to-date**. 20 | * I try to follow [SemVer v2.0.0](https://semver.org/). Randomly breaking public APIs is not an option. 21 | * Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent 22 | upon each other, consider submitting them as **separate pull requests**. 23 | * Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html). 24 | 25 | ## Resources 26 | 27 | * [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/) 28 | * [Using Pull Requests](https://help.github.com/articles/about-pull-requests/) 29 | * [GitHub Help](https://help.github.com) 30 | -------------------------------------------------------------------------------- /app/cmds/dev/proxifier/event.go: -------------------------------------------------------------------------------- 1 | package proxifier 2 | 3 | import ( 4 | "bytes" 5 | "net" 6 | "time" 7 | 8 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/netu" 9 | "github.com/crazy-max/WindowsSpyBlocker/app/whois" 10 | ) 11 | 12 | // Event of Proxifier 13 | type Event struct { 14 | Date time.Time `json:"date"` 15 | Exe string `json:"exe"` 16 | Pid int `json:"pid"` 17 | Account string `json:"account"` 18 | Host string `json:"host"` 19 | Whois whois.Whois `json:"whois"` 20 | Count int `json:"count"` 21 | } 22 | 23 | // EventsSortHost of Proxifier sorted by Host 24 | type EventsSortHost []Event 25 | 26 | // EventsSortDate of Proxifier sorted by Date 27 | type EventsSortDate []Event 28 | 29 | func (slice EventsSortHost) Len() int { 30 | return len(slice) 31 | } 32 | 33 | func (slice EventsSortHost) Less(i, j int) bool { 34 | hostA := []byte(slice[i].Host) 35 | if netu.IsValidIPv4(slice[i].Host) { 36 | hostA = net.ParseIP(slice[i].Host) 37 | } 38 | hostB := []byte(slice[j].Host) 39 | if netu.IsValidIPv4(slice[j].Host) { 40 | hostB = net.ParseIP(slice[j].Host) 41 | } 42 | switch bytes.Compare(hostA, hostB) { 43 | case -1: 44 | return true 45 | case 0, 1: 46 | return false 47 | default: 48 | return false 49 | } 50 | } 51 | 52 | func (slice EventsSortHost) Swap(i, j int) { 53 | slice[i], slice[j] = slice[j], slice[i] 54 | } 55 | 56 | func (slice EventsSortDate) Len() int { 57 | return len(slice) 58 | } 59 | 60 | func (slice EventsSortDate) Less(i, j int) bool { 61 | return slice[i].Date.Before(slice[j].Date) 62 | } 63 | 64 | func (slice EventsSortDate) Swap(i, j int) { 65 | slice[i], slice[j] = slice[j], slice[i] 66 | } 67 | -------------------------------------------------------------------------------- /app/cmds/dev/mergestructs.go: -------------------------------------------------------------------------------- 1 | package dev 2 | 3 | import ( 4 | "bytes" 5 | "net" 6 | "strings" 7 | 8 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/netu" 9 | ) 10 | 11 | type ip struct { 12 | IP string `json:"ip"` 13 | } 14 | 15 | type ips []ip 16 | 17 | func (slice ips) Len() int { 18 | return len(slice) 19 | } 20 | 21 | func (slice ips) Less(i, j int) bool { 22 | ipA := net.ParseIP(slice[i].IP) 23 | if netu.IsValidIpv4Range(slice[i].IP) { 24 | if ipsRange, err := netu.GetIpsFromIPRange(slice[i].IP); err == nil { 25 | ipA = net.ParseIP(ipsRange[0]) 26 | } 27 | } else if strings.Contains(slice[i].IP, "/") { 28 | if ipsCidr, err := netu.GetIpsFromCIDR(slice[i].IP); err == nil { 29 | ipA = net.ParseIP(ipsCidr[0]) 30 | } 31 | } 32 | ipB := net.ParseIP(slice[j].IP) 33 | if netu.IsValidIpv4Range(slice[j].IP) { 34 | if ipsRange, err := netu.GetIpsFromIPRange(slice[j].IP); err == nil { 35 | ipB = net.ParseIP(ipsRange[0]) 36 | } 37 | } else if strings.Contains(slice[j].IP, "/") { 38 | if ipsCidr, err := netu.GetIpsFromCIDR(slice[j].IP); err == nil { 39 | ipB = net.ParseIP(ipsCidr[0]) 40 | } 41 | } 42 | 43 | switch bytes.Compare(ipA, ipB) { 44 | case -1: 45 | return true 46 | case 0, 1: 47 | return false 48 | default: 49 | return false 50 | } 51 | } 52 | 53 | func (slice ips) Swap(i, j int) { 54 | slice[i], slice[j] = slice[j], slice[i] 55 | } 56 | 57 | type hosts []host 58 | 59 | func (slice hosts) Len() int { 60 | return len(slice) 61 | } 62 | 63 | type host struct { 64 | Domain string `json:"domain"` 65 | } 66 | 67 | func (slice hosts) Less(i, j int) bool { 68 | return slice[i].Domain < slice[j].Domain 69 | } 70 | 71 | func (slice hosts) Swap(i, j int) { 72 | slice[i], slice[j] = slice[j], slice[i] 73 | } 74 | -------------------------------------------------------------------------------- /app/cmds/dev/sysmon/event.go: -------------------------------------------------------------------------------- 1 | package sysmon 2 | 3 | import ( 4 | "bytes" 5 | "net" 6 | "time" 7 | 8 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/netu" 9 | "github.com/crazy-max/WindowsSpyBlocker/app/whois" 10 | ) 11 | 12 | // Event of Sysmon 13 | type Event struct { 14 | Date time.Time `json:"date"` 15 | Process string `json:"process"` 16 | Protocol string `json:"protocol"` 17 | Host string `json:"host"` 18 | Port int `json:"port"` 19 | PortName string `json:"port_name"` 20 | Whois whois.Whois `json:"whois"` 21 | Count int `json:"count"` 22 | } 23 | 24 | // EventsSortHost are Sysmon events sorted by Host 25 | type EventsSortHost []Event 26 | 27 | // EventsSortDate are Sysmon events sorted by Date 28 | type EventsSortDate []Event 29 | 30 | func (slice EventsSortHost) Len() int { 31 | return len(slice) 32 | } 33 | 34 | func (slice EventsSortHost) Less(i, j int) bool { 35 | hostA := []byte(slice[i].Host) 36 | if netu.IsValidIPv4(slice[i].Host) { 37 | hostA = net.ParseIP(slice[i].Host) 38 | } 39 | hostB := []byte(slice[j].Host) 40 | if netu.IsValidIPv4(slice[j].Host) { 41 | hostB = net.ParseIP(slice[j].Host) 42 | } 43 | switch bytes.Compare(hostA, hostB) { 44 | case -1: 45 | return true 46 | case 0, 1: 47 | return false 48 | default: 49 | return false 50 | } 51 | } 52 | 53 | func (slice EventsSortHost) Swap(i, j int) { 54 | slice[i], slice[j] = slice[j], slice[i] 55 | } 56 | 57 | func (slice EventsSortDate) Len() int { 58 | return len(slice) 59 | } 60 | 61 | func (slice EventsSortDate) Less(i, j int) bool { 62 | return slice[i].Date.Before(slice[j].Date) 63 | } 64 | 65 | func (slice EventsSortDate) Swap(i, j int) { 66 | slice[i], slice[j] = slice[j], slice[i] 67 | } 68 | -------------------------------------------------------------------------------- /app/cmds/dev/test/incompatible.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "fmt" 5 | "strings" 6 | 7 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/stringsu" 8 | 9 | "github.com/akyoto/color" 10 | 11 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/data" 12 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 13 | ) 14 | 15 | func findIncompatibleRules(args ...string) error { 16 | extraSubnet := getSubnetIPs(data.RULES_EXTRA) 17 | spySubnet := getSubnetIPs(data.RULES_SPY) 18 | updateSubnet := getSubnetIPs(data.RULES_UPDATE) 19 | 20 | compareWith(data.RULES_EXTRA, extraSubnet, data.RULES_SPY, spySubnet) 21 | compareWith(data.RULES_SPY, spySubnet, data.RULES_UPDATE, updateSubnet) 22 | compareWith(data.RULES_UPDATE, updateSubnet, data.RULES_EXTRA, extraSubnet) 23 | 24 | return nil 25 | } 26 | 27 | func compareWith(rule1 string, subnetIPs1 []string, rule2 string, subnetIPs2 []string) { 28 | fmt.Print("\nChecking ") 29 | color.New(color.FgMagenta).Printf("%s", rule1) 30 | fmt.Print(" against ") 31 | color.New(color.FgMagenta).Printf("%s", rule2) 32 | fmt.Print("...\n") 33 | for _, subnetIP1 := range subnetIPs1 { 34 | for _, subnetIP2 := range subnetIPs2 { 35 | if subnetIP1 == subnetIP2 { 36 | color.New(color.FgRed).Printf(" %s\n", subnetIP2) 37 | } 38 | } 39 | } 40 | } 41 | 42 | func getSubnetIPs(rule string) []string { 43 | var subnetIPs []string 44 | 45 | checkIPs, err := data.GetFirewallIpsByRule(rule) 46 | if err != nil { 47 | print.Error(err) 48 | return nil 49 | } 50 | for _, checkIP := range checkIPs { 51 | checkIPSp := strings.Split(checkIP.IP, ".") 52 | checkSubnet := checkIPSp[0] + "." + checkIPSp[1] + "." + checkIPSp[2] 53 | if !stringsu.InSlice(checkSubnet, subnetIPs) { 54 | subnetIPs = append(subnetIPs, checkSubnet) 55 | } 56 | } 57 | 58 | return subnetIPs 59 | } 60 | -------------------------------------------------------------------------------- /docs/app/dev/sysmon.md: -------------------------------------------------------------------------------- 1 | # Sysmon 2 | 3 | !!! info 4 | [Sysmon](https://technet.microsoft.com/en-us/sysinternals/sysmon) is an advanced background monitor that records 5 | process-related activity to the event log. 6 | 7 | ## Capture 8 | 9 | This application is available through the WindowsSpyBlocker executable. To install Sysmon, execute 10 | `WindowsSpyBlocker.exe` and choose the `Install` option in `Dev > Sysmon`. 11 | 12 | ![](../../assets/app/dev/sysmon/sysmon-install.png) 13 | 14 | This installs Sysmon as a service that will survive reboots, collect network connection information, record MD5 hashes for all created processes, and record loading of modules. 15 | 16 | Everything will be recorded in the Windows event log in `C:\Windows\System32\winevt\Logs\Microsoft-Windows-Sysmon%4Operational.evtx`. 17 | 18 | You can see every events in the Event Viewer window through `Start > Run > eventvwr`: 19 | 20 | ![](../../assets/app/dev/sysmon/sysmon-eventviewer.png) 21 | 22 | ## Parsing 23 | 24 | WindowsSpyBlocker can be used to parse events and generate CSV files. 25 | 26 | !!! warning 27 | Do not forget to edit the `app.conf` file before continuing 28 | 29 | * **sysmon** 30 | * **evtxPath**: Path to the event log. 31 | * **exclude** 32 | * **ips**: exclude IPs addresses from parsing. Ranges are allowed and in most cases you have to exclude your local network. 33 | * **hosts**: exclude domains from parsing. Wildcard are allowed and in most cases you have to exclude your local network. 34 | * **orgs**: exclude by whois organization from parsing. Wildcard are allowed and in most cases you have to exclude your ISP. 35 | 36 | Launch `WindowsSpyBlocker.exe` and select `Dev > Sysmon > Extract log`: 37 | 38 | ![](../../assets/app/dev/sysmon/sysmon-parsing.png) 39 | 40 | CSV files will be generated in `logs/` folder: 41 | 42 | * `sysmon-all.csv` 43 | * `sysmon-hosts-count.csv` 44 | * `sysmon-unique.csv` 45 | -------------------------------------------------------------------------------- /app/cmds/dev/dev.go: -------------------------------------------------------------------------------- 1 | package dev 2 | 3 | import ( 4 | "github.com/akyoto/color" 5 | "github.com/crazy-max/WindowsSpyBlocker/app/cmds/dev/diff" 6 | "github.com/crazy-max/WindowsSpyBlocker/app/cmds/dev/proxifier" 7 | "github.com/crazy-max/WindowsSpyBlocker/app/cmds/dev/sysmon" 8 | "github.com/crazy-max/WindowsSpyBlocker/app/cmds/dev/test" 9 | "github.com/crazy-max/WindowsSpyBlocker/app/cmds/dev/wireshark" 10 | "github.com/crazy-max/WindowsSpyBlocker/app/menu" 11 | ) 12 | 13 | // Menu of Dev 14 | func Menu(args ...string) (err error) { 15 | menuCommands := []menu.CommandOption{ 16 | { 17 | Description: "> Proxifier : Extract events from log file", 18 | Color: color.FgYellow, 19 | Function: proxifier.Menu, 20 | }, 21 | { 22 | Description: "> Sysmon : Install / uninstall Sysmon and extract events from EVTX file", 23 | Color: color.FgYellow, 24 | Function: sysmon.Menu, 25 | }, 26 | { 27 | Description: "> Wireshark : Extract events from PCAPNG file filtered by IPv4 hosts", 28 | Color: color.FgYellow, 29 | Function: wireshark.Menu, 30 | }, 31 | { 32 | Description: "> Test : Test firewall IPs and hosts lookup", 33 | Color: color.FgYellow, 34 | Function: test.Menu, 35 | }, 36 | { 37 | Description: "> Diff : Generates a diff log based on CSV data", 38 | Color: color.FgYellow, 39 | Function: diff.Menu, 40 | }, 41 | { 42 | Description: "Merge : Merge firewall and hosts data to multi format", 43 | Color: color.FgHiYellow, 44 | Function: merge, 45 | }, 46 | { 47 | Description: "Extract data : Extract embedded data in the current folder", 48 | Color: color.FgHiYellow, 49 | Function: extractData, 50 | }, 51 | } 52 | 53 | menuOptions := menu.NewOptions("Dev", "'menu' for help [dev]> ", 0, "") 54 | 55 | menuN := menu.NewMenu(menuCommands, menuOptions) 56 | menuN.Start() 57 | return 58 | } 59 | -------------------------------------------------------------------------------- /app/utils/data/structs.go: -------------------------------------------------------------------------------- 1 | package data 2 | 3 | import ( 4 | "bytes" 5 | "net" 6 | "strings" 7 | 8 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/netu" 9 | ) 10 | 11 | type ip struct { 12 | IP string `json:"ip"` 13 | } 14 | 15 | type ips []ip 16 | 17 | func (slice ips) Len() int { 18 | return len(slice) 19 | } 20 | 21 | func (slice ips) Less(i, j int) bool { 22 | ipA := net.ParseIP(slice[i].IP) 23 | if netu.IsValidIpv4Range(slice[i].IP) { 24 | if ipsRange, err := netu.GetIpsFromIPRange(slice[i].IP); err == nil { 25 | ipA = net.ParseIP(ipsRange[0]) 26 | } 27 | } else if strings.Contains(slice[i].IP, "/") { 28 | if ipsCidr, err := netu.GetIpsFromCIDR(slice[i].IP); err == nil { 29 | ipA = net.ParseIP(ipsCidr[0]) 30 | } 31 | } 32 | ipB := net.ParseIP(slice[j].IP) 33 | if netu.IsValidIpv4Range(slice[j].IP) { 34 | if ipsRange, err := netu.GetIpsFromIPRange(slice[j].IP); err == nil { 35 | ipB = net.ParseIP(ipsRange[0]) 36 | } 37 | } else if strings.Contains(slice[j].IP, "/") { 38 | if ipsCidr, err := netu.GetIpsFromCIDR(slice[j].IP); err == nil { 39 | ipB = net.ParseIP(ipsCidr[0]) 40 | } 41 | } 42 | 43 | switch bytes.Compare(ipA, ipB) { 44 | case -1: 45 | return true 46 | case 0, 1: 47 | return false 48 | default: 49 | return false 50 | } 51 | } 52 | 53 | func (slice ips) Swap(i, j int) { 54 | slice[i], slice[j] = slice[j], slice[i] 55 | } 56 | 57 | type hosts []host 58 | 59 | func (slice hosts) Len() int { 60 | return len(slice) 61 | } 62 | 63 | type host struct { 64 | Domain string `json:"domain"` 65 | } 66 | 67 | func (slice hosts) Less(i, j int) bool { 68 | return slice[i].Domain < slice[j].Domain 69 | } 70 | 71 | func (slice hosts) Swap(i, j int) { 72 | slice[i], slice[j] = slice[j], slice[i] 73 | } 74 | 75 | type SimplewallRoot struct { 76 | ItemList []SimplewallItem `xml:"item>"` 77 | } 78 | 79 | type SimplewallItem struct { 80 | name string 81 | rule string 82 | dir int 83 | protocol int 84 | version string 85 | is_block int 86 | is_enabled int 87 | } 88 | -------------------------------------------------------------------------------- /app/cmds/dev/test/hosts_aaaa.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "path" 7 | "strings" 8 | "time" 9 | 10 | "github.com/akyoto/color" 11 | "github.com/crazy-max/WindowsSpyBlocker/app/ip6" 12 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/data" 13 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/file" 14 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/pathu" 15 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 16 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/timeu" 17 | ) 18 | 19 | func testHostsAAAALookup(args ...string) error { 20 | logsPath := path.Join(pathu.Logs) 21 | if err := file.CreateSubfolder(logsPath); err != nil { 22 | print.Error(err) 23 | return nil 24 | } 25 | 26 | defer timeu.Track(time.Now()) 27 | testHostsAAAALookupByRule(data.RULES_EXTRA) 28 | testHostsAAAALookupByRule(data.RULES_SPY) 29 | testHostsAAAALookupByRule(data.RULES_UPDATE) 30 | 31 | fmt.Printf("\nLogs available in ") 32 | color.New(color.FgCyan).Printf("%s\n", strings.TrimLeft(logsPath, pathu.Current)) 33 | 34 | return nil 35 | } 36 | 37 | func testHostsAAAALookupByRule(rule string) { 38 | fmt.Println() 39 | 40 | testCsv := path.Join(pathu.Logs, fmt.Sprintf("hosts-aaaa-test-%s.csv", rule)) 41 | 42 | fmt.Printf("Get hosts for %s... ", rule) 43 | hosts, err := data.GetHostsByRule(rule) 44 | if err != nil { 45 | print.Error(err) 46 | return 47 | } 48 | print.Ok() 49 | 50 | testCsvFile, _ := os.Create(testCsv) 51 | testCsvFile.WriteString("HOST,AAAA") 52 | for _, host := range hosts { 53 | fmt.Print("\nLookup AAAA for ") 54 | color.New(color.FgMagenta).Printf("%s", host.Domain) 55 | fmt.Print("...\n") 56 | testCsvFile.WriteString(fmt.Sprintf("\n%s", host.Domain)) 57 | 58 | ip6Res := ip6.GetIP6(host.Domain) 59 | if ip6Res == (ip6.IP6{}) { 60 | color.New(color.FgRed).Println("Could not get AAAA record") 61 | } else { 62 | testCsvFile.WriteString(fmt.Sprintf(",%s", ip6Res.IP)) 63 | color.New(color.FgCyan).Printf("AAAA: %s\n", ip6Res.IP) 64 | } 65 | } 66 | 67 | testCsvFile.Sync() 68 | testCsvFile.Close() 69 | fmt.Println() 70 | } 71 | -------------------------------------------------------------------------------- /.github/workflows/docs.yml: -------------------------------------------------------------------------------- 1 | name: docs 2 | 3 | # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions 4 | permissions: 5 | contents: read 6 | 7 | on: 8 | workflow_dispatch: 9 | push: 10 | tags: 11 | - '*' 12 | paths: 13 | - '.github/workflows/docs.yml' 14 | - 'docs/**' 15 | - 'CHANGELOG.md' 16 | - 'mkdocs.yml' 17 | pull_request: 18 | paths: 19 | - '.github/workflows/docs.yml' 20 | - 'docs/**' 21 | - 'CHANGELOG.md' 22 | - 'mkdocs.yml' 23 | 24 | jobs: 25 | publish: 26 | runs-on: ubuntu-latest 27 | permissions: 28 | # required to push to gh-pages 29 | contents: write 30 | steps: 31 | - 32 | name: Checkout 33 | uses: actions/checkout@v3 34 | with: 35 | fetch-depth: 0 36 | - 37 | name: Prepare 38 | id: prepare 39 | run: | 40 | VERSION=edge 41 | RELEASE=false 42 | if [[ $GITHUB_REF == refs/tags/* ]]; then 43 | VERSION=${GITHUB_REF#refs/tags/} 44 | fi 45 | if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then 46 | RELEASE=true 47 | fi 48 | echo "RELEASE=${RELEASE}" >> $GITHUB_ENV 49 | - 50 | name: Build mkdocs Docker image 51 | run: | 52 | docker build -t mkdocs -f ./docs/Dockerfile ./docs/ 53 | - 54 | name: Build docs 55 | run: | 56 | docker run --rm -v "$(pwd):/docs" mkdocs build --strict 57 | sudo chown -R $(id -u):$(id -g) ./site 58 | - 59 | name: Check GitHub Pages status 60 | uses: crazy-max/ghaction-github-status@v3 61 | with: 62 | pages_threshold: major_outage 63 | - 64 | name: Deploy 65 | if: github.event_name != 'pull_request' && (endsWith(github.ref, github.event.repository.default_branch) || env.RELEASE == 'true') 66 | uses: crazy-max/ghaction-github-pages@v3 67 | with: 68 | target_branch: gh-pages 69 | build_dir: site 70 | env: 71 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 72 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | 3 | # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions 4 | permissions: 5 | contents: read 6 | 7 | on: 8 | pull_request: 9 | branches: 10 | - 'master' 11 | push: 12 | branches: 13 | - 'master' 14 | tags: 15 | - '*.*.*' 16 | 17 | env: 18 | VERSION: "0.0.0" 19 | 20 | jobs: 21 | release: 22 | runs-on: windows-latest 23 | permissions: 24 | # required to create GitHub release 25 | contents: write 26 | steps: 27 | - 28 | name: Prepare 29 | run: | 30 | if [[ $GITHUB_REF == refs/tags/* ]]; then 31 | echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV 32 | fi 33 | shell: bash 34 | - 35 | name: Checkout 36 | uses: actions/checkout@v3 37 | - 38 | name: Set up Go 39 | uses: actions/setup-go@v3 40 | with: 41 | go-version: 1.19 42 | cache: true 43 | - 44 | name: Mage build 45 | uses: magefile/mage-action@v2 46 | with: 47 | version: latest 48 | args: build 49 | - 50 | name: Mage chocoPack 51 | uses: magefile/mage-action@v2 52 | with: 53 | version: latest 54 | args: chocoPack 55 | - 56 | name: Upload artifacts 57 | uses: actions/upload-artifact@v4 58 | with: 59 | name: WindowsSpyBlocker 60 | path: | 61 | bin/WindowsSpyBlocker.exe 62 | bin/windowsspyblocker.${{ env.VERSION }}.nupkg 63 | - 64 | name: GitHub Release 65 | uses: softprops/action-gh-release@v1 66 | if: startsWith(github.ref, 'refs/tags/') 67 | with: 68 | draft: true 69 | files: | 70 | bin/WindowsSpyBlocker.exe 71 | bin/windowsspyblocker.${{ env.VERSION }}.nupkg 72 | name: ${{ env.VERSION }} 73 | - 74 | name: Mage chocoPush 75 | uses: magefile/mage-action@v2 76 | if: startsWith(github.ref, 'refs/tags/') 77 | env: 78 | CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }} 79 | with: 80 | version: latest 81 | args: chocoPush 82 | -------------------------------------------------------------------------------- /.github/labels.yml: -------------------------------------------------------------------------------- 1 | ## more info https://github.com/crazy-max/ghaction-github-labeler 2 | - # automerge 3 | name: ":bell: automerge" 4 | color: "8f4fbc" 5 | description: "" 6 | - # block 7 | name: ":no_entry_sign: block" 8 | color: "d93f0b" 9 | description: "" 10 | - # bot 11 | name: ":robot: bot" 12 | color: "69cde9" 13 | description: "" 14 | - # bug 15 | name: ":bug: bug" 16 | color: "b60205" 17 | description: "" 18 | - # dependencies 19 | name: ":game_die: dependencies" 20 | color: "0366d6" 21 | description: "" 22 | - # documentation 23 | name: ":memo: documentation" 24 | color: "c5def5" 25 | description: "" 26 | - # duplicate 27 | name: ":busts_in_silhouette: duplicate" 28 | color: "cccccc" 29 | description: "" 30 | - # enhancement 31 | name: ":sparkles: enhancement" 32 | color: "0054ca" 33 | description: "" 34 | - # feature request 35 | name: ":bulb: feature request" 36 | color: "0e8a16" 37 | description: "" 38 | - # feedback 39 | name: ":mega: feedback" 40 | color: "03a9f4" 41 | description: "" 42 | - # future maybe 43 | name: ":rocket: future maybe" 44 | color: "fef2c0" 45 | description: "" 46 | - # good first issue 47 | name: ":hatching_chick: good first issue" 48 | color: "7057ff" 49 | description: "" 50 | - # help wanted 51 | name: ":pray: help wanted" 52 | color: "4caf50" 53 | description: "" 54 | - # invalid 55 | name: ":no_entry_sign: invalid" 56 | color: "e6e6e6" 57 | description: "" 58 | - # investigate 59 | name: ":mag: investigate" 60 | color: "e6625b" 61 | description: "" 62 | - # needs more info 63 | name: ":thinking: needs more info" 64 | color: "795548" 65 | description: "" 66 | - # pinned 67 | name: ":pushpin: pinned" 68 | color: "28008e" 69 | description: "" 70 | - # question 71 | name: ":question: question" 72 | color: "3f51b5" 73 | description: "" 74 | - # rules 75 | name: ":vertical_traffic_light: rules" 76 | color: "220901" 77 | description: "" 78 | - # sponsor 79 | name: ":sparkling_heart: sponsor" 80 | color: "fedbf0" 81 | description: "" 82 | - # stale 83 | name: ":skull: stale" 84 | color: "237da0" 85 | description: "" 86 | - # upstream 87 | name: ":eyes: upstream" 88 | color: "fbca04" 89 | description: "" 90 | - # wontfix 91 | name: ":coffin: wontfix" 92 | color: "ffffff" 93 | description: "" 94 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | //go:build windows 2 | // +build windows 3 | 4 | //go:generate go install github.com/kevinburke/go-bindata/go-bindata 5 | //go:generate go-bindata -pkg bindata -o app/bindata/bindata.go app/settings.json data/... app.conf 6 | //go:generate go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo 7 | //go:generate goversioninfo -icon=.res/app.ico -manifest=app.manifest 8 | 9 | package main 10 | 11 | import ( 12 | "fmt" 13 | 14 | "github.com/akyoto/color" 15 | "github.com/crazy-max/WindowsSpyBlocker/app/cmds/dev" 16 | "github.com/crazy-max/WindowsSpyBlocker/app/cmds/telemetry" 17 | "github.com/crazy-max/WindowsSpyBlocker/app/menu" 18 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/app" 19 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/config" 20 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 21 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/windows" 22 | "github.com/mcuadros/go-version" 23 | ) 24 | 25 | func init() { 26 | windows.SetConsoleTitle(fmt.Sprintf("%s %s", config.AppName, config.AppVersion)) 27 | } 28 | 29 | func main() { 30 | defer func() { 31 | if err := recover(); err != nil { 32 | print.QuitFatal(fmt.Errorf("%v\n", err)) 33 | } 34 | }() 35 | 36 | color.New(color.FgHiWhite).Println(config.AppName + " " + config.AppVersion) 37 | color.New(color.FgHiWhite).Println(config.AppURL) 38 | 39 | latestVersion, err := app.GetLatestVersion() 40 | if err != nil { 41 | color.New(color.FgRed).Printf("\n%s can't contact the update server: %s", config.AppName, err.Error()) 42 | } else if version.Compare(config.AppVersion, latestVersion, "<") { 43 | color.New(color.FgHiGreen).Print("\nA new release is available : ") 44 | color.New(color.FgHiGreen, color.Bold).Print(latestVersion) 45 | color.New(color.FgHiGreen).Print("\nDownload : ") 46 | color.New(color.FgHiGreen, color.Bold).Print(config.AppURL + "/releases/latest\n") 47 | } 48 | 49 | menuCommands := []menu.CommandOption{ 50 | { 51 | Description: "> Telemetry : Block telemetry and data collection", 52 | Color: color.FgYellow, 53 | Function: telemetry.Menu, 54 | }, 55 | { 56 | Description: "> Dev : Several tools used by WindowsSpyBlocker", 57 | Color: color.FgYellow, 58 | Function: dev.Menu, 59 | }, 60 | } 61 | 62 | menuOptions := menu.NewOptions("Main", "'menu' for help [main]> ", 0, "") 63 | 64 | menuN := menu.NewMenu(menuCommands, menuOptions) 65 | menuN.Start() 66 | } 67 | -------------------------------------------------------------------------------- /app/utils/windows/windows.go: -------------------------------------------------------------------------------- 1 | package windows 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | "syscall" 8 | "unsafe" 9 | 10 | "github.com/akyoto/color" 11 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 12 | "golang.org/x/sys/windows" 13 | "golang.org/x/sys/windows/registry" 14 | ) 15 | 16 | // OpenRegKey opens a registry key 17 | func OpenRegKey(key registry.Key, path string, access uint32) (registry.Key, error) { 18 | fmt.Print("Opening key ") 19 | color.New(color.FgYellow).Printf("%s", path) 20 | fmt.Print("...") 21 | 22 | key, err := registry.OpenKey(registry.LOCAL_MACHINE, path, access) 23 | if err != nil { 24 | print.Error(err) 25 | return key, err 26 | } 27 | 28 | print.Ok() 29 | return key, nil 30 | } 31 | 32 | // GetRegString gets a string value of a registry key 33 | func GetRegString(key registry.Key, name string) string { 34 | fmt.Print("Getting reg value of ") 35 | color.New(color.FgYellow).Printf("%s", name) 36 | fmt.Print("...") 37 | 38 | value, _, err := key.GetStringValue(name) 39 | if err != nil { 40 | print.Error(err) 41 | return "" 42 | } 43 | 44 | print.Ok() 45 | return value 46 | } 47 | 48 | // SetRegString sets a string value of a registry key 49 | func SetRegString(key registry.Key, name string, value string) error { 50 | fmt.Print("Setting ") 51 | color.New(color.FgYellow).Printf("%s", name) 52 | fmt.Print(" to ") 53 | color.New(color.FgCyan).Printf("'%s'", value) 54 | fmt.Print("...") 55 | 56 | if err := key.SetStringValue(name, value); err != nil { 57 | print.Error(err) 58 | return err 59 | } 60 | 61 | print.Ok() 62 | return nil 63 | } 64 | 65 | // SetConsoleTitle sets windows console title 66 | func SetConsoleTitle(title string) (int, error) { 67 | handle, err := windows.LoadLibrary("kernel32.dll") 68 | if err != nil { 69 | print.Error(err) 70 | return 0, err 71 | } 72 | defer windows.FreeLibrary(handle) 73 | 74 | proc, err := windows.GetProcAddress(handle, "SetConsoleTitleW") 75 | if err != nil { 76 | print.Error(err) 77 | return 0, err 78 | } 79 | 80 | rTitle, err := windows.UTF16PtrFromString(title) 81 | if err != nil { 82 | print.Error(err) 83 | return 0, err 84 | } 85 | 86 | r, _, err := syscall.SyscallN(proc, 1, uintptr(unsafe.Pointer(rTitle)), 0, 0) 87 | return int(r), err 88 | } 89 | 90 | // Is64Arch detects if program running on 64bits architecture 91 | func Is64Arch() bool { 92 | return strings.ContainsAny("64", os.Getenv("PROCESSOR_ARCHITECTURE")) 93 | } 94 | -------------------------------------------------------------------------------- /docs/blocking-rules/index.md: -------------------------------------------------------------------------------- 1 | # Blocking rules 2 | 3 | ## About 4 | 5 | Blocking rules are self-contained in the [`data`]({{ config.repo_url }}/tree/master/data) folder of the repository. 6 | These rules are based on domains or IPs detected during the capture process. 7 | 8 | They are separated into **3 distinct categories** that must be chosen carefully if you wish to apply them: 9 | 10 | ### Spy rules 11 | 12 | Spy rules block Windows telemetry and can be found in `data//spy.txt`. 13 | 14 | !!! success "Recommended" 15 | 16 | ### Update rules 17 | 18 | Update rules block Windows Update and can be found in `data//update.txt`. 19 | 20 | ### Extra rules 21 | 22 | Block third party applications like Skype, Bing, Live, Outlook, NCSI, Microsoft Office, ... and can be found 23 | in `data//extra.txt`. 24 | 25 | !!! danger "ONLY use if you know what you do" 26 | Be aware that these rules can also block Windows Update and other services. 27 | 28 | Therefore, **no support will be provided on them.** 29 | 30 | ## Providers 31 | 32 | [**Firewall**](firewall.md) and [**Hosts**](hosts.md) blocking rules are the main types. The others are generated 33 | from these as: 34 | 35 | * [DNSCrypt](dnscrypt.md): a protocol for securing communications between a client and a DNS resolver. 36 | * [ESET Firewall](eset.md): a proprietary firewall solution. 37 | * [Kaspersky Firewall](kaspersky.md): a proprietary firewall solution. 38 | * [OpenWrt](openwrt.md): an open source project used on embedded devices to route network traffic. 39 | * [P2P](p2p.md): a plaintext IP data format from PeerGuardian. 40 | * [Proxifier](proxifier.md): an advanced proxy client on Windows with a flexible rule system. 41 | * [simplewall](simplewall.md): a simple tool to configure Windows Filtering Platform (WFP). 42 | 43 | ## How it works? 44 | 45 | To capture and interpret network traffic, QEMU virtual machines are used on the server virtualization management 46 | platform [Proxmox VE](https://www.proxmox.com/en/) based on: 47 | 48 | * Windows 11 Pro 64bits with automatic updates enabled. 49 | * Windows 10 Pro 64bits with automatic updates enabled. 50 | 51 | Traffic dumps are cleaned monthly and compared with the current rules to update hosts and firewall rules. 52 | 53 | Following tools are used to capture traffic: 54 | 55 | * `qemu -net dump` ; _capture_ 56 | * [Wireshark](../app/dev/wireshark.md) ; _capture + logs_ 57 | * [Sysmon](../app/dev/sysmon.md) ; _capture + logs_ 58 | * [Proxifier](../app/dev/proxifier.md) ; _logs_ 59 | -------------------------------------------------------------------------------- /chocolatey/windowsspyblocker.nuspec: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | windowsspyblocker 7 | WindowsSpyBlocker 8 | 0.0.0 9 | CrazyMax 10 | CrazyMax 11 | Block spying and tracking on Windows 12 | 18 | https://github.com/crazy-max/WindowsSpyBlocker 19 | windows security antispy foss 20 | Copyright (c) 2016-2022 CrazyMax 21 | https://github.com/crazy-max/WindowsSpyBlocker/blob/master/LICENSE 22 | false 23 | https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/.res/logo.png 24 | 25 | 26 | 27 | https://github.com/crazy-max/WindowsSpyBlocker/blob/master/CHANGELOG.md 28 | https://github.com/crazy-max/WindowsSpyBlocker#documentation 29 | https://github.com/crazy-max/WindowsSpyBlocker/issues 30 | https://github.com/crazy-max/WindowsSpyBlocker 31 | https://github.com/crazy-max/WindowsSpyBlocker/blob/master/chocolatey 32 | 33 | 34 | 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 |

4 | Documentation 5 | GitHub release 6 | Chocolatey Package 7 | Total downloads 8 | Build Status 9 |
Go Report 10 | Become a sponsor 11 | Donate Paypal 12 |

13 | 14 | ## About 15 | 16 | **WindowsSpyBlocker** :shield: is an application written in [Go](https://golang.org/) and delivered as 17 | a [single executable](https://github.com/crazy-max/WindowsSpyBlocker/releases/latest) to block spying and 18 | tracking on Windows systems. 19 | 20 | The approach of this project is to capture and interpret network traffic based on a set of tools. Depending on the 21 | interactions between services and source or destination of traffic, rules are created and sorted by assignment. 22 | 23 | ## Documentation and download 24 | 25 | Documentation and download can be found on https://crazymax.dev/WindowsSpyBlocker/ 26 | 27 | ## Contributing 28 | 29 | Want to contribute? Awesome! The most basic way to show your support is to star the project, or to raise issues. You 30 | can also support this project by [**becoming a sponsor on GitHub**](https://github.com/sponsors/crazy-max) or by making 31 | a [Paypal donation](https://www.paypal.me/crazyws) to ensure this journey continues indefinitely! 32 | 33 | Thanks again for your support, it is much appreciated! :pray: 34 | 35 | ## License 36 | 37 | MIT. See `LICENSE` for more details.
38 | Icon credit to [Icons8](https://icons8.com/). 39 | -------------------------------------------------------------------------------- /docs/app/dev/wireshark.md: -------------------------------------------------------------------------------- 1 | # Wireshark 2 | 3 | !!! info 4 | [Wireshark](https://www.wireshark.org/) is the well known network protocol analyzer. 5 | [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/en-us/download/details.aspx?id=40784) 6 | is required to capture and list network devices. 7 | 8 | ## Capture 9 | 10 | ### With WindowsSpyBlocker 11 | 12 | WindowsSpyBlocker can be used to capture traffic on your network interface. A lite version of Wireshark is embedded in 13 | WindowsSpyBlocker. 14 | 15 | !!! warning 16 | Do not forget to edit the `app.conf` file before continuing. 17 | 18 | * **wireshark** 19 | * **capture** 20 | * **interface**: idx of interface used by Wireshark 21 | * **filter**: packet filter in libpcap filter syntax 22 | 23 | The idx of the interface can be found be launching `WindowsSpyBlocker.exe` and 24 | select `Dev > Wireshark > Print list of network interfaces`: 25 | 26 | ![](../../assets/app/dev/wireshark/wireshark-interfaces.png) 27 | 28 | Then go to `Dev > Wireshark > Capture` to capture packets: 29 | 30 | ![](../../assets/app/dev/wireshark/wireshark-capture.png) 31 | 32 | ### With Wireshark GUI 33 | 34 | To capture / log traffic with this application, you will have to select the correct adapter and enter a filter: 35 | 36 | ![](../../assets/app/dev/wireshark/wireshark-welcome.png) 37 | 38 | !!! note 39 | * Filter: `not arp and port not 53 and not icmp and not icmp6 and not broadcast` 40 | * Adapter: **Ethernet** 41 | 42 | Then click on your adapter to start the capture. When the capture is done, do not forget to save your capture 43 | as **pcapng** format. 44 | 45 | ### With command line 46 | 47 | ```text 48 | @ECHO OFF 49 | 50 | "C:\Program Files\Wireshark\dumpcap.exe" -i 1 -f "not arp and port not 53 and not icmp and not icmp6 and not broadcast" -w "C:\tmp\cap.pcapng" 51 | ``` 52 | 53 | !!! tip 54 | Where `-i 1` is the number of your adapter (here Ethernet) 55 | 56 | ## Parsing 57 | 58 | WindowsSpyBlocker can be used to parse events and generate CSV files. Before executing the script, do not forget 59 | to edit the `app.conf` file. 60 | 61 | !!! warning 62 | Do not forget to edit the `app.conf` file before continuing. 63 | 64 | * **wireshark** 65 | * **pcapngPath**: Path to your capture file pcapng. 66 | * **exclude** 67 | * **ips**: exclude IPs addresses from parsing. Ranges are allowed and in most cases you have to exclude your local network. 68 | * **hosts**: exclude domains from parsing. Wildcard are allowed and in most cases you have to exclude your local network. 69 | * **orgs**: exclude by whois organization from parsing. Wildcard are allowed and in most cases you have to exclude your ISP. 70 | 71 | Launch `WindowsSpyBlocker.exe` and select `Dev > Wireshark > Extract log`: 72 | 73 | ![](../../assets/app/dev/wireshark/wireshark-parsing.png) 74 | 75 | CSV file will be generated in `logs/` folder: 76 | 77 | * `wireshark-hosts-count.csv` 78 | -------------------------------------------------------------------------------- /app/cmds/dev/test/hosts.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "os" 7 | "path" 8 | "strings" 9 | "time" 10 | 11 | "github.com/akyoto/color" 12 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/data" 13 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/file" 14 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/pathu" 15 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 16 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/timeu" 17 | ) 18 | 19 | func testHostsLookup(args ...string) error { 20 | logsPath := path.Join(pathu.Logs) 21 | if err := file.CreateSubfolder(logsPath); err != nil { 22 | print.Error(err) 23 | return nil 24 | } 25 | 26 | defer timeu.Track(time.Now()) 27 | testHostsLookupByRule(data.RULES_EXTRA) 28 | testHostsLookupByRule(data.RULES_SPY) 29 | testHostsLookupByRule(data.RULES_UPDATE) 30 | 31 | fmt.Printf("\nLogs available in ") 32 | color.New(color.FgCyan).Printf("%s\n", strings.TrimLeft(logsPath, pathu.Current)) 33 | 34 | return nil 35 | } 36 | 37 | func testHostsLookupByRule(rule string) { 38 | fmt.Println() 39 | 40 | testCsv := path.Join(pathu.Logs, fmt.Sprintf("hosts-test-%s.csv", rule)) 41 | 42 | fmt.Printf("Get hosts for %s... ", rule) 43 | hosts, err := data.GetHostsByRule(rule) 44 | if err != nil { 45 | print.Error(err) 46 | return 47 | } 48 | print.Ok() 49 | 50 | testCsvFile, _ := os.Create(testCsv) 51 | testCsvFile.WriteString("HOST,IP ADRESSES") 52 | for _, host := range hosts { 53 | fmt.Print("\nLookup ") 54 | color.New(color.FgMagenta).Printf("%s", host.Domain) 55 | fmt.Print("...\n") 56 | testCsvFile.WriteString(fmt.Sprintf("\n%s", host.Domain)) 57 | 58 | count := 0 59 | lIps, err := net.LookupIP(host.Domain) 60 | if err != nil { 61 | color.New(color.FgRed).Println("Could not get IPs") 62 | } else { 63 | for _, lIp := range lIps { 64 | if count == 0 { 65 | testCsvFile.WriteString(fmt.Sprintf(",%s", lIp.String())) 66 | count++ 67 | } else { 68 | testCsvFile.WriteString(fmt.Sprintf("\n,%s", lIp.String())) 69 | } 70 | color.New(color.FgCyan).Printf("IP: %s\n", lIp.String()) 71 | } 72 | } 73 | 74 | lCname, err := net.LookupCNAME(host.Domain) 75 | if err != nil { 76 | color.New(color.FgRed).Println("Could not get CNAME") 77 | } else { 78 | if count == 0 { 79 | testCsvFile.WriteString(fmt.Sprintf(",%s", lCname)) 80 | count++ 81 | } else { 82 | testCsvFile.WriteString(fmt.Sprintf("\n,%s", lCname)) 83 | } 84 | color.New(color.FgCyan).Printf("CNAME: %s\n", lCname) 85 | } 86 | 87 | lNss, err := net.LookupNS(host.Domain) 88 | if err != nil { 89 | color.New(color.FgRed).Println("Could not get NS") 90 | } else { 91 | for _, lNs := range lNss { 92 | if count == 0 { 93 | testCsvFile.WriteString(fmt.Sprintf(",%s", lNs.Host)) 94 | count++ 95 | } else { 96 | testCsvFile.WriteString(fmt.Sprintf("\n,%s", lNs.Host)) 97 | } 98 | color.New(color.FgCyan).Printf("NS: %s\n", lNs.Host) 99 | } 100 | } 101 | } 102 | 103 | testCsvFile.Sync() 104 | testCsvFile.Close() 105 | fmt.Println() 106 | } 107 | -------------------------------------------------------------------------------- /data/proxifier/spy/ips.txt: -------------------------------------------------------------------------------- 1 | 13.64.90.137; 2 | 13.66.56.243; 3 | 13.68.31.193; 4 | 13.68.82.8; 5 | 13.68.92.143; 6 | 13.68.233.9; 7 | 13.69.109.130; 8 | 13.69.109.131; 9 | 13.69.131.175; 10 | 13.73.26.107; 11 | 13.74.169.109; 12 | 13.78.130.220; 13 | 13.78.232.226; 14 | 13.78.233.133; 15 | 13.88.21.125; 16 | 13.92.194.212; 17 | 13.104.215.69; 18 | 13.105.28.32; 19 | 13.105.28.48; 20 | 20.44.86.43; 21 | 20.49.150.241; 22 | 20.54.232.160; 23 | 20.60.20.4; 24 | 20.69.137.228; 25 | 20.190.169.24; 26 | 20.190.169.25; 27 | 23.99.49.121; 28 | 23.102.4.253; 29 | 23.102.5.5; 30 | 23.102.21.4; 31 | 23.103.182.126; 32 | 40.68.222.212; 33 | 40.69.153.67; 34 | 40.70.184.83; 35 | 40.70.220.248; 36 | 40.77.228.47; 37 | 40.77.228.87; 38 | 40.77.228.92; 39 | 40.77.232.101; 40 | 40.78.128.150; 41 | 40.79.85.125; 42 | 40.88.32.150; 43 | 40.112.209.200; 44 | 40.115.3.210; 45 | 40.115.119.185; 46 | 40.119.211.203; 47 | 40.124.34.70; 48 | 40.126.41.96; 49 | 40.126.41.160; 50 | 51.104.136.2; 51 | 51.105.218.222; 52 | 51.140.40.236; 53 | 51.140.157.153; 54 | 51.143.53.152; 55 | 51.143.111.7; 56 | 51.143.111.81; 57 | 51.144.227.73; 58 | 52.138.204.217; 59 | 52.147.198.201; 60 | 52.155.94.78; 61 | 52.157.234.37; 62 | 52.158.208.111; 63 | 52.164.241.205; 64 | 52.169.189.83; 65 | 52.170.83.19; 66 | 52.174.22.246; 67 | 52.178.147.240; 68 | 52.178.151.212; 69 | 52.178.223.23; 70 | 52.182.141.63; 71 | 52.183.114.173; 72 | 52.184.221.185; 73 | 52.229.39.152; 74 | 52.230.85.180; 75 | 52.230.222.68; 76 | 52.236.42.239; 77 | 52.236.43.202; 78 | 52.255.188.83; 79 | 65.52.100.7; 80 | 65.52.100.9; 81 | 65.52.100.11; 82 | 65.52.100.91; 83 | 65.52.100.92; 84 | 65.52.100.93; 85 | 65.52.100.94; 86 | 65.52.161.64; 87 | 65.55.29.238; 88 | 65.55.83.120; 89 | 65.55.113.11; 90 | 65.55.113.12; 91 | 65.55.113.13; 92 | 65.55.176.90; 93 | 65.55.252.43; 94 | 65.55.252.63; 95 | 65.55.252.70; 96 | 65.55.252.71; 97 | 65.55.252.72; 98 | 65.55.252.93; 99 | 65.55.252.190; 100 | 65.55.252.202; 101 | 66.119.147.131; 102 | 104.41.207.73; 103 | 104.42.151.234; 104 | 104.43.137.66; 105 | 104.43.139.21; 106 | 104.43.139.144; 107 | 104.43.140.223; 108 | 104.43.193.48; 109 | 104.43.228.53; 110 | 104.43.228.202; 111 | 104.43.237.169; 112 | 104.45.11.195; 113 | 104.45.214.112; 114 | 104.46.1.211; 115 | 104.46.38.64; 116 | 104.46.162.224; 117 | 104.46.162.226; 118 | 104.210.4.77; 119 | 104.210.40.87; 120 | 104.210.212.243; 121 | 104.214.35.244; 122 | 104.214.78.152; 123 | 131.253.6.87; 124 | 131.253.6.103; 125 | 131.253.34.230; 126 | 131.253.34.234; 127 | 131.253.34.237; 128 | 131.253.34.243; 129 | 131.253.34.246; 130 | 131.253.34.247; 131 | 131.253.34.249; 132 | 131.253.34.252; 133 | 131.253.34.255; 134 | 131.253.40.37; 135 | 134.170.30.202; 136 | 134.170.30.203; 137 | 134.170.30.204; 138 | 134.170.30.221; 139 | 134.170.52.151; 140 | 134.170.235.16; 141 | 157.56.74.250; 142 | 157.56.91.77; 143 | 157.56.106.184; 144 | 157.56.106.185; 145 | 157.56.106.189; 146 | 157.56.113.217; 147 | 157.56.121.89; 148 | 157.56.124.87; 149 | 157.56.149.250; 150 | 157.56.194.72; 151 | 157.56.194.73; 152 | 157.56.194.74; 153 | 168.61.24.141; 154 | 168.61.146.25; 155 | 168.61.149.17; 156 | 168.61.161.212; 157 | 168.61.172.71; 158 | 168.62.187.13; 159 | 168.63.100.61; 160 | 168.63.108.233; 161 | 191.236.155.80; 162 | 191.237.218.239; 163 | 191.239.50.18; 164 | 191.239.50.77; 165 | 191.239.52.100; 166 | 191.239.54.52; 167 | 207.68.166.254; 168 | -------------------------------------------------------------------------------- /data/firewall/spy.txt: -------------------------------------------------------------------------------- 1 | ### WindowsSpyBlocker - Firewall spy rules 2 | ### License: MIT 3 | ### Updated: 2022-05-16T13:25:00Z02:12 4 | ### Donate: https://github.com/sponsors/crazy-max ; https://www.paypal.me/crazyws 5 | ### More info: https://github.com/crazy-max/WindowsSpyBlocker 6 | 7 | 13.64.90.137 8 | 13.68.31.193 9 | 13.69.131.175 10 | 13.66.56.243 11 | 13.68.82.8 12 | 13.68.92.143 13 | 13.68.233.9 14 | 13.69.109.130 15 | 13.69.109.131 16 | 13.73.26.107 17 | 13.74.169.109 18 | 13.78.130.220 19 | 13.78.232.226 20 | 13.78.233.133 21 | 13.88.21.125 22 | 13.92.194.212 23 | 13.104.215.69 24 | 13.105.28.32 25 | 13.105.28.48 26 | 20.44.86.43 27 | 20.49.150.241 28 | 20.54.232.160 29 | 20.60.20.4 30 | 20.69.137.228 31 | 20.190.169.24 32 | 20.190.169.25 33 | 23.99.49.121 34 | 23.102.4.253 35 | 23.102.5.5 36 | 23.102.21.4 37 | 23.103.182.126 38 | 40.68.222.212 39 | 40.69.153.67 40 | 40.70.184.83 41 | 40.70.220.248 42 | 40.77.228.47 43 | 40.77.228.87 44 | 40.77.228.92 45 | 40.77.232.101 46 | 40.78.128.150 47 | 40.79.85.125 48 | 40.88.32.150 49 | 40.112.209.200 50 | 40.115.3.210 51 | 40.115.119.185 52 | 40.119.211.203 53 | 40.124.34.70 54 | 40.126.41.96 55 | 40.126.41.160 56 | 51.104.136.2 57 | 51.105.218.222 58 | 51.140.40.236 59 | 51.140.157.153 60 | 51.143.53.152 61 | 51.143.111.7 62 | 51.143.111.81 63 | 51.144.227.73 64 | 52.147.198.201 65 | 52.138.204.217 66 | 52.155.94.78 67 | 52.157.234.37 68 | 52.158.208.111 69 | 52.164.241.205 70 | 52.169.189.83 71 | 52.170.83.19 72 | 52.174.22.246 73 | 52.178.147.240 74 | 52.178.151.212 75 | 52.178.223.23 76 | 52.182.141.63 77 | 52.183.114.173 78 | 52.184.221.185 79 | 52.229.39.152 80 | 52.230.85.180 81 | 52.230.222.68 82 | 52.236.42.239 83 | 52.236.43.202 84 | 52.255.188.83 85 | 65.52.100.7 86 | 65.52.100.9 87 | 65.52.100.11 88 | 65.52.100.91 89 | 65.52.100.92 90 | 65.52.100.93 91 | 65.52.100.94 92 | 65.52.161.64 93 | 65.55.29.238 94 | 65.55.83.120 95 | 65.55.113.11 96 | 65.55.113.12 97 | 65.55.113.13 98 | 65.55.176.90 99 | 65.55.252.43 100 | 65.55.252.63 101 | 65.55.252.70 102 | 65.55.252.71 103 | 65.55.252.72 104 | 65.55.252.93 105 | 65.55.252.190 106 | 65.55.252.202 107 | 66.119.147.131 108 | 104.41.207.73 109 | 104.42.151.234 110 | 104.43.137.66 111 | 104.43.139.21 112 | 104.43.139.144 113 | 104.43.140.223 114 | 104.43.193.48 115 | 104.43.228.53 116 | 104.43.228.202 117 | 104.43.237.169 118 | 104.45.11.195 119 | 104.45.214.112 120 | 104.46.1.211 121 | 104.46.38.64 122 | 104.46.162.224 123 | 104.46.162.226 124 | 104.210.4.77 125 | 104.210.40.87 126 | 104.210.212.243 127 | 104.214.35.244 128 | 104.214.78.152 129 | 131.253.6.87 130 | 131.253.6.103 131 | 131.253.34.230 132 | 131.253.34.234 133 | 131.253.34.237 134 | 131.253.34.243 135 | 131.253.34.246 136 | 131.253.34.247 137 | 131.253.34.249 138 | 131.253.34.252 139 | 131.253.34.255 140 | 131.253.40.37 141 | 134.170.30.202 142 | 134.170.30.203 143 | 134.170.30.204 144 | 134.170.30.221 145 | 134.170.52.151 146 | 134.170.235.16 147 | 157.56.74.250 148 | 157.56.91.77 149 | 157.56.106.184 150 | 157.56.106.185 151 | 157.56.106.189 152 | 157.56.113.217 153 | 157.56.121.89 154 | 157.56.124.87 155 | 157.56.149.250 156 | 157.56.194.72 157 | 157.56.194.73 158 | 157.56.194.74 159 | 168.61.24.141 160 | 168.61.146.25 161 | 168.61.149.17 162 | 168.61.161.212 163 | 168.61.172.71 164 | 168.62.187.13 165 | 168.63.100.61 166 | 168.63.108.233 167 | 191.236.155.80 168 | 191.237.218.239 169 | 191.239.50.18 170 | 191.239.50.77 171 | 191.239.52.100 172 | 191.239.54.52 173 | 207.68.166.254 174 | -------------------------------------------------------------------------------- /data/eset/spy.txt: -------------------------------------------------------------------------------- 1 | ### WindowsSpyBlocker - ESET Firewall spy rules 2 | ### License: MIT 3 | ### More info: https://github.com/crazy-max/WindowsSpyBlocker 4 | 5 | 13.64.90.137, 6 | 13.66.56.243, 7 | 13.68.31.193, 8 | 13.68.82.8, 9 | 13.68.92.143, 10 | 13.68.233.9, 11 | 13.69.109.130, 12 | 13.69.109.131, 13 | 13.69.131.175, 14 | 13.73.26.107, 15 | 13.74.169.109, 16 | 13.78.130.220, 17 | 13.78.232.226, 18 | 13.78.233.133, 19 | 13.88.21.125, 20 | 13.92.194.212, 21 | 13.104.215.69, 22 | 13.105.28.32, 23 | 13.105.28.48, 24 | 20.44.86.43, 25 | 20.49.150.241, 26 | 20.54.232.160, 27 | 20.60.20.4, 28 | 20.69.137.228, 29 | 20.190.169.24, 30 | 20.190.169.25, 31 | 23.99.49.121, 32 | 23.102.4.253, 33 | 23.102.5.5, 34 | 23.102.21.4, 35 | 23.103.182.126, 36 | 40.68.222.212, 37 | 40.69.153.67, 38 | 40.70.184.83, 39 | 40.70.220.248, 40 | 40.77.228.47, 41 | 40.77.228.87, 42 | 40.77.228.92, 43 | 40.77.232.101, 44 | 40.78.128.150, 45 | 40.79.85.125, 46 | 40.88.32.150, 47 | 40.112.209.200, 48 | 40.115.3.210, 49 | 40.115.119.185, 50 | 40.119.211.203, 51 | 40.124.34.70, 52 | 40.126.41.96, 53 | 40.126.41.160, 54 | 51.104.136.2, 55 | 51.105.218.222, 56 | 51.140.40.236, 57 | 51.140.157.153, 58 | 51.143.53.152, 59 | 51.143.111.7, 60 | 51.143.111.81, 61 | 51.144.227.73, 62 | 52.138.204.217, 63 | 52.147.198.201, 64 | 52.155.94.78, 65 | 52.157.234.37, 66 | 52.158.208.111, 67 | 52.164.241.205, 68 | 52.169.189.83, 69 | 52.170.83.19, 70 | 52.174.22.246, 71 | 52.178.147.240, 72 | 52.178.151.212, 73 | 52.178.223.23, 74 | 52.182.141.63, 75 | 52.183.114.173, 76 | 52.184.221.185, 77 | 52.229.39.152, 78 | 52.230.85.180, 79 | 52.230.222.68, 80 | 52.236.42.239, 81 | 52.236.43.202, 82 | 52.255.188.83, 83 | 65.52.100.7, 84 | 65.52.100.9, 85 | 65.52.100.11, 86 | 65.52.100.91, 87 | 65.52.100.92, 88 | 65.52.100.93, 89 | 65.52.100.94, 90 | 65.52.161.64, 91 | 65.55.29.238, 92 | 65.55.83.120, 93 | 65.55.113.11, 94 | 65.55.113.12, 95 | 65.55.113.13, 96 | 65.55.176.90, 97 | 65.55.252.43, 98 | 65.55.252.63, 99 | 65.55.252.70, 100 | 65.55.252.71, 101 | 65.55.252.72, 102 | 65.55.252.93, 103 | 65.55.252.190, 104 | 65.55.252.202, 105 | 66.119.147.131, 106 | 104.41.207.73, 107 | 104.42.151.234, 108 | 104.43.137.66, 109 | 104.43.139.21, 110 | 104.43.139.144, 111 | 104.43.140.223, 112 | 104.43.193.48, 113 | 104.43.228.53, 114 | 104.43.228.202, 115 | 104.43.237.169, 116 | 104.45.11.195, 117 | 104.45.214.112, 118 | 104.46.1.211, 119 | 104.46.38.64, 120 | 104.46.162.224, 121 | 104.46.162.226, 122 | 104.210.4.77, 123 | 104.210.40.87, 124 | 104.210.212.243, 125 | 104.214.35.244, 126 | 104.214.78.152, 127 | 131.253.6.87, 128 | 131.253.6.103, 129 | 131.253.34.230, 130 | 131.253.34.234, 131 | 131.253.34.237, 132 | 131.253.34.243, 133 | 131.253.34.246, 134 | 131.253.34.247, 135 | 131.253.34.249, 136 | 131.253.34.252, 137 | 131.253.34.255, 138 | 131.253.40.37, 139 | 134.170.30.202, 140 | 134.170.30.203, 141 | 134.170.30.204, 142 | 134.170.30.221, 143 | 134.170.52.151, 144 | 134.170.235.16, 145 | 157.56.74.250, 146 | 157.56.91.77, 147 | 157.56.106.184, 148 | 157.56.106.185, 149 | 157.56.106.189, 150 | 157.56.113.217, 151 | 157.56.121.89, 152 | 157.56.124.87, 153 | 157.56.149.250, 154 | 157.56.194.72, 155 | 157.56.194.73, 156 | 157.56.194.74, 157 | 168.61.24.141, 158 | 168.61.146.25, 159 | 168.61.149.17, 160 | 168.61.161.212, 161 | 168.61.172.71, 162 | 168.62.187.13, 163 | 168.63.100.61, 164 | 168.63.108.233, 165 | 191.236.155.80, 166 | 191.237.218.239, 167 | 191.239.50.18, 168 | 191.239.50.77, 169 | 191.239.52.100, 170 | 191.239.54.52, 171 | 207.68.166.254 172 | -------------------------------------------------------------------------------- /data/kaspersky/spy.txt: -------------------------------------------------------------------------------- 1 | ### WindowsSpyBlocker - Kaspersky ips spy rules 2 | ### License: MIT 3 | ### More info: https://github.com/crazy-max/WindowsSpyBlocker 4 | 5 | 13.64.90.137, 6 | 13.66.56.243, 7 | 13.68.31.193, 8 | 13.68.82.8, 9 | 13.68.92.143, 10 | 13.68.233.9, 11 | 13.69.109.130, 12 | 13.69.109.131, 13 | 13.69.131.175, 14 | 13.73.26.107, 15 | 13.74.169.109, 16 | 13.78.130.220, 17 | 13.78.232.226, 18 | 13.78.233.133, 19 | 13.88.21.125, 20 | 13.92.194.212, 21 | 13.104.215.69, 22 | 13.105.28.32, 23 | 13.105.28.48, 24 | 20.44.86.43, 25 | 20.49.150.241, 26 | 20.54.232.160, 27 | 20.60.20.4, 28 | 20.69.137.228, 29 | 20.190.169.24, 30 | 20.190.169.25, 31 | 23.99.49.121, 32 | 23.102.4.253, 33 | 23.102.5.5, 34 | 23.102.21.4, 35 | 23.103.182.126, 36 | 40.68.222.212, 37 | 40.69.153.67, 38 | 40.70.184.83, 39 | 40.70.220.248, 40 | 40.77.228.47, 41 | 40.77.228.87, 42 | 40.77.228.92, 43 | 40.77.232.101, 44 | 40.78.128.150, 45 | 40.79.85.125, 46 | 40.88.32.150, 47 | 40.112.209.200, 48 | 40.115.3.210, 49 | 40.115.119.185, 50 | 40.119.211.203, 51 | 40.124.34.70, 52 | 40.126.41.96, 53 | 40.126.41.160, 54 | 51.104.136.2, 55 | 51.105.218.222, 56 | 51.140.40.236, 57 | 51.140.157.153, 58 | 51.143.53.152, 59 | 51.143.111.7, 60 | 51.143.111.81, 61 | 51.144.227.73, 62 | 52.138.204.217, 63 | 52.147.198.201, 64 | 52.155.94.78, 65 | 52.157.234.37, 66 | 52.158.208.111, 67 | 52.164.241.205, 68 | 52.169.189.83, 69 | 52.170.83.19, 70 | 52.174.22.246, 71 | 52.178.147.240, 72 | 52.178.151.212, 73 | 52.178.223.23, 74 | 52.182.141.63, 75 | 52.183.114.173, 76 | 52.184.221.185, 77 | 52.229.39.152, 78 | 52.230.85.180, 79 | 52.230.222.68, 80 | 52.236.42.239, 81 | 52.236.43.202, 82 | 52.255.188.83, 83 | 65.52.100.7, 84 | 65.52.100.9, 85 | 65.52.100.11, 86 | 65.52.100.91, 87 | 65.52.100.92, 88 | 65.52.100.93, 89 | 65.52.100.94, 90 | 65.52.161.64, 91 | 65.55.29.238, 92 | 65.55.83.120, 93 | 65.55.113.11, 94 | 65.55.113.12, 95 | 65.55.113.13, 96 | 65.55.176.90, 97 | 65.55.252.43, 98 | 65.55.252.63, 99 | 65.55.252.70, 100 | 65.55.252.71, 101 | 65.55.252.72, 102 | 65.55.252.93, 103 | 65.55.252.190, 104 | 65.55.252.202, 105 | 66.119.147.131, 106 | 104.41.207.73, 107 | 104.42.151.234, 108 | 104.43.137.66, 109 | 104.43.139.21, 110 | 104.43.139.144, 111 | 104.43.140.223, 112 | 104.43.193.48, 113 | 104.43.228.53, 114 | 104.43.228.202, 115 | 104.43.237.169, 116 | 104.45.11.195, 117 | 104.45.214.112, 118 | 104.46.1.211, 119 | 104.46.38.64, 120 | 104.46.162.224, 121 | 104.46.162.226, 122 | 104.210.4.77, 123 | 104.210.40.87, 124 | 104.210.212.243, 125 | 104.214.35.244, 126 | 104.214.78.152, 127 | 131.253.6.87, 128 | 131.253.6.103, 129 | 131.253.34.230, 130 | 131.253.34.234, 131 | 131.253.34.237, 132 | 131.253.34.243, 133 | 131.253.34.246, 134 | 131.253.34.247, 135 | 131.253.34.249, 136 | 131.253.34.252, 137 | 131.253.34.255, 138 | 131.253.40.37, 139 | 134.170.30.202, 140 | 134.170.30.203, 141 | 134.170.30.204, 142 | 134.170.30.221, 143 | 134.170.52.151, 144 | 134.170.235.16, 145 | 157.56.74.250, 146 | 157.56.91.77, 147 | 157.56.106.184, 148 | 157.56.106.185, 149 | 157.56.106.189, 150 | 157.56.113.217, 151 | 157.56.121.89, 152 | 157.56.124.87, 153 | 157.56.149.250, 154 | 157.56.194.72, 155 | 157.56.194.73, 156 | 157.56.194.74, 157 | 168.61.24.141, 158 | 168.61.146.25, 159 | 168.61.149.17, 160 | 168.61.161.212, 161 | 168.61.172.71, 162 | 168.62.187.13, 163 | 168.63.100.61, 164 | 168.63.108.233, 165 | 191.236.155.80, 166 | 191.237.218.239, 167 | 191.239.50.18, 168 | 191.239.50.77, 169 | 191.239.52.100, 170 | 191.239.54.52, 171 | 207.68.166.254 172 | -------------------------------------------------------------------------------- /docs/app/dev/proxifier.md: -------------------------------------------------------------------------------- 1 | # Proxifier 2 | 3 | !!! info 4 | [Proxifier](https://www.proxifier.com/) is an advanced proxy client that allows network applications that do not 5 | support working through proxy servers to operate through a SOCKS or HTTPS proxy and chains. 6 | 7 | ## Capture 8 | 9 | To capture/log traffic with this application, you will have to enable verbose and traffic log file: 10 | 11 | ![](../../assets/app/dev/proxifier/proxifier-file-log.png) 12 | 13 | Then you have to allow capture of services and applications run by other users : 14 | 15 | ![](../../assets/app/dev/proxifier/proxifier-menu-services.png) 16 | 17 | ![](../../assets/app/dev/proxifier/proxifier-services.png) 18 | 19 | The log will be available by default in `C:\Users\\Proxifier\Log.txt`: 20 | 21 | ```text 22 | [2016.05.29 02:48:49] 23 | [2016.05.29 02:48:49] Welcome to Proxifier v3.29 24 | [2016.05.29 02:48:49] 25 | [2016.05.29 02:48:49] Verbose output enabled. 26 | [2016.05.29 02:48:49] Log file enabled C:\Users\\Documents\Proxifier\Log.txt 27 | [2016.05.29 02:48:49] Traffic log enabled C:\Users\\Documents\Proxifier\Traffic\ 28 | [2016.05.29 02:49:04] svchost.exe (820, System) *64 - resolve win10.ipv6.microsoft.com. : DNS 29 | [2016.05.29 02:49:14] svchost.exe (820, System) *64 - resolve sls.update.microsoft.com : DNS 30 | [2016.05.29 02:49:14] svchost.exe (820) *64 - sls.update.microsoft.com:443 matching Default rule : direct connection 31 | [2016.05.29 02:49:15] svchost.exe (820, System) *64 - resolve sls.update.microsoft.com : DNS 32 | [2016.05.29 02:49:15] svchost.exe (820) *64 - sls.update.microsoft.com:443 matching Default rule : direct connection 33 | [2016.05.29 02:49:15] svchost.exe (1352, System) *64 - resolve v10.vortex-win.data.microsoft.com : DNS 34 | [2016.05.29 02:49:15] svchost.exe (1352, System) *64 - v10.vortex-win.data.microsoft.com:443 matching Default rule : direct connection 35 | [2016.05.29 02:49:16] svchost.exe (820, System) *64 - resolve login.live.com : DNS 36 | [2016.05.29 02:49:16] svchost.exe (820) *64 - login.live.com:80 matching Default rule : direct connection 37 | [2016.05.29 02:49:16] svchost.exe (820, System) *64 - resolve login.live.com : DNS 38 | [2016.05.29 02:49:16] svchost.exe (820) *64 - login.live.com:443 matching Default rule : direct connection 39 | [2016.05.29 02:49:17] svchost.exe (820, System) *64 - resolve fe3.delivery.mp.microsoft.com : DNS 40 | [2016.05.29 02:49:17] svchost.exe (820) *64 - fe3.delivery.mp.microsoft.com:443 matching Default rule : direct connection 41 | [2016.05.29 02:49:21] svchost.exe (820, System) *64 - resolve login.live.com : DNS 42 | ``` 43 | 44 | ## Parsing 45 | 46 | WindowsSpyBlocker can be used to parse logs and generate CSV files. 47 | 48 | !!! warning 49 | Do not forget to edit the `app.conf` file before continuing 50 | 51 | * **proxifier** 52 | * **logPath**: Path to Proxifier log file (replace ``). 53 | * **exclude** 54 | * **ips**: exclude IPs addresses from parsing. Ranges are allowed and in most cases you have to exclude your local network. 55 | * **hosts**: exclude domains from parsing. Wildcard are allowed and in most cases you have to exclude your local network. 56 | * **orgs**: exclude by whois organization from parsing. Wildcard are allowed and in most cases you have to exclude your ISP. 57 | 58 | Launch `WindowsSpyBlocker.exe` and select `Dev > Proxifier > Extract log`: 59 | 60 | ![](../../assets/app/dev/proxifier/proxifier-menu.png) 61 | 62 | CSV files will be generated in `logs/` folder: 63 | 64 | * `proxifier-all.csv` 65 | * `proxifier-hosts-count.csv` 66 | * `proxifier-unique.csv` 67 | -------------------------------------------------------------------------------- /app/utils/file/file.go: -------------------------------------------------------------------------------- 1 | package file 2 | 3 | import ( 4 | "archive/zip" 5 | "errors" 6 | "io" 7 | "os" 8 | "path/filepath" 9 | 10 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 11 | ) 12 | 13 | // CreateFile creates a file and print status 14 | func CreateFile(file string) error { 15 | w, err := os.Create(file) 16 | if err != nil { 17 | print.Error(err) 18 | return err 19 | } 20 | 21 | defer w.Close() 22 | print.Ok() 23 | return nil 24 | } 25 | 26 | // CreateSubfolder creates a folder recusively 27 | func CreateSubfolder(path string) error { 28 | if _, err := os.Stat(path); os.IsNotExist(err) { 29 | err = os.MkdirAll(path, 777) 30 | if err != nil { 31 | return err 32 | } 33 | } 34 | return nil 35 | } 36 | 37 | // Unzip a file in a destination path 38 | // https://stackoverflow.com/questions/20357223/easy-way-to-unzip-file-with-golang 39 | func Unzip(src, dest string) error { 40 | r, err := zip.OpenReader(src) 41 | if err != nil { 42 | return err 43 | } 44 | 45 | defer func() { 46 | if err := r.Close(); err != nil { 47 | panic(err) 48 | } 49 | }() 50 | 51 | os.MkdirAll(dest, 0755) 52 | 53 | // Closure to address file descriptors issue with all the deferred .Close() methods 54 | extractAndWriteFile := func(f *zip.File) error { 55 | rc, err := f.Open() 56 | if err != nil { 57 | return err 58 | } 59 | defer func() { 60 | if err := rc.Close(); err != nil { 61 | panic(err) 62 | } 63 | }() 64 | 65 | thePath := filepath.Join(dest, f.Name) 66 | 67 | if f.FileInfo().IsDir() { 68 | os.MkdirAll(thePath, f.Mode()) 69 | } else { 70 | os.MkdirAll(filepath.Dir(thePath), f.Mode()) 71 | f, err := os.OpenFile(thePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode()) 72 | if err != nil { 73 | return err 74 | } 75 | 76 | defer func() { 77 | if err := f.Close(); err != nil { 78 | panic(err) 79 | } 80 | }() 81 | 82 | _, err = io.Copy(f, rc) 83 | if err != nil { 84 | return err 85 | } 86 | } 87 | 88 | return nil 89 | } 90 | 91 | for _, f := range r.File { 92 | err := extractAndWriteFile(f) 93 | if err != nil { 94 | return err 95 | } 96 | } 97 | 98 | return nil 99 | } 100 | 101 | // RemoveFile removes a file 102 | func RemoveFile(filename string) error { 103 | if _, err := os.Stat(filename); err == nil { 104 | err := os.Remove(filename) 105 | if err != nil { 106 | print.Error(err) 107 | return err 108 | } 109 | } else { 110 | return errors.New("File not found") 111 | } 112 | return nil 113 | } 114 | 115 | // CopyFile copy a file 116 | func CopyFile(src string, dest string) error { 117 | srcFile, err := os.Open(src) 118 | if err != nil { 119 | return err 120 | } 121 | defer srcFile.Close() 122 | 123 | destFile, err := os.Create(dest) 124 | if err != nil { 125 | return err 126 | } 127 | defer destFile.Close() 128 | 129 | _, err = io.Copy(destFile, srcFile) 130 | if err != nil { 131 | return err 132 | } 133 | 134 | err = destFile.Sync() 135 | if err != nil { 136 | return err 137 | } 138 | 139 | return nil 140 | } 141 | 142 | // RemoveContents remove contents of a specified directory 143 | func RemoveContents(dir string) error { 144 | d, err := os.Open(dir) 145 | if err != nil { 146 | return err 147 | } 148 | defer d.Close() 149 | names, err := d.Readdirnames(-1) 150 | if err != nil { 151 | return err 152 | } 153 | for _, name := range names { 154 | err = os.RemoveAll(filepath.Join(dir, name)) 155 | if err != nil { 156 | return err 157 | } 158 | } 159 | return nil 160 | } 161 | -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- 1 | site_name: WindowsSpyBlocker 2 | site_description: Block spying and tracking on Windows 3 | site_author: CrazyMax 4 | site_url: https://crazymax.dev/WindowsSpyBlocker/ 5 | edit_uri: edit/master/docs/ 6 | docs_dir: docs 7 | 8 | repo_name: crazy-max/WindowsSpyBlocker 9 | repo_url: https://github.com/crazy-max/WindowsSpyBlocker 10 | 11 | extra: 12 | seo: 13 | google: Kscpetr5E2zNDM0pqz-0xhtPZ77oY2oAS6Lid6yEUUM 14 | bing: D188E0BEC1AB6E7C1E0194BFC35D0033 15 | #alexa: 16 | #yandex: 17 | social: 18 | - icon: fontawesome/brands/github-alt 19 | link: https://github.com/crazy-max/WindowsSpyBlocker 20 | - icon: fontawesome/brands/twitter 21 | link: https://twitter.com/crazyws 22 | plausible: 23 | server: plausible.re4per.com 24 | domain: crazymax.dev/windowsspyblocker 25 | 26 | theme: 27 | name: material 28 | custom_dir: docs/_overrides 29 | language: en 30 | palette: 31 | - media: "(prefers-color-scheme: light)" 32 | scheme: default 33 | primary: indigo 34 | accent: indigo 35 | toggle: 36 | icon: material/weather-night 37 | name: Switch to dark mode 38 | - media: "(prefers-color-scheme: dark)" 39 | scheme: slate 40 | primary: indigo 41 | accent: indigo 42 | toggle: 43 | icon: material/weather-sunny 44 | name: Switch to light mode 45 | font: 46 | text: Roboto 47 | code: Roboto Mono 48 | logo: assets/logo.png 49 | favicon: assets/favicon.ico 50 | include_search_page: false 51 | search_index_only: true 52 | 53 | extra_css: 54 | - assets/stylesheets/extra.css 55 | 56 | markdown_extensions: 57 | - admonition 58 | - attr_list 59 | - codehilite 60 | - footnotes 61 | - markdown_include.include: 62 | base_path: docs 63 | - meta 64 | - pymdownx.details 65 | - pymdownx.tabbed 66 | - pymdownx.superfences 67 | - pymdownx.emoji: 68 | emoji_index: !!python/name:materialx.emoji.twemoji 69 | emoji_generator: !!python/name:materialx.emoji.to_svg 70 | - toc: 71 | permalink: true 72 | 73 | plugins: 74 | - exclude: 75 | glob: 76 | - "_overrides/*" 77 | - ".dockerignore" 78 | - "Dockerfile" 79 | - git-revision-date-localized: 80 | type: iso_datetime 81 | enable_creation_date: true 82 | - macros 83 | - search: 84 | prebuild_index: python 85 | lang: 86 | - en 87 | 88 | nav: 89 | - Home: index.md 90 | - Usage: usage.md 91 | - Download: download.md 92 | - Application: 93 | - Overview: app/index.md 94 | - Telemetry: 95 | - Overview: app/telemetry/index.md 96 | - Firewall: app/telemetry/firewall.md 97 | - NCSI: app/telemetry/ncsi.md 98 | - Dev: 99 | - Overview: app/dev/index.md 100 | - Proxifier: app/dev/proxifier.md 101 | - Sysmon: app/dev/sysmon.md 102 | - Wireshark: app/dev/wireshark.md 103 | - Blocking rules: 104 | - Overview: blocking-rules/index.md 105 | - Firewall: blocking-rules/firewall.md 106 | - Hosts: blocking-rules/hosts.md 107 | - DNSCrypt: blocking-rules/dnscrypt.md 108 | - ESET Firewall: blocking-rules/eset.md 109 | - Kaspersky Firewall: blocking-rules/kaspersky.md 110 | - OpenWrt: blocking-rules/openwrt.md 111 | - P2P: blocking-rules/p2p.md 112 | - Proxifier: blocking-rules/proxifier.md 113 | - simplewall: blocking-rules/simplewall.md 114 | - FAQ: faq.md 115 | - Telemetry info: telemetry-info.md 116 | - Changelog: changelog.md 117 | - Reporting an issue: reporting-issue.md 118 | - Contributing: contributing.md 119 | - Donate: donate.md 120 | -------------------------------------------------------------------------------- /app/cmds/dev/test/firewall.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "os" 7 | "path" 8 | "strings" 9 | "time" 10 | 11 | "github.com/akyoto/color" 12 | "github.com/crazy-max/WindowsSpyBlocker/app/dnsres" 13 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/data" 14 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/file" 15 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/netu" 16 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/pathu" 17 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 18 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/timeu" 19 | "github.com/crazy-max/WindowsSpyBlocker/app/whois" 20 | ) 21 | 22 | func testFirewallIps(args ...string) error { 23 | logsPath := path.Join(pathu.Logs) 24 | if err := file.CreateSubfolder(logsPath); err != nil { 25 | print.Error(err) 26 | return nil 27 | } 28 | 29 | defer timeu.Track(time.Now()) 30 | testFirewallIpsByRule(data.RULES_EXTRA) 31 | testFirewallIpsByRule(data.RULES_SPY) 32 | testFirewallIpsByRule(data.RULES_UPDATE) 33 | 34 | fmt.Printf("\nLogs available in ") 35 | color.New(color.FgCyan).Printf("%s\n", strings.TrimLeft(logsPath, pathu.Current)) 36 | 37 | return nil 38 | } 39 | 40 | func testFirewallIpsByRule(rule string) { 41 | fmt.Println() 42 | 43 | testCsv := path.Join(pathu.Logs, fmt.Sprintf("firewall-test-%s.csv", rule)) 44 | 45 | fmt.Printf("Get IPs for %s... ", rule) 46 | fwIps, err := data.GetFirewallIpsByRule(rule) 47 | if err != nil { 48 | print.Error(err) 49 | return 50 | } 51 | print.Ok() 52 | 53 | testCsvFile, _ := os.Create(testCsv) 54 | testCsvFile.WriteString("IP,ORGANIZATION,COUNTRY,RESOLVED DATE,RESOLVED DOMAIN") 55 | for _, fwIp := range fwIps { 56 | if strings.Contains(fwIp.IP, "-") { 57 | testFirewallIpRange(fwIp.IP, testCsvFile) 58 | } else if netu.IsValidIPv4(fwIp.IP) { 59 | testFirewallIp(fwIp.IP, testCsvFile) 60 | } 61 | } 62 | 63 | testCsvFile.Sync() 64 | testCsvFile.Close() 65 | fmt.Println() 66 | } 67 | 68 | func testFirewallIpRange(ipRange string, testCsvFile *os.File) { 69 | ips, err := netu.GetIpsFromIPRange(ipRange) 70 | if err != nil { 71 | return 72 | } 73 | for _, ip := range ips { 74 | ipNet := net.ParseIP(ip) 75 | ipNet = ipNet.To4() 76 | if ipNet == nil { 77 | continue 78 | } 79 | if ipNet[3] > 0 && ipNet[3] < 255 { 80 | testFirewallIp(ip, testCsvFile) 81 | } 82 | } 83 | } 84 | 85 | func testFirewallIp(ip string, testCsvFile *os.File) { 86 | fmt.Print("\nTesting ") 87 | color.New(color.FgMagenta).Printf("%s", ip) 88 | fmt.Print("...\n") 89 | whoisResult := whois.GetWhois(ip) 90 | if whoisResult != (whois.Whois{}) { 91 | fmt.Print(" Organisation: ") 92 | color.New(color.FgCyan).Printf("%s\n", whoisResult.Org) 93 | fmt.Print(" Country: ") 94 | color.New(color.FgCyan).Printf("%s\n", whoisResult.Country) 95 | testCsvFile.WriteString(fmt.Sprintf("\n%s,%s,%s", ip, whoisResult.Org, whoisResult.Country)) 96 | } else { 97 | return 98 | } 99 | dnsresList := dnsres.GetDnsRes(ip) 100 | if len(dnsresList) > 0 { 101 | countRes := 0 102 | fmt.Println(" Resolutions:") 103 | for _, res := range dnsresList { 104 | fmt.Printf(" %s - ", res.LastResolved.Format("2006-01-02")) 105 | color.New(color.FgCyan).Printf("%s\n", res.IpOrDomain) 106 | if countRes == 0 { 107 | testCsvFile.WriteString(fmt.Sprintf(",%s,%s", res.LastResolved.Format("2006-01-02"), res.IpOrDomain)) 108 | } else { 109 | testCsvFile.WriteString(fmt.Sprintf("\n,,,%s,%s", res.LastResolved.Format("2006-01-02"), res.IpOrDomain)) 110 | } 111 | countRes += 1 112 | } 113 | } else { 114 | testCsvFile.WriteString(",,") 115 | } 116 | } 117 | -------------------------------------------------------------------------------- /docs/telemetry-info.md: -------------------------------------------------------------------------------- 1 | # Telemetry info 2 | 3 | Useful links about telemetry data collection: 4 | 5 | * [Windows 11, manage connection endpoints](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-11-endpoints) 6 | * [Windows 11, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-11-endpoints-non-enterprise-editions) 7 | * [Windows 10, version 21H2, manage connection endpoints](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-21h2-endpoints) 8 | * [Windows 10, version 21H1, manage connection endpoints](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-21h1-endpoints) 9 | * [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-21h1-non-enterprise-editions) 10 | * [Windows 10, version 20H2, manage connection endpoints](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-20h2-endpoints) 11 | * [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-20h2-non-enterprise-editions) 12 | * [Windows 10, version 2004, manage connection endpoints](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-2004-endpoints) 13 | * [Windows 10, version 2004, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-2004-non-enterprise-editions) 14 | * [Windows 10, version 1903, manage connection endpoints](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1903-endpoints) 15 | * [Windows 10, version 1903, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1903-non-enterprise-editions) 16 | * [Windows 10, version 1809, manage connection endpoints](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints) 17 | * [Windows 10, version 1803, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1803-non-enterprise-editions) 18 | * [Windows 10, version 1709, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions) 19 | * [Windows 10, version 1709, manage connection endpoints](https://docs.microsoft.com/en-us/windows/configuration/manage-windows-endpoints-version-1709) 20 | * [Windows 10, version 1709, basic level Windows diagnostic events and fields](https://docs.microsoft.com/en-us/windows/configuration/basic-level-windows-diagnostic-events-and-fields) 21 | * [Windows 10, version 1709, enhanced telemetry events and fields used by Windows Analytics](https://docs.microsoft.com/en-us/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields) 22 | * [Windows 10, version 1703, basic level Windows diagnostic events and fields](https://docs.microsoft.com/en-us/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703) 23 | * [Windows 10, version 1703, diagnostic data for the Full telemetry level](https://docs.microsoft.com/en-us/windows/configuration/windows-diagnostic-data-1703) 24 | * [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) 25 | * [UseTerms Retail Windows 10 English](https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm) 26 | * [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement) 27 | * [Cortana and privacy](https://privacy.microsoft.com/en-US/windows-10-cortana-and-privacy) 28 | * [MSWin10 GDPR Compliance](assets/MSWin10_GDPR_Compliance.pdf) 29 | * SiSyPHuS BSI Windows 10 Telemetry data ; [English](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/Workpackage4_Telemetry.pdf) (partially) 30 | and [German](https://www.bsi.bund.de/DE/Themen/Cyber-Sicherheit/Empfehlungen/SiSyPHuS_Win10/AP4/SiSyPHuS_AP4.html) 31 | -------------------------------------------------------------------------------- /app/ip6/ip6.go: -------------------------------------------------------------------------------- 1 | package ip6 2 | 3 | import ( 4 | "encoding/json" 5 | "errors" 6 | "fmt" 7 | "net/http" 8 | "os" 9 | "path" 10 | "time" 11 | 12 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/config" 13 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/file" 14 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/pathu" 15 | ) 16 | 17 | // Timeout and URI templates for IP6 external services 18 | const ( 19 | HTTP_TIMEOUT = 10 20 | CACHE_TIMEOUT = 172800 21 | ) 22 | 23 | // IP6 structure 24 | type IP6 struct { 25 | Domain string 26 | IP string 27 | } 28 | 29 | // ip6.nf response structure 30 | type ip6nl struct { 31 | Verdict string `json:"verdict"` 32 | Cname int `json:"cname"` 33 | Domain string `json:"domain"` 34 | Expires int `json:"expires"` 35 | Possiblyglue int `json:"possiblyglue"` 36 | Rating int `json:"rating"` 37 | Time int `json:"time"` 38 | Results struct { 39 | DNS struct { 40 | Class string `json:"class"` 41 | V4 []string `json:"v4"` 42 | V6 []string `json:"v6"` 43 | } `json:"dns"` 44 | Host struct { 45 | Class string `json:"class"` 46 | V4 []string `json:"v4"` 47 | V6 []string `json:"v6"` 48 | } `json:"host"` 49 | Mx struct { 50 | Class string `json:"class"` 51 | Comments []string `json:"comments"` 52 | V4 []string `json:"v4"` 53 | V6 []string `json:"v6"` 54 | } `json:"mx"` 55 | Ns struct { 56 | Class string `json:"class"` 57 | Comments []string `json:"comments"` 58 | V4 []string `json:"v4"` 59 | V6 []string `json:"v6"` 60 | } `json:"ns"` 61 | Www struct { 62 | Class string `json:"class"` 63 | Comments []string `json:"comments"` 64 | V4 []string `json:"v4"` 65 | V6 []string `json:"v6"` 66 | } `json:"www"` 67 | } `json:"results"` 68 | } 69 | 70 | // GetIP6 returns ipv6 of domain 71 | func GetIP6(domain string) IP6 { 72 | var result IP6 73 | 74 | resultFile := path.Join(pathu.Tmp, "ip6.json") 75 | resultJson := make(map[string]IP6) 76 | 77 | if resultTmpInfo, err := os.Stat(resultFile); err == nil { 78 | resultTmpModified := time.Since(resultTmpInfo.ModTime()).Seconds() 79 | if resultTmpModified > CACHE_TIMEOUT { 80 | fmt.Printf("Creating file %s... ", resultFile) 81 | if err := file.CreateFile(resultFile); err != nil { 82 | return result 83 | } 84 | } else { 85 | raw, err := os.ReadFile(resultFile) 86 | if err != nil { 87 | return result 88 | } 89 | err = json.Unmarshal(raw, &resultJson) 90 | if err != nil { 91 | return result 92 | } 93 | if result, found := resultJson[domain]; found { 94 | return result 95 | } 96 | } 97 | } 98 | 99 | result, _ = getOnline(domain) 100 | 101 | resultJson[domain] = result 102 | resultJsonMarsh, _ := json.Marshal(resultJson) 103 | os.WriteFile(resultFile, resultJsonMarsh, 0644) 104 | 105 | return result 106 | } 107 | 108 | func getOnline(domain string) (IP6, error) { 109 | var result IP6 110 | var err error 111 | 112 | timeout := time.Duration(HTTP_TIMEOUT * time.Second) 113 | httpClient := http.Client{ 114 | Timeout: timeout, 115 | } 116 | 117 | result, err = getIP6(httpClient, domain) 118 | if err == nil { 119 | return result, nil 120 | } 121 | 122 | return result, err 123 | } 124 | 125 | func getIP6(httpClient http.Client, domain string) (IP6, error) { 126 | apiUrl := fmt.Sprintf(config.Settings.Uris.Ip6, domain) 127 | fmt.Printf("\n%s", apiUrl) 128 | 129 | resp, err := httpClient.Get(apiUrl) 130 | if err != nil { 131 | return IP6{}, err 132 | } 133 | 134 | defer resp.Body.Close() 135 | 136 | if resp.StatusCode == 403 { 137 | return IP6{}, errors.New("Exceeded maximum number of API calls") 138 | } 139 | 140 | var ip6nlApi ip6nl 141 | err = json.NewDecoder(resp.Body).Decode(&ip6nlApi) 142 | if err != nil { 143 | return IP6{}, err 144 | } 145 | 146 | fmt.Printf("\n%v", ip6nlApi) 147 | for _, ipv6 := range ip6nlApi.Results.Host.V6 { 148 | return IP6{ 149 | Domain: domain, 150 | IP: ipv6, 151 | }, nil 152 | } 153 | 154 | return IP6{}, nil 155 | } 156 | -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | ddns-route53 2 | 3 |

4 | GitHub release 5 | Chocolatey Package 6 | Total downloads 7 | Build Status 8 |
Go Report 9 | Become a sponsor 10 | Donate Paypal 11 |

12 | 13 | --- 14 | 15 | ## What is WindowsSpyBlocker? 16 | 17 | **WindowsSpyBlocker** :shield: is an application written in [Go](https://golang.org/) and delivered as a 18 | [single executable]({{ config.repo_url }}releases/latest) to block spying and tracking on Windows systems. 19 | 20 | The approach of this project is to capture and interpret network traffic based on a set of tools. Depending on the 21 | interactions between services and source or destination of traffic, rules are created and sorted by assignment. 22 | 23 | ## Projects using WindowsSpyBlocker 24 | 25 | * [BlackArch Linux](https://www.blackarch.org/): an Arch Linux-based penetration testing distribution for penetration testers and security researchers. 26 | * [Blackweb](https://github.com/maravento/blackweb): URLs Blacklist for Squid. 27 | * [BlahDNS](https://blahdns.com/): A small hobby ads block dns project with doh, dot, dnscrypt support. 28 | * [DNSCrypt Proxy](https://dnscrypt.info/): A flexible DNS proxy, with support for encrypted DNS protocols. 29 | * [Energized Protection](https://energized.pro/): Let's make an annoyance free, better open internet, altogether! 30 | * [FilterLists](https://filterlists.com/): An independent, comprehensive directory of filter and host lists for advertisements, trackers, malware, and annoyances. 31 | * [LEDE Project](https://lede-project.org/): A Linux operating system based on OpenWrt. 32 | * [Mikrotik hosts parser](https://github.com/tarampampam/mikrotik-hosts-parser): An application that blocks "advertising" for routers based on RouterOS. 33 | * [NextDNS](https://github.com/nextdns): Block ads, trackers, malware and phishing websites, cryptominers and more. 34 | * [OpenWrt adblock package](https://github.com/openwrt/packages/tree/master/net/adblock/files): DNS based ad/abuse domain blocking. 35 | * [OPNsense](https://opnsense.org): An open source, easy-to-use and easy-to-build HardenedBSD based firewall and routing platform. 36 | * [pi-hole](https://pi-hole.net/): A black hole for Internet advertisements (designed for Raspberry Pi). 37 | * [privatezilla](https://github.com/builtbybel/privatezilla): Performs a privacy & security check of Windows 10. 38 | * [simplewall](https://github.com/henrypp/simplewall): Simple tool to configure Windows Filtering Platform (WFP). 39 | * [void-zones-tools](https://github.com/cyclaero/void-zones-tools): A list of void zones that can be readily feed into Unbound on FreeBSD. 40 | * [WPD](https://getwpd.com/): Customize Group Policy, Services and Tasks, responsible for data collection and sending, as you like. 41 | 42 | ## License 43 | 44 | This project is licensed under the terms of the MIT license. 45 | 46 | Icon credit to [Icons8](https://icons8.com/). 47 | -------------------------------------------------------------------------------- /app/menu/menu.go: -------------------------------------------------------------------------------- 1 | // Package menu fork of https://github.com/turret-io/go-menu 2 | package menu 3 | 4 | import ( 5 | "bufio" 6 | "fmt" 7 | "io" 8 | "os" 9 | "strconv" 10 | "strings" 11 | 12 | "github.com/akyoto/color" 13 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 14 | ) 15 | 16 | // CommandOption main struct to handle options for Description, and the function that should be called 17 | type CommandOption struct { 18 | Description string 19 | Color color.Attribute 20 | Function func(args ...string) error 21 | } 22 | 23 | // Options sets name, prompt, character width of menu, and command 24 | // used to display the menu 25 | type Options struct { 26 | Name string 27 | Prompt string 28 | MenuLength int 29 | MenuCommand string 30 | } 31 | 32 | // Menu struct encapsulates Commands and Options 33 | type Menu struct { 34 | Commands []CommandOption 35 | Options Options 36 | } 37 | 38 | // NewOptions to setup the options for the menu. 39 | // An empty string for prompt and a length of 0 will use the 40 | // default "> " prompt and 100 character wide menu. An empty 41 | // string for menuCommand will use the default 'menu' command. 42 | func NewOptions(name string, prompt string, length int, menuCommand string) Options { 43 | return Options{name, prompt, length, menuCommand} 44 | } 45 | 46 | // Trim whitespace, newlines, and create command+arguments slice 47 | func cleanCommand(cmd string) ([]string, error) { 48 | cmdArgs := strings.Split(strings.Trim(cmd, " \r\n"), " ") 49 | return cmdArgs, nil 50 | } 51 | 52 | // NewMenu creates a new menu with options 53 | func NewMenu(cmds []CommandOption, options Options) *Menu { 54 | if options.Prompt == "" { 55 | options.Prompt = "> " 56 | } 57 | if options.MenuLength == 0 { 58 | options.MenuLength = 100 59 | } 60 | if options.MenuCommand == "" { 61 | options.MenuCommand = "menu" 62 | } 63 | return &Menu{ 64 | Commands: cmds, 65 | Options: options, 66 | } 67 | } 68 | 69 | func (m *Menu) prompt() { 70 | fmt.Print(m.Options.Prompt) 71 | } 72 | 73 | // Write menu from CommandOptions 74 | func (m *Menu) menu() { 75 | // Menu name 76 | fmt.Println() 77 | color.New(color.FgHiCyan, color.Bold).Print("# ", m.Options.Name, "\n") 78 | 79 | idCmd := 1 80 | for i := range m.Commands { 81 | // Command ID 82 | color.New(color.Bold).Printf(" %d", idCmd) 83 | fmt.Print(" - ") 84 | 85 | // Command Description 86 | color.New(m.Commands[i].Color).Printf("%s", m.Commands[i].Description) 87 | fmt.Println() 88 | 89 | idCmd += 1 90 | } 91 | 92 | fmt.Println() 93 | color.New(color.FgMagenta).Println("* Type 'back' to go to the previous menu") 94 | color.New(color.FgMagenta).Println("* Type 'exit' to leave WindowsSpyBlocker") 95 | fmt.Println() 96 | } 97 | 98 | // Start is a wrapper for providing Stdin to the main menu loop 99 | func (m *Menu) Start() { 100 | m.start(os.Stdin) 101 | } 102 | 103 | // Main loop 104 | func (m *Menu) start(reader io.Reader) { 105 | m.menu() 106 | 107 | Loop: 108 | for { 109 | input := bufio.NewReader(reader) 110 | // Prompt for input 111 | m.prompt() 112 | 113 | inputString, err := input.ReadString('\n') 114 | if err != nil { 115 | // If we didn't receive anything from ReadString 116 | // we shouldn't continue because we're not blocking 117 | // anymore but we also don't have any data 118 | break Loop 119 | } 120 | 121 | cmd, _ := cleanCommand(inputString) 122 | if len(cmd) < 1 { 123 | break Loop 124 | } 125 | 126 | // Route the first index of the cmd slice to the appropriate case 127 | Route: 128 | switch cmd[0] { 129 | case "exit": 130 | os.Exit(0) 131 | case "back": 132 | break Loop 133 | case m.Options.MenuCommand: 134 | m.menu() 135 | break 136 | default: 137 | if currentIdCmd, err := strconv.Atoi(cmd[0]); err == nil { 138 | idCmd := 1 139 | for i := range m.Commands { 140 | if idCmd == currentIdCmd { 141 | err := m.Commands[i].Function(cmd[1:]...) 142 | fmt.Println() 143 | if err != nil { 144 | print.QuitFatal(err) 145 | } 146 | break Route 147 | } 148 | idCmd += 1 149 | } 150 | } 151 | if cmd[0] != "" { 152 | print.ErrorStr(fmt.Sprintf("Unknown command '%s'\n", cmd[0])) 153 | } 154 | } 155 | } 156 | } 157 | -------------------------------------------------------------------------------- /docs/faq.md: -------------------------------------------------------------------------------- 1 | # FAQ 2 | 3 | ## No Internet access on my network card 4 | 5 | ![](assets/faq/no-internet-access.png) 6 | 7 | Windows check a Microsoft site for connectivity, using the Network Connectivity Status Indicator site. 8 | 9 | * NCSI performs a DNS lookup on `www.msftconnecttest.com`, then requests `http://www.msftconnecttest.com/connecttest.txt`. 10 | This file is a plain-text file and contains only the text `Microsoft Connect Test`. 11 | * NCSI sends a DNS lookup request for `dns.msftncsi.com`. This DNS address should resolve to `131.107.255.255`. 12 | If the address does not match, then it's assumed that the internet connection is not functioning correctly. 13 | 14 | If you want to implement your own NCSI, [check this blog post](http://blog.superuser.com/2011/05/16/windows-7-network-awareness/). 15 | 16 | !!! info 17 | [Appendix K: Network Connectivity Status Indicator and Resulting Internet Communication](https://technet.microsoft.com/en-us/library/cc766017%28WS.10%29.aspx) 18 | 19 | ## Couldn't connect to the update service 20 | 21 | ![](assets/faq/could-not-connect-update-service.png) 22 | > We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet. 23 | 24 | If you've got this message when you want to process a Windows Update, there's maybe a problem with some hosts and/or 25 | firewall rules that need to be updated: 26 | 27 | * First remove all WindowsSpyBlocker firewall rules (with the executable) and check again. 28 | If it works, [please report this issue](reporting-issue.md). 29 | * Otherwise remove WindowsSpyBlocker hosts and check again. 30 | If it works [please report this issue](reporting-issue.md). 31 | * Otherwise this is probably an issue with your ISP 32 | 33 | !!! tip 34 | Several tools are available to update offline: 35 | 36 | * [WSUS Offline Update](http://www.wsusoffline.net/): Using "WSUS Offline Update" (formerly known as "ct offline update" or "DIY Service Pack"), you can update any computer running Microsoft Windows safely, quickly and without an Internet connection. 37 | * [AutoPatcher](http://www.autopatcher.com/): Combines the advantage of both Windows Update (presentation and description of updates and automated installation), and the special administrative updates (portability and installation without the need of an Internet connection). 38 | * [Portable Update](http://www.portableupdate.com/): Updating a Microsoft Windows computer in a completely disconnected environment. 39 | * [WHDownloader](http://forums.mydigitallife.info/threads/66243-WHDownloader-Download): Formerly called the Windows Hotfix Downloader, is a lightweight and easy to use downloader used for finding and applying the latest Microsoft Windows updates. 40 | 41 | ## What is NCSI? 42 | 43 | The NCSI is used within the Network Awareness API and shows the Internet connectivity with the Network Connection 44 | Status Icon in the system tray. This mechanism can be configured by registry keys of the "Network Location Awareness" 45 | service. 46 | 47 | The internet connectivity is determined by four steps: 48 | 49 | ![](assets/faq/ncsi-graph.png) 50 | 51 | In the first step, an IPv4 HTTP request is compared to a known string stored in the registry. If the request returns 52 | the expected characters, the Internet connection is considered to be available. If the request fails, the same 53 | mechanism is used with an IPv6 URL. If both fail, the third step tries to resolve an IPv4 DNS name and, if this fails 54 | again, an IPv6 DNS resolution is used. If all four steps fail, then the Internet connection is considered to be not 55 | available. 56 | 57 | !!! quote 58 | [http://www.codeproject.com/Tips/1077317/Test-for-Internet-Connectivity-the-Windows-Way](http://www.codeproject.com/Tips/1077317/Test-for-Internet-Connectivity-the-Windows-Way) 59 | 60 | ## Antivirus complains about WindowsSpyBlocker 61 | 62 | Releases of WindowsSpyBlocker are scanned by [VirusTotal](https://www.virustotal.com) and a link is provided in the 63 | description of each release. 64 | 65 | Every detections found by VirusTotal scan are generic. Most likely based on a heuristic detection. 66 | Heuristics are more prone to false-positive detections. 67 | 68 | This [happens quite often](https://github.com/golang/go/issues?utf8=%E2%9C%93&q=is%3Aissue%20antivirus) with programs 69 | written in [Golang](https://golang.org/). The best you can do is to 70 | [report this](https://github.com/crazy-max/WindowsSpyBlocker/issues/82#issuecomment-337611345) to your 71 | Antivirus software vendor. 72 | 73 | But if the detection is legitimate, you can still [report this issue](reporting-issue.md). 74 | -------------------------------------------------------------------------------- /docs/_overrides/main.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | 3 | 4 | {% set title = config.site_name %} 5 | {% if page and page.title and not page.is_homepage %} 6 | {% set title = config.site_name ~ " - " ~ page.title | striptags %} 7 | {% endif %} 8 | 9 | 10 | {% set assets = config.site_url ~ 'assets' %} 11 | 12 | {% block extrahead %} 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | {% endblock %} 56 | 57 | 58 | {% block announce %} 59 | 82 | 83 | If you like this project and use it, consider sponsoring it via 84 | GitHub ❤ Sponsors 85 | 86 | {% endblock %} 87 | -------------------------------------------------------------------------------- /app/utils/netu/netu.go: -------------------------------------------------------------------------------- 1 | package netu 2 | 3 | import ( 4 | "bytes" 5 | "fmt" 6 | "net" 7 | "regexp" 8 | "strings" 9 | "time" 10 | 11 | "github.com/cavaliergopher/grab/v3" 12 | ) 13 | 14 | // GetCIDRFromIPRange converts IP range to CIDR 15 | func GetCIDRFromIPRange(ipRange string) (string, error) { 16 | if strings.Contains(ipRange, "-") { 17 | ipRangeS := strings.SplitN(ipRange, "-", 2) 18 | if len(ipRangeS) != 2 { 19 | return "", fmt.Errorf("Invalid IP range %s", ipRange) 20 | } 21 | ipA := net.ParseIP(ipRangeS[0]) 22 | ipB := net.ParseIP(ipRangeS[1]) 23 | maxLen := 32 24 | for l := maxLen; l >= 0; l-- { 25 | mask := net.CIDRMask(l, maxLen) 26 | na := ipA.Mask(mask) 27 | n := net.IPNet{IP: na, Mask: mask} 28 | if n.Contains(ipB) { 29 | return fmt.Sprintf("%v/%v", na, l), nil 30 | } 31 | } 32 | } 33 | return "", fmt.Errorf("Invalid IP range %s", ipRange) 34 | } 35 | 36 | // GetIPRangeFromCIDR converts CIDR to IP range 37 | func GetIPRangeFromCIDR(cidr string) (string, error) { 38 | ips, err := GetIpsFromCIDR(cidr) 39 | if err != nil { 40 | return "", err 41 | } 42 | return fmt.Sprintf("%s-%s", ips[0], ips[len(ips)-1]), nil 43 | } 44 | 45 | // GetIpsFromCIDR gets IPs list from CIDR 46 | func GetIpsFromCIDR(cidr string) ([]string, error) { 47 | ip, ipnet, err := net.ParseCIDR(cidr) 48 | if err != nil { 49 | return nil, err 50 | } 51 | 52 | var ips []string 53 | for ip := ip.Mask(ipnet.Mask); ipnet.Contains(ip); incIP(ip) { 54 | ips = append(ips, ip.String()) 55 | } 56 | 57 | return ips, nil 58 | } 59 | 60 | func incIP(ip net.IP) { 61 | for j := len(ip) - 1; j >= 0; j-- { 62 | ip[j]++ 63 | if ip[j] > 0 { 64 | break 65 | } 66 | } 67 | } 68 | 69 | // GetIpsFromIPRange gets IPs list from range 70 | func GetIpsFromIPRange(ipRange string) ([]string, error) { 71 | cidr, err := GetCIDRFromIPRange(ipRange) 72 | if err != nil { 73 | return nil, err 74 | } 75 | return GetIpsFromCIDR(cidr) 76 | } 77 | 78 | // DownloadFile downloads a file and display status 79 | func DownloadFile(filename string, url string) error { 80 | client := grab.NewClient() 81 | req, err := grab.NewRequest(filename, url) 82 | if err != nil { 83 | return err 84 | } 85 | 86 | resp := client.Do(req) 87 | t := time.NewTicker(200 * time.Millisecond) 88 | defer t.Stop() 89 | 90 | Loop: 91 | for { 92 | select { 93 | case <-t.C: 94 | fmt.Print(".") 95 | case <-resp.Done: 96 | break Loop 97 | } 98 | } 99 | 100 | if err := resp.Err(); err != nil { 101 | return err 102 | } 103 | 104 | return nil 105 | } 106 | 107 | // IsValidIPv4 validates an IPv4 108 | func IsValidIPv4(ipAddress string) bool { 109 | ipAddress = strings.Trim(ipAddress, " ") 110 | re, _ := regexp.Compile(`^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$`) 111 | if re.MatchString(ipAddress) { 112 | return true 113 | } 114 | return false 115 | } 116 | 117 | // GetIPFromReverse returns IP address from a reverse domain address 118 | func GetIPFromReverse(domain string) string { 119 | re := regexp.MustCompile(`(?i)(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})`) 120 | matches := re.FindStringSubmatch(domain) 121 | if len(matches) == 2 && IsValidIPv4(matches[1]) { 122 | return matches[1] 123 | } 124 | return "" 125 | } 126 | 127 | // IsValidIpv4Range validates an IPv4 range 128 | func IsValidIpv4Range(ipRange string) bool { 129 | if strings.Contains(ipRange, "-") { 130 | ipRangeS := strings.SplitN(ipRange, "-", 2) 131 | if len(ipRangeS) != 2 { 132 | return false 133 | } 134 | if !IsValidIPv4(ipRangeS[0]) || !IsValidIPv4(ipRangeS[1]) { 135 | return false 136 | } 137 | return true 138 | } 139 | return false 140 | } 141 | 142 | // IsPrivateIp validates an IP in a private network 143 | func IsPrivateIp(ipStr string) bool { 144 | privateIps := []string{ 145 | "127.0.0.1", 146 | "10.0.0.0-10.255.255.255", 147 | "172.16.0.0–172.31.255.255", 148 | "192.168.0.0–192.168.255.255", 149 | } 150 | 151 | ip := net.ParseIP(ipStr) 152 | if ip.To4() == nil { 153 | return false 154 | } 155 | 156 | for _, privateIp := range privateIps { 157 | if strings.Contains(privateIp, "-") { 158 | ipRange := strings.SplitN(privateIp, "-", 2) 159 | if len(ipRange) != 2 { 160 | return false 161 | } 162 | ipRange0 := net.ParseIP(ipRange[0]) 163 | ipRange1 := net.ParseIP(ipRange[1]) 164 | if ipRange0.To4() == nil || ipRange1.To4() == nil { 165 | return false 166 | } 167 | if bytes.Compare(ip, ipRange0) >= 0 && bytes.Compare(ip, ipRange1) <= 0 { 168 | return true 169 | } 170 | } else if privateIp == ipStr { 171 | return true 172 | } 173 | } 174 | 175 | return false 176 | } 177 | -------------------------------------------------------------------------------- /app/dnsres/dnsres.go: -------------------------------------------------------------------------------- 1 | package dnsres 2 | 3 | import ( 4 | "encoding/json" 5 | "errors" 6 | "fmt" 7 | "net/http" 8 | "os" 9 | "path" 10 | "sort" 11 | "strings" 12 | "time" 13 | 14 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/config" 15 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/file" 16 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/netu" 17 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/pathu" 18 | ) 19 | 20 | // Timeout and URI templates for DNS resolutions external services 21 | const ( 22 | HttpTimeout = 10 23 | CacheTimeout = 172800 24 | ) 25 | 26 | type dataIp struct { 27 | ResponseCode string `json:"response_code"` 28 | ResolutionsIp []struct { 29 | LastResolved string `json:"last_resolved"` 30 | Domain string `json:"domain"` 31 | } `json:"resolutions"` 32 | Hashes []string `json:"hashes"` 33 | References []string `json:"references"` 34 | Permalink string `json:"permalink"` 35 | } 36 | 37 | type dataDomain struct { 38 | ResponseCode string `json:"response_code"` 39 | ResolutionsDomain []struct { 40 | LastResolved string `json:"last_resolved"` 41 | IPAddress string `json:"ip_address"` 42 | } `json:"resolutions"` 43 | Hashes []string `json:"hashes"` 44 | Emails []string `json:"emails"` 45 | Subdomains []string `json:"subdomains"` 46 | References []string `json:"references"` 47 | Permalink string `json:"permalink"` 48 | } 49 | 50 | // GetDnsRes returns the DNS resolutions of an ip address or domain 51 | func GetDnsRes(ipAddressOrDomain string) Resolutions { 52 | var result Resolutions 53 | 54 | resultFile := path.Join(pathu.Tmp, "resolutions.json") 55 | resultJson := make(map[string]Resolutions) 56 | 57 | if resultTmpInfo, err := os.Stat(resultFile); err == nil { 58 | resultTmpModified := time.Since(resultTmpInfo.ModTime()).Seconds() 59 | if resultTmpModified > CacheTimeout { 60 | fmt.Printf("Creating file %s... ", resultFile) 61 | if err := file.CreateFile(resultFile); err != nil { 62 | return result 63 | } 64 | } else { 65 | raw, err := os.ReadFile(resultFile) 66 | if err != nil { 67 | return result 68 | } 69 | err = json.Unmarshal(raw, &resultJson) 70 | if err != nil { 71 | return result 72 | } 73 | if result, found := resultJson[ipAddressOrDomain]; found { 74 | sort.Sort(result) 75 | return result 76 | } 77 | } 78 | } 79 | 80 | reportType := "domain" 81 | if netu.IsValidIPv4(ipAddressOrDomain) { 82 | reportType = "ip" 83 | } 84 | 85 | result, _ = getOnline(reportType, ipAddressOrDomain) 86 | resultJson[ipAddressOrDomain] = result 87 | resultJsonMarsh, _ := json.Marshal(resultJson) 88 | _ = os.WriteFile(resultFile, resultJsonMarsh, 0644) 89 | return result 90 | } 91 | 92 | func getOnline(reportType string, ipOrDomain string) (Resolutions, error) { 93 | var result Resolutions 94 | uri := fmt.Sprintf(config.Settings.Uris.Threatcrowd, reportType, reportType, ipOrDomain) 95 | 96 | timeout := HttpTimeout * time.Second 97 | httpClient := http.Client{ 98 | Timeout: timeout, 99 | } 100 | resp, err := httpClient.Get(uri) 101 | if err != nil { 102 | return result, err 103 | } 104 | 105 | defer resp.Body.Close() 106 | 107 | if resp.StatusCode == 403 { 108 | return result, errors.New("Exceeded maximum number of API calls") 109 | } 110 | 111 | if reportType == "ip" { 112 | var dataIp dataIp 113 | err = json.NewDecoder(resp.Body).Decode(&dataIp) 114 | if err != nil { 115 | return result, err 116 | } 117 | if dataIp.ResponseCode != "1" || len(dataIp.ResolutionsIp) == 0 { 118 | err := errors.New("No data available") 119 | return result, err 120 | } 121 | for _, resolve := range dataIp.ResolutionsIp { 122 | lastResolved, _ := time.Parse("2006-01-02", resolve.LastResolved) 123 | result = append(result, Resolution{ 124 | Source: uri, 125 | LastResolved: lastResolved, 126 | IpOrDomain: strings.TrimSpace(strings.ReplaceAll(resolve.Domain, `"`, ``)), 127 | }) 128 | } 129 | 130 | sort.Sort(result) 131 | return result, nil 132 | } 133 | 134 | var dataDomain dataDomain 135 | err = json.NewDecoder(resp.Body).Decode(&dataDomain) 136 | if err != nil { 137 | return result, err 138 | } 139 | if dataDomain.ResponseCode != "1" || len(dataDomain.ResolutionsDomain) == 0 { 140 | err := errors.New("No data available") 141 | return result, err 142 | } 143 | for _, resolve := range dataDomain.ResolutionsDomain { 144 | lastResolved, _ := time.Parse("2006-01-02", resolve.LastResolved) 145 | result = append(result, Resolution{ 146 | Source: uri, 147 | LastResolved: lastResolved, 148 | IpOrDomain: resolve.IPAddress, 149 | }) 150 | } 151 | 152 | sort.Sort(result) 153 | return result, nil 154 | } 155 | -------------------------------------------------------------------------------- /app/utils/app/app.go: -------------------------------------------------------------------------------- 1 | package app 2 | 3 | import ( 4 | "bytes" 5 | "fmt" 6 | "io" 7 | "net" 8 | "net/http" 9 | "os" 10 | "regexp" 11 | "strings" 12 | "time" 13 | 14 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/config" 15 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/file" 16 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/netu" 17 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/pathu" 18 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 19 | "github.com/crazy-max/WindowsSpyBlocker/app/whois" 20 | ) 21 | 22 | // DownloadLib download an external library 23 | func DownloadLib(lib config.Lib) error { 24 | if lib.OutputPath != "" { 25 | if _, err := os.Stat(lib.OutputPath); os.IsNotExist(err) { 26 | fmt.Printf("Creating folder %s... ", strings.TrimLeft(lib.OutputPath, pathu.Current)) 27 | if err := file.CreateSubfolder(lib.OutputPath); err != nil { 28 | print.Error(err) 29 | return err 30 | } 31 | print.Ok() 32 | } 33 | if _, err := os.Stat(lib.Checkfile); err != nil { 34 | fmt.Printf("Downloading %s...", lib.Url) 35 | if err := netu.DownloadFile(lib.Dest, lib.Url); err != nil { 36 | fmt.Print(" ") 37 | print.Error(err) 38 | return err 39 | } 40 | fmt.Print(" ") 41 | print.Ok() 42 | 43 | fmt.Printf("Unzipping %s... ", strings.TrimLeft(lib.Dest, pathu.Current)) 44 | if err := file.Unzip(lib.Dest, lib.OutputPath); err != nil { 45 | print.Error(err) 46 | return err 47 | } 48 | print.Ok() 49 | 50 | fmt.Printf("Seeking checkfile %s... ", strings.TrimLeft(lib.Checkfile, pathu.Current)) 51 | if _, err := os.Stat(lib.Checkfile); err != nil { 52 | print.Error(err) 53 | return err 54 | } 55 | print.Ok() 56 | } 57 | } else { 58 | fmt.Printf("Downloading %s...", lib.Url) 59 | if err := netu.DownloadFile(lib.Dest, lib.Url); err != nil { 60 | fmt.Print(" ") 61 | print.Error(err) 62 | return err 63 | } 64 | fmt.Print(" ") 65 | print.Ok() 66 | } 67 | 68 | return nil 69 | } 70 | 71 | // GetFilteredIpOrDomain get an ip address or domain filtered by excluded values in app.conf 72 | func GetFilteredIpOrDomain(ipOrDomain string) string { 73 | ipOrDomain = strings.ToLower(ipOrDomain) 74 | 75 | if netu.IsPrivateIp(ipOrDomain) { 76 | return "" 77 | } 78 | 79 | if netu.IsValidIPv4(ipOrDomain) { 80 | for _, exp := range config.App.Exclude.Ips { 81 | if isIpExcluded(ipOrDomain, exp) { 82 | return "" 83 | } 84 | } 85 | } else { 86 | for _, exp := range config.App.Exclude.Hosts { 87 | if isDomainExcluded(ipOrDomain, exp) { 88 | return "" 89 | } 90 | } 91 | } 92 | 93 | whoisRes := whois.GetWhois(ipOrDomain) 94 | if whoisRes != (whois.Whois{}) { 95 | for _, exp := range config.App.Exclude.Orgs { 96 | if isOrgExcluded(whoisRes.Org, exp) { 97 | return "" 98 | } 99 | } 100 | } 101 | 102 | return ipOrDomain 103 | } 104 | 105 | func isIpExcluded(ipStr string, exp string) bool { 106 | ip := net.ParseIP(ipStr) 107 | if ip.To4() == nil { 108 | return true 109 | } 110 | 111 | if strings.Contains(exp, "-") { 112 | ipRange := strings.SplitN(exp, "-", 2) 113 | if len(ipRange) != 2 { 114 | return false 115 | } 116 | ipRange0 := net.ParseIP(ipRange[0]) 117 | ipRange1 := net.ParseIP(ipRange[1]) 118 | if ipRange0.To4() == nil || ipRange1.To4() == nil { 119 | return false 120 | } 121 | if bytes.Compare(ip, ipRange0) >= 0 && bytes.Compare(ip, ipRange1) <= 0 { 122 | return true 123 | } 124 | } else if !netu.IsValidIPv4(exp) { 125 | return false 126 | } else if exp == ipStr { 127 | return true 128 | } 129 | 130 | return false 131 | } 132 | 133 | func isDomainExcluded(host string, exp string) bool { 134 | re := regexp.MustCompile(`(?i)^` + strings.Replace(exp, "*", `([^"]+)`, -1) + "$") 135 | matches := re.FindAllString(host, -1) 136 | if len(matches) == 1 { 137 | return true 138 | } 139 | return false 140 | } 141 | 142 | func isOrgExcluded(org string, exp string) bool { 143 | re := regexp.MustCompile(`(?i)^` + strings.Replace(exp, "*", `([^"]+)`, -1) + "$") 144 | matches := re.FindAllString(org, -1) 145 | if len(matches) == 1 { 146 | return true 147 | } 148 | return false 149 | } 150 | 151 | // GetLatestVersion returns the latest version from github 152 | func GetLatestVersion() (string, error) { 153 | client := &http.Client{Timeout: 2 * time.Second} 154 | response, err := client.Get(config.Settings.Uris.LatestVersion) 155 | if err != nil { 156 | return "", err 157 | } 158 | defer response.Body.Close() 159 | 160 | if response.StatusCode == 200 { 161 | bodyBytes, err := io.ReadAll(response.Body) 162 | if err != nil { 163 | return "", err 164 | } 165 | return string(bodyBytes), nil 166 | } 167 | 168 | return "", fmt.Errorf("Status code %d", response.StatusCode) 169 | } 170 | -------------------------------------------------------------------------------- /app/utils/config/config.go: -------------------------------------------------------------------------------- 1 | package config 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | "os" 7 | "path" 8 | "strings" 9 | 10 | "github.com/crazy-max/WindowsSpyBlocker/app/bindata" 11 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/file" 12 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/pathu" 13 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 14 | ) 15 | 16 | // App 17 | var ( 18 | AppName = "WindowsSpyBlocker" 19 | AppVersion = "0.0.0" 20 | AppURL = "https://github.com/crazy-max/WindowsSpyBlocker" 21 | ) 22 | 23 | // Config 24 | var ( 25 | App conf 26 | Settings settings 27 | ) 28 | 29 | // Lib structure 30 | type Lib struct { 31 | Url string `json:"url"` 32 | Dest string 33 | OutputPath string 34 | Checkfile string `json:"checkfile"` 35 | } 36 | 37 | // NcsiProbe structure 38 | type NcsiProbe struct { 39 | WebHostV4 string `json:"webHostV4"` 40 | WebPathV4 string `json:"webPathV4"` 41 | WebContentV4 string `json:"webContentV4"` 42 | WebHostV6 string `json:"webHostV6"` 43 | WebPathV6 string `json:"webPathV6"` 44 | WebContentV6 string `json:"webContentV6"` 45 | DnsHostV4 string `json:"dnsHostV4"` 46 | DnsContentV4 string `json:"dnsContentV4"` 47 | DnsHostV6 string `json:"dnsHostV6"` 48 | DnsContentV6 string `json:"dnsContentV6"` 49 | } 50 | 51 | type dataTpl struct { 52 | Head string `json:"head"` 53 | Value string `json:"value"` 54 | } 55 | 56 | type conf struct { 57 | Version string `json:"version"` 58 | Debug bool `json:"debug"` 59 | UseEmbeddedData bool `json:"useEmbeddedData"` 60 | Proxifier struct { 61 | LogPath string `json:"logPath"` 62 | } `json:"proxifier"` 63 | Sysmon struct { 64 | EvtxPath string `json:"evtxPath"` 65 | } `json:"sysmon"` 66 | Wireshark struct { 67 | PcapngPath string `json:"pcapngPath"` 68 | Capture struct { 69 | Interface int `json:"interface"` 70 | Filter string `json:"filter"` 71 | } `json:"capture"` 72 | } `json:"wireshark"` 73 | Exclude struct { 74 | Ips []string `json:"ips"` 75 | Hosts []string `json:"hosts"` 76 | Orgs []string `json:"orgs"` 77 | } `json:"exclude"` 78 | } 79 | 80 | type settings struct { 81 | Uris struct { 82 | LatestVersion string `json:"latestVersion"` 83 | Threatcrowd string `json:"threatcrowd"` 84 | Whatis string `json:"whatis"` 85 | Dnsquery string `json:"dnsquery"` 86 | Ipapi string `json:"ipapi"` 87 | Ipinfo string `json:"ipinfo"` 88 | Ipnf string `json:"ipnf"` 89 | Ip6 string `json:"ip6"` 90 | } `json:"uris"` 91 | Libs struct { 92 | Wireshark32 Lib `json:"wireshark_32"` 93 | Wireshark64 Lib `json:"wireshark_64"` 94 | Npcap Lib `json:"npcap"` 95 | Sysmon Lib `json:"sysmon"` 96 | } `json:"libs"` 97 | DataTpl struct { 98 | Dnscrypt dataTpl `json:"dnscrypt"` 99 | Eset dataTpl `json:"eset"` 100 | Kaspersky dataTpl `json:"kaspersky"` 101 | Openwrt struct { 102 | Ip dataTpl `json:"ip"` 103 | Domains dataTpl `json:"domains"` 104 | } `json:"openwrt"` 105 | P2p dataTpl `json:"p2p"` 106 | Proxifier struct { 107 | Ip dataTpl `json:"ip"` 108 | Domains dataTpl `json:"domains"` 109 | } `json:"proxifier"` 110 | Simplewall dataTpl `json:"simplewall"` 111 | } `json:"dataTpl"` 112 | Proxifier struct { 113 | UnvalidLines []string `json:"unvalidLines"` 114 | } `json:"proxifier"` 115 | Sysmon struct { 116 | EvtxPath string `json:"evtxPath"` 117 | } `json:"sysmon"` 118 | Ncsi struct { 119 | Reg struct { 120 | Key string `json:"key"` 121 | WebProbeHost string `json:"webProbeHost"` 122 | WebProbePath string `json:"webProbePath"` 123 | WebProbeContent string `json:"webProbeContent"` 124 | WebProbeHostV6 string `json:"webProbeHostV6"` 125 | WebProbePathV6 string `json:"webProbePathV6"` 126 | WebProbeContentV6 string `json:"webProbeContentV6"` 127 | DnsProbeHost string `json:"dnsProbeHost"` 128 | DnsProbeContent string `json:"dnsProbeContent"` 129 | DnsProbeHostV6 string `json:"dnsProbeHostV6"` 130 | DnsProbeContentV6 string `json:"dnsProbeContentV6"` 131 | } `json:"reg"` 132 | Probes struct { 133 | Microsoft NcsiProbe `json:"microsoft"` 134 | Debian NcsiProbe `json:"debian"` 135 | Firefox NcsiProbe `json:"firefox"` 136 | } `json:"probes"` 137 | } `json:"ncsi"` 138 | WilcardSubdomains []string `json:"wilcardSubdomains"` 139 | } 140 | 141 | func init() { 142 | var err error 143 | var old conf 144 | 145 | cfgPath := path.Join(pathu.Current, "app.conf") 146 | 147 | // Load default config 148 | defaultConf, err := bindata.Asset("app.conf") 149 | if err != nil { 150 | err = fmt.Errorf("Cannot load asset app.conf: %s", err.Error()) 151 | print.QuitFatal(err) 152 | } 153 | err = json.Unmarshal(defaultConf, &App) 154 | if err != nil { 155 | err = fmt.Errorf("Cannot unmarshall defaultConf: %s", err.Error()) 156 | print.QuitFatal(err) 157 | } 158 | newVersion := App.Version 159 | 160 | // Create conf if not exists 161 | if _, err := os.Stat(cfgPath); err != nil { 162 | err = os.WriteFile(cfgPath, defaultConf, 0644) 163 | if err != nil { 164 | err = fmt.Errorf("Cannot write file %s: %s", strings.TrimLeft(cfgPath, pathu.Current), err.Error()) 165 | print.QuitFatal(err) 166 | } 167 | } 168 | 169 | // Load current config 170 | raw, err := os.ReadFile(cfgPath) 171 | if err != nil { 172 | err = fmt.Errorf("Cannot read %s: %s", strings.TrimLeft(cfgPath, pathu.Current), err.Error()) 173 | print.QuitFatal(err) 174 | } 175 | err = json.Unmarshal(raw, &old) 176 | if err != nil { 177 | err = fmt.Errorf("Cannot unmarshall %s: %s", strings.TrimLeft(cfgPath, pathu.Current), err.Error()) 178 | print.QuitFatal(err) 179 | } 180 | 181 | // Perform upgrade if different version 182 | if newVersion != old.Version { 183 | if err := performUpgrade(); err != nil { 184 | print.QuitFatal(err) 185 | } 186 | } 187 | 188 | // Merge config 189 | err = json.Unmarshal(raw, &App) 190 | if err != nil { 191 | err = fmt.Errorf("Cannot unmarshall %s: %s", strings.TrimLeft(cfgPath, pathu.Current), err.Error()) 192 | print.QuitFatal(err) 193 | } 194 | App.Version = newVersion 195 | 196 | // Write config 197 | cfgJson, _ := json.MarshalIndent(App, "", " ") 198 | if err != nil { 199 | err = fmt.Errorf("Cannot marshal config: %s", err.Error()) 200 | print.QuitFatal(err) 201 | } 202 | err = os.WriteFile(cfgPath, cfgJson, 0644) 203 | if err != nil { 204 | err = fmt.Errorf("Cannot write file %s: %s", strings.TrimLeft(cfgPath, pathu.Current), err.Error()) 205 | print.QuitFatal(err) 206 | } 207 | 208 | // Load settings 209 | rawSettings, err := bindata.Asset("app/settings.json") 210 | if err != nil { 211 | err = fmt.Errorf("Cannot load asset settings.json: %s", err.Error()) 212 | print.QuitFatal(err) 213 | } 214 | err = json.Unmarshal(rawSettings, &Settings) 215 | if err != nil { 216 | err = fmt.Errorf("Cannot unmarshall settings: %s", err.Error()) 217 | print.QuitFatal(err) 218 | } 219 | } 220 | 221 | func performUpgrade() error { 222 | // Remove content of libs folder 223 | if err := file.RemoveContents(pathu.Libs); err != nil { 224 | return err 225 | } 226 | 227 | return nil 228 | } 229 | -------------------------------------------------------------------------------- /data/firewall/update.txt: -------------------------------------------------------------------------------- 1 | ### WindowsSpyBlocker - Firewall update rules 2 | ### License: MIT 3 | ### Updated: 2022-05-16T13:25:00Z02:12 4 | ### Donate: https://github.com/sponsors/crazy-max ; https://www.paypal.me/crazyws 5 | ### More info: https://github.com/crazy-max/WindowsSpyBlocker 6 | 7 | 13.68.87.47 8 | 13.68.87.175 9 | 13.68.88.129 10 | 13.68.93.109 11 | 13.74.179.117 12 | 13.78.168.230 13 | 13.78.177.144 14 | 13.78.179.199 15 | 13.78.180.50 16 | 13.78.180.90 17 | 13.78.184.44 18 | 13.78.184.186 19 | 13.78.186.254 20 | 13.78.187.58 21 | 13.78.230.134 22 | 13.83.148.218 23 | 13.83.148.235 24 | 13.83.149.5 25 | 13.83.149.67 26 | 13.83.151.160 27 | 13.86.124.174 28 | 13.86.124.184 29 | 13.86.124.191 30 | 13.91.16.64 31 | 13.91.16.65 32 | 13.91.16.66 33 | 13.91.16.67 34 | 13.91.16.68 35 | 13.91.16.69 36 | 13.91.16.70 37 | 13.91.16.71 38 | 13.92.211.120 39 | 13.107.4.50 40 | 13.107.4.52 41 | 13.107.4.254 42 | 20.36.222.39 43 | 20.36.252.130 44 | 20.41.41.23 45 | 20.42.24.29 46 | 20.42.24.50 47 | 20.44.77.24 48 | 20.44.77.45 49 | 20.44.77.49 50 | 20.44.77.219 51 | 20.45.4.77 52 | 20.45.4.178 53 | 20.54.24.69 54 | 20.54.24.79 55 | 20.54.24.148 56 | 20.54.24.169 57 | 20.54.24.231 58 | 20.54.24.246 59 | 20.54.25.4 60 | 20.54.25.16 61 | 20.54.89.15 62 | 20.54.89.106 63 | 20.54.110.119 64 | 20.54.110.249 65 | 20.62.190.184 66 | 20.62.190.185 67 | 20.62.190.186 68 | 20.62.190.187 69 | 20.62.190.188 70 | 20.62.190.189 71 | 20.62.190.190 72 | 20.62.190.191 73 | 20.83.81.160 74 | 20.83.81.161 75 | 20.83.81.162 76 | 20.83.81.163 77 | 20.83.81.164 78 | 20.83.81.165 79 | 20.185.109.208 80 | 20.186.48.46 81 | 20.188.74.161 82 | 20.188.78.184 83 | 20.188.78.185 84 | 20.188.78.187 85 | 20.188.78.188 86 | 20.188.78.189 87 | 20.190.3.175 88 | 20.190.9.86 89 | 20.191.46.109 90 | 20.191.46.211 91 | 20.199.120.85 92 | 20.199.120.151 93 | 20.199.120.182 94 | 23.103.189.125 95 | 23.103.189.126 96 | 23.103.189.157 97 | 23.103.189.158 98 | 40.67.248.104 99 | 40.67.251.132 100 | 40.67.251.134 101 | 40.67.252.175 102 | 40.67.252.206 103 | 40.67.253.249 104 | 40.67.254.36 105 | 40.67.254.97 106 | 40.67.255.199 107 | 40.69.216.73 108 | 40.69.216.129 109 | 40.69.216.251 110 | 40.69.218.62 111 | 40.69.219.197 112 | 40.69.220.46 113 | 40.69.221.239 114 | 40.69.222.109 115 | 40.69.223.39 116 | 40.69.223.198 117 | 40.70.224.144 118 | 40.70.224.145 119 | 40.70.224.147 120 | 40.70.224.148 121 | 40.70.224.149 122 | 40.70.229.150 123 | 40.77.18.167 124 | 40.77.224.8 125 | 40.77.224.11 126 | 40.77.224.145 127 | 40.77.224.254 128 | 40.77.226.13 129 | 40.77.226.181 130 | 40.77.226.246 131 | 40.77.226.247 132 | 40.77.226.248 133 | 40.77.226.249 134 | 40.77.226.250 135 | 40.77.229.8 136 | 40.77.229.9 137 | 40.77.229.12 138 | 40.77.229.13 139 | 40.77.229.16 140 | 40.77.229.21 141 | 40.77.229.22 142 | 40.77.229.24 143 | 40.77.229.26 144 | 40.77.229.27 145 | 40.77.229.29 146 | 40.77.229.30 147 | 40.77.229.32 148 | 40.77.229.35 149 | 40.77.229.38 150 | 40.77.229.44 151 | 40.77.229.45 152 | 40.77.229.50 153 | 40.77.229.53 154 | 40.77.229.62 155 | 40.77.229.65 156 | 40.77.229.67 157 | 40.77.229.69 158 | 40.77.229.70 159 | 40.77.229.71 160 | 40.77.229.74 161 | 40.77.229.76 162 | 40.77.229.80 163 | 40.77.229.81 164 | 40.77.229.82 165 | 40.77.229.88 166 | 40.77.229.118 167 | 40.77.229.123 168 | 40.77.229.128 169 | 40.77.229.133 170 | 40.77.229.141 171 | 40.77.229.199 172 | 40.79.65.78 173 | 40.79.65.123 174 | 40.79.65.235 175 | 40.79.65.237 176 | 40.79.66.194 177 | 40.79.66.209 178 | 40.79.67.176 179 | 40.79.70.158 180 | 40.91.73.169 181 | 40.91.73.219 182 | 40.91.75.5 183 | 40.91.80.89 184 | 40.91.91.94 185 | 40.91.120.196 186 | 40.91.122.44 187 | 40.125.122.151 188 | 40.125.122.176 189 | 51.103.5.159 190 | 51.103.5.186 191 | 51.104.162.50 192 | 51.104.162.168 193 | 51.104.164.114 194 | 51.104.167.48 195 | 51.104.167.186 196 | 51.104.167.245 197 | 51.104.167.255 198 | 51.105.249.223 199 | 51.105.249.228 200 | 51.105.249.239 201 | 52.142.21.136 202 | 52.137.102.105 203 | 52.137.103.96 204 | 52.137.103.130 205 | 52.137.110.235 206 | 52.142.21.137 207 | 52.142.21.139 208 | 52.142.21.140 209 | 52.142.21.141 210 | 52.143.80.209 211 | 52.143.81.222 212 | 52.143.84.45 213 | 52.143.86.214 214 | 52.143.87.28 215 | 52.147.176.8 216 | 52.148.148.114 217 | 52.152.108.96 218 | 52.152.110.14 219 | 52.155.95.90 220 | 52.155.115.56 221 | 52.155.169.137 222 | 52.155.183.99 223 | 52.155.217.156 224 | 52.155.223.194 225 | 52.156.144.83 226 | 52.158.114.119 227 | 52.158.122.14 228 | 52.161.15.246 229 | 52.164.221.179 230 | 52.164.226.245 231 | 52.167.222.82 232 | 52.167.222.147 233 | 52.167.223.135 234 | 52.169.82.131 235 | 52.169.83.3 236 | 52.169.87.42 237 | 52.169.123.48 238 | 52.175.23.79 239 | 52.177.164.251 240 | 52.177.247.15 241 | 52.178.192.146 242 | 52.179.216.235 243 | 52.179.219.14 244 | 52.183.47.176 245 | 52.183.118.171 246 | 52.184.152.136 247 | 52.184.155.206 248 | 52.184.212.181 249 | 52.184.213.21 250 | 52.184.213.187 251 | 52.184.214.53 252 | 52.184.214.123 253 | 52.184.214.139 254 | 52.184.216.174 255 | 52.184.216.226 256 | 52.184.216.246 257 | 52.184.217.20 258 | 52.184.217.37 259 | 52.184.217.56 260 | 52.187.60.107 261 | 52.188.72.233 262 | 52.226.130.114 263 | 52.229.170.171 264 | 52.229.170.224 265 | 52.229.171.86 266 | 52.229.171.202 267 | 52.229.172.155 268 | 52.229.174.29 269 | 52.229.174.172 270 | 52.229.174.233 271 | 52.229.175.79 272 | 52.230.216.17 273 | 52.230.216.157 274 | 52.230.220.159 275 | 52.230.223.92 276 | 52.230.223.167 277 | 52.232.225.93 278 | 52.238.248.1 279 | 52.238.248.2 280 | 52.238.248.3 281 | 52.238.248.4 282 | 52.238.248.5 283 | 52.238.248.6 284 | 52.238.248.7 285 | 52.242.97.97 286 | 52.242.101.226 287 | 52.242.231.32 288 | 52.242.231.33 289 | 52.242.231.35 290 | 52.242.231.36 291 | 52.242.231.37 292 | 52.243.153.146 293 | 52.248.96.36 294 | 52.249.24.101 295 | 52.249.36.200 296 | 52.249.36.205 297 | 52.249.36.206 298 | 52.249.36.207 299 | 52.249.58.51 300 | 52.250.46.232 301 | 52.250.46.237 302 | 52.250.46.238 303 | 52.250.195.200 304 | 52.250.195.204 305 | 52.250.195.206 306 | 52.250.195.207 307 | 52.251.79.25 308 | 52.253.130.84 309 | 52.254.106.61 310 | 52.254.114.64 311 | 52.254.114.65 312 | 52.254.114.67 313 | 52.254.114.68 314 | 52.254.114.69 315 | 52.254.114.70 316 | 52.254.114.71 317 | 64.4.27.50 318 | 65.52.108.29 319 | 65.52.108.33 320 | 65.52.108.59 321 | 65.52.108.90 322 | 65.52.108.92 323 | 65.52.108.153 324 | 65.52.108.154 325 | 65.52.108.185 326 | 65.55.138.0-65.55.138.255 327 | 65.55.242.254 328 | 66.119.144.157 329 | 66.119.144.158 330 | 66.119.144.189 331 | 66.119.144.190 332 | 67.26.27.254 333 | 104.45.177.233 334 | 111.221.29.40 335 | 134.170.51.187 336 | 134.170.51.188 337 | 134.170.51.190 338 | 134.170.51.246 339 | 134.170.51.247 340 | 134.170.51.248 341 | 134.170.53.29 342 | 134.170.53.30 343 | 134.170.58.0-134.170.58.255 344 | 134.170.115.55 345 | 134.170.115.56 346 | 134.170.115.60 347 | 134.170.115.62 348 | 134.170.165.248 349 | 134.170.165.249 350 | 134.170.165.251 351 | 134.170.165.253 352 | 137.135.62.92 353 | 157.55.133.204 354 | 157.55.240.89 355 | 157.55.240.126 356 | 157.55.240.220 357 | 157.56.77.138 358 | 157.56.77.139 359 | 157.56.77.140 360 | 157.56.77.141 361 | 157.56.77.148 362 | 157.56.77.149 363 | 157.56.96.54 364 | 157.56.96.58 365 | 157.56.96.123 366 | 157.56.96.157 367 | 191.232.80.53 368 | 191.232.80.58 369 | 191.232.80.60 370 | 191.232.80.62 371 | 191.232.139.2 372 | 191.232.139.182 373 | 191.232.139.253 374 | 191.232.139.254 375 | 191.234.72.183 376 | 191.234.72.186 377 | 191.234.72.188 378 | 191.234.72.190 379 | 207.46.114.58 380 | 207.46.114.61 381 | -------------------------------------------------------------------------------- /data/proxifier/update/ips.txt: -------------------------------------------------------------------------------- 1 | 13.68.87.47; 2 | 13.68.87.175; 3 | 13.68.88.129; 4 | 13.68.93.109; 5 | 13.74.179.117; 6 | 13.78.168.230; 7 | 13.78.177.144; 8 | 13.78.179.199; 9 | 13.78.180.50; 10 | 13.78.180.90; 11 | 13.78.184.44; 12 | 13.78.184.186; 13 | 13.78.186.254; 14 | 13.78.187.58; 15 | 13.78.230.134; 16 | 13.83.148.218; 17 | 13.83.148.235; 18 | 13.83.149.5; 19 | 13.83.149.67; 20 | 13.83.151.160; 21 | 13.86.124.174; 22 | 13.86.124.184; 23 | 13.86.124.191; 24 | 13.91.16.64; 25 | 13.91.16.65; 26 | 13.91.16.66; 27 | 13.91.16.67; 28 | 13.91.16.68; 29 | 13.91.16.69; 30 | 13.91.16.70; 31 | 13.91.16.71; 32 | 13.92.211.120; 33 | 13.107.4.50; 34 | 13.107.4.52; 35 | 13.107.4.254; 36 | 20.36.222.39; 37 | 20.36.252.130; 38 | 20.41.41.23; 39 | 20.42.24.29; 40 | 20.42.24.50; 41 | 20.44.77.24; 42 | 20.44.77.45; 43 | 20.44.77.49; 44 | 20.44.77.219; 45 | 20.45.4.77; 46 | 20.45.4.178; 47 | 20.54.24.69; 48 | 20.54.24.79; 49 | 20.54.24.148; 50 | 20.54.24.169; 51 | 20.54.24.231; 52 | 20.54.24.246; 53 | 20.54.25.4; 54 | 20.54.25.16; 55 | 20.54.89.15; 56 | 20.54.89.106; 57 | 20.54.110.119; 58 | 20.54.110.249; 59 | 20.62.190.184; 60 | 20.62.190.185; 61 | 20.62.190.186; 62 | 20.62.190.187; 63 | 20.62.190.188; 64 | 20.62.190.189; 65 | 20.62.190.190; 66 | 20.62.190.191; 67 | 20.83.81.160; 68 | 20.83.81.161; 69 | 20.83.81.162; 70 | 20.83.81.163; 71 | 20.83.81.164; 72 | 20.83.81.165; 73 | 20.185.109.208; 74 | 20.186.48.46; 75 | 20.188.74.161; 76 | 20.188.78.184; 77 | 20.188.78.185; 78 | 20.188.78.187; 79 | 20.188.78.188; 80 | 20.188.78.189; 81 | 20.190.3.175; 82 | 20.190.9.86; 83 | 20.191.46.109; 84 | 20.191.46.211; 85 | 20.199.120.85; 86 | 20.199.120.151; 87 | 20.199.120.182; 88 | 23.103.189.125; 89 | 23.103.189.126; 90 | 23.103.189.157; 91 | 23.103.189.158; 92 | 40.67.248.104; 93 | 40.67.251.132; 94 | 40.67.251.134; 95 | 40.67.252.175; 96 | 40.67.252.206; 97 | 40.67.253.249; 98 | 40.67.254.36; 99 | 40.67.254.97; 100 | 40.67.255.199; 101 | 40.69.216.73; 102 | 40.69.216.129; 103 | 40.69.216.251; 104 | 40.69.218.62; 105 | 40.69.219.197; 106 | 40.69.220.46; 107 | 40.69.221.239; 108 | 40.69.222.109; 109 | 40.69.223.39; 110 | 40.69.223.198; 111 | 40.70.224.144; 112 | 40.70.224.145; 113 | 40.70.224.147; 114 | 40.70.224.148; 115 | 40.70.224.149; 116 | 40.70.229.150; 117 | 40.77.18.167; 118 | 40.77.224.8; 119 | 40.77.224.11; 120 | 40.77.224.145; 121 | 40.77.224.254; 122 | 40.77.226.13; 123 | 40.77.226.181; 124 | 40.77.226.246; 125 | 40.77.226.247; 126 | 40.77.226.248; 127 | 40.77.226.249; 128 | 40.77.226.250; 129 | 40.77.229.8; 130 | 40.77.229.9; 131 | 40.77.229.12; 132 | 40.77.229.13; 133 | 40.77.229.16; 134 | 40.77.229.21; 135 | 40.77.229.22; 136 | 40.77.229.24; 137 | 40.77.229.26; 138 | 40.77.229.27; 139 | 40.77.229.29; 140 | 40.77.229.30; 141 | 40.77.229.32; 142 | 40.77.229.35; 143 | 40.77.229.38; 144 | 40.77.229.44; 145 | 40.77.229.45; 146 | 40.77.229.50; 147 | 40.77.229.53; 148 | 40.77.229.62; 149 | 40.77.229.65; 150 | 40.77.229.67; 151 | 40.77.229.69; 152 | 40.77.229.70; 153 | 40.77.229.71; 154 | 40.77.229.74; 155 | 40.77.229.76; 156 | 40.77.229.80; 157 | 40.77.229.81; 158 | 40.77.229.82; 159 | 40.77.229.88; 160 | 40.77.229.118; 161 | 40.77.229.123; 162 | 40.77.229.128; 163 | 40.77.229.133; 164 | 40.77.229.141; 165 | 40.77.229.199; 166 | 40.79.65.78; 167 | 40.79.65.123; 168 | 40.79.65.235; 169 | 40.79.65.237; 170 | 40.79.66.194; 171 | 40.79.66.209; 172 | 40.79.67.176; 173 | 40.79.70.158; 174 | 40.91.73.169; 175 | 40.91.73.219; 176 | 40.91.75.5; 177 | 40.91.80.89; 178 | 40.91.91.94; 179 | 40.91.120.196; 180 | 40.91.122.44; 181 | 40.125.122.151; 182 | 40.125.122.176; 183 | 51.103.5.159; 184 | 51.103.5.186; 185 | 51.104.162.50; 186 | 51.104.162.168; 187 | 51.104.164.114; 188 | 51.104.167.48; 189 | 51.104.167.186; 190 | 51.104.167.245; 191 | 51.104.167.255; 192 | 51.105.249.223; 193 | 51.105.249.228; 194 | 51.105.249.239; 195 | 52.137.102.105; 196 | 52.137.103.96; 197 | 52.137.103.130; 198 | 52.137.110.235; 199 | 52.142.21.136; 200 | 52.142.21.137; 201 | 52.142.21.139; 202 | 52.142.21.140; 203 | 52.142.21.141; 204 | 52.143.80.209; 205 | 52.143.81.222; 206 | 52.143.84.45; 207 | 52.143.86.214; 208 | 52.143.87.28; 209 | 52.147.176.8; 210 | 52.148.148.114; 211 | 52.152.108.96; 212 | 52.152.110.14; 213 | 52.155.95.90; 214 | 52.155.115.56; 215 | 52.155.169.137; 216 | 52.155.183.99; 217 | 52.155.217.156; 218 | 52.155.223.194; 219 | 52.156.144.83; 220 | 52.158.114.119; 221 | 52.158.122.14; 222 | 52.161.15.246; 223 | 52.164.221.179; 224 | 52.164.226.245; 225 | 52.167.222.82; 226 | 52.167.222.147; 227 | 52.167.223.135; 228 | 52.169.82.131; 229 | 52.169.83.3; 230 | 52.169.87.42; 231 | 52.169.123.48; 232 | 52.175.23.79; 233 | 52.177.164.251; 234 | 52.177.247.15; 235 | 52.178.192.146; 236 | 52.179.216.235; 237 | 52.179.219.14; 238 | 52.183.47.176; 239 | 52.183.118.171; 240 | 52.184.152.136; 241 | 52.184.155.206; 242 | 52.184.212.181; 243 | 52.184.213.21; 244 | 52.184.213.187; 245 | 52.184.214.53; 246 | 52.184.214.123; 247 | 52.184.214.139; 248 | 52.184.216.174; 249 | 52.184.216.226; 250 | 52.184.216.246; 251 | 52.184.217.20; 252 | 52.184.217.37; 253 | 52.184.217.56; 254 | 52.187.60.107; 255 | 52.188.72.233; 256 | 52.226.130.114; 257 | 52.229.170.171; 258 | 52.229.170.224; 259 | 52.229.171.86; 260 | 52.229.171.202; 261 | 52.229.172.155; 262 | 52.229.174.29; 263 | 52.229.174.172; 264 | 52.229.174.233; 265 | 52.229.175.79; 266 | 52.230.216.17; 267 | 52.230.216.157; 268 | 52.230.220.159; 269 | 52.230.223.92; 270 | 52.230.223.167; 271 | 52.232.225.93; 272 | 52.238.248.1; 273 | 52.238.248.2; 274 | 52.238.248.3; 275 | 52.238.248.4; 276 | 52.238.248.5; 277 | 52.238.248.6; 278 | 52.238.248.7; 279 | 52.242.97.97; 280 | 52.242.101.226; 281 | 52.242.231.32; 282 | 52.242.231.33; 283 | 52.242.231.35; 284 | 52.242.231.36; 285 | 52.242.231.37; 286 | 52.243.153.146; 287 | 52.248.96.36; 288 | 52.249.24.101; 289 | 52.249.36.200; 290 | 52.249.36.205; 291 | 52.249.36.206; 292 | 52.249.36.207; 293 | 52.249.58.51; 294 | 52.250.46.232; 295 | 52.250.46.237; 296 | 52.250.46.238; 297 | 52.250.195.200; 298 | 52.250.195.204; 299 | 52.250.195.206; 300 | 52.250.195.207; 301 | 52.251.79.25; 302 | 52.253.130.84; 303 | 52.254.106.61; 304 | 52.254.114.64; 305 | 52.254.114.65; 306 | 52.254.114.67; 307 | 52.254.114.68; 308 | 52.254.114.69; 309 | 52.254.114.70; 310 | 52.254.114.71; 311 | 64.4.27.50; 312 | 65.52.108.29; 313 | 65.52.108.33; 314 | 65.52.108.59; 315 | 65.52.108.90; 316 | 65.52.108.92; 317 | 65.52.108.153; 318 | 65.52.108.154; 319 | 65.52.108.185; 320 | 65.55.138.0-65.55.138.255; 321 | 65.55.242.254; 322 | 66.119.144.157; 323 | 66.119.144.158; 324 | 66.119.144.189; 325 | 66.119.144.190; 326 | 67.26.27.254; 327 | 104.45.177.233; 328 | 111.221.29.40; 329 | 134.170.51.187; 330 | 134.170.51.188; 331 | 134.170.51.190; 332 | 134.170.51.246; 333 | 134.170.51.247; 334 | 134.170.51.248; 335 | 134.170.53.29; 336 | 134.170.53.30; 337 | 134.170.58.0-134.170.58.255; 338 | 134.170.115.55; 339 | 134.170.115.56; 340 | 134.170.115.60; 341 | 134.170.115.62; 342 | 134.170.165.248; 343 | 134.170.165.249; 344 | 134.170.165.251; 345 | 134.170.165.253; 346 | 137.135.62.92; 347 | 157.55.133.204; 348 | 157.55.240.89; 349 | 157.55.240.126; 350 | 157.55.240.220; 351 | 157.56.77.138; 352 | 157.56.77.139; 353 | 157.56.77.140; 354 | 157.56.77.141; 355 | 157.56.77.148; 356 | 157.56.77.149; 357 | 157.56.96.54; 358 | 157.56.96.58; 359 | 157.56.96.123; 360 | 157.56.96.157; 361 | 191.232.80.53; 362 | 191.232.80.58; 363 | 191.232.80.60; 364 | 191.232.80.62; 365 | 191.232.139.2; 366 | 191.232.139.182; 367 | 191.232.139.253; 368 | 191.232.139.254; 369 | 191.234.72.183; 370 | 191.234.72.186; 371 | 191.234.72.188; 372 | 191.234.72.190; 373 | 207.46.114.58; 374 | 207.46.114.61; 375 | -------------------------------------------------------------------------------- /data/kaspersky/update.txt: -------------------------------------------------------------------------------- 1 | ### WindowsSpyBlocker - Kaspersky ips update rules 2 | ### License: MIT 3 | ### More info: https://github.com/crazy-max/WindowsSpyBlocker 4 | 5 | 13.68.87.47, 6 | 13.68.87.175, 7 | 13.68.88.129, 8 | 13.68.93.109, 9 | 13.74.179.117, 10 | 13.78.168.230, 11 | 13.78.177.144, 12 | 13.78.179.199, 13 | 13.78.180.50, 14 | 13.78.180.90, 15 | 13.78.184.44, 16 | 13.78.184.186, 17 | 13.78.186.254, 18 | 13.78.187.58, 19 | 13.78.230.134, 20 | 13.83.148.218, 21 | 13.83.148.235, 22 | 13.83.149.5, 23 | 13.83.149.67, 24 | 13.83.151.160, 25 | 13.86.124.174, 26 | 13.86.124.184, 27 | 13.86.124.191, 28 | 13.91.16.64, 29 | 13.91.16.65, 30 | 13.91.16.66, 31 | 13.91.16.67, 32 | 13.91.16.68, 33 | 13.91.16.69, 34 | 13.91.16.70, 35 | 13.91.16.71, 36 | 13.92.211.120, 37 | 13.107.4.50, 38 | 13.107.4.52, 39 | 13.107.4.254, 40 | 20.36.222.39, 41 | 20.36.252.130, 42 | 20.41.41.23, 43 | 20.42.24.29, 44 | 20.42.24.50, 45 | 20.44.77.24, 46 | 20.44.77.45, 47 | 20.44.77.49, 48 | 20.44.77.219, 49 | 20.45.4.77, 50 | 20.45.4.178, 51 | 20.54.24.69, 52 | 20.54.24.79, 53 | 20.54.24.148, 54 | 20.54.24.169, 55 | 20.54.24.231, 56 | 20.54.24.246, 57 | 20.54.25.4, 58 | 20.54.25.16, 59 | 20.54.89.15, 60 | 20.54.89.106, 61 | 20.54.110.119, 62 | 20.54.110.249, 63 | 20.62.190.184, 64 | 20.62.190.185, 65 | 20.62.190.186, 66 | 20.62.190.187, 67 | 20.62.190.188, 68 | 20.62.190.189, 69 | 20.62.190.190, 70 | 20.62.190.191, 71 | 20.83.81.160, 72 | 20.83.81.161, 73 | 20.83.81.162, 74 | 20.83.81.163, 75 | 20.83.81.164, 76 | 20.83.81.165, 77 | 20.185.109.208, 78 | 20.186.48.46, 79 | 20.188.74.161, 80 | 20.188.78.184, 81 | 20.188.78.185, 82 | 20.188.78.187, 83 | 20.188.78.188, 84 | 20.188.78.189, 85 | 20.190.3.175, 86 | 20.190.9.86, 87 | 20.191.46.109, 88 | 20.191.46.211, 89 | 20.199.120.85, 90 | 20.199.120.151, 91 | 20.199.120.182, 92 | 23.103.189.125, 93 | 23.103.189.126, 94 | 23.103.189.157, 95 | 23.103.189.158, 96 | 40.67.248.104, 97 | 40.67.251.132, 98 | 40.67.251.134, 99 | 40.67.252.175, 100 | 40.67.252.206, 101 | 40.67.253.249, 102 | 40.67.254.36, 103 | 40.67.254.97, 104 | 40.67.255.199, 105 | 40.69.216.73, 106 | 40.69.216.129, 107 | 40.69.216.251, 108 | 40.69.218.62, 109 | 40.69.219.197, 110 | 40.69.220.46, 111 | 40.69.221.239, 112 | 40.69.222.109, 113 | 40.69.223.39, 114 | 40.69.223.198, 115 | 40.70.224.144, 116 | 40.70.224.145, 117 | 40.70.224.147, 118 | 40.70.224.148, 119 | 40.70.224.149, 120 | 40.70.229.150, 121 | 40.77.18.167, 122 | 40.77.224.8, 123 | 40.77.224.11, 124 | 40.77.224.145, 125 | 40.77.224.254, 126 | 40.77.226.13, 127 | 40.77.226.181, 128 | 40.77.226.246, 129 | 40.77.226.247, 130 | 40.77.226.248, 131 | 40.77.226.249, 132 | 40.77.226.250, 133 | 40.77.229.8, 134 | 40.77.229.9, 135 | 40.77.229.12, 136 | 40.77.229.13, 137 | 40.77.229.16, 138 | 40.77.229.21, 139 | 40.77.229.22, 140 | 40.77.229.24, 141 | 40.77.229.26, 142 | 40.77.229.27, 143 | 40.77.229.29, 144 | 40.77.229.30, 145 | 40.77.229.32, 146 | 40.77.229.35, 147 | 40.77.229.38, 148 | 40.77.229.44, 149 | 40.77.229.45, 150 | 40.77.229.50, 151 | 40.77.229.53, 152 | 40.77.229.62, 153 | 40.77.229.65, 154 | 40.77.229.67, 155 | 40.77.229.69, 156 | 40.77.229.70, 157 | 40.77.229.71, 158 | 40.77.229.74, 159 | 40.77.229.76, 160 | 40.77.229.80, 161 | 40.77.229.81, 162 | 40.77.229.82, 163 | 40.77.229.88, 164 | 40.77.229.118, 165 | 40.77.229.123, 166 | 40.77.229.128, 167 | 40.77.229.133, 168 | 40.77.229.141, 169 | 40.77.229.199, 170 | 40.79.65.78, 171 | 40.79.65.123, 172 | 40.79.65.235, 173 | 40.79.65.237, 174 | 40.79.66.194, 175 | 40.79.66.209, 176 | 40.79.67.176, 177 | 40.79.70.158, 178 | 40.91.73.169, 179 | 40.91.73.219, 180 | 40.91.75.5, 181 | 40.91.80.89, 182 | 40.91.91.94, 183 | 40.91.120.196, 184 | 40.91.122.44, 185 | 40.125.122.151, 186 | 40.125.122.176, 187 | 51.103.5.159, 188 | 51.103.5.186, 189 | 51.104.162.50, 190 | 51.104.162.168, 191 | 51.104.164.114, 192 | 51.104.167.48, 193 | 51.104.167.186, 194 | 51.104.167.245, 195 | 51.104.167.255, 196 | 51.105.249.223, 197 | 51.105.249.228, 198 | 51.105.249.239, 199 | 52.137.102.105, 200 | 52.137.103.96, 201 | 52.137.103.130, 202 | 52.137.110.235, 203 | 52.142.21.136, 204 | 52.142.21.137, 205 | 52.142.21.139, 206 | 52.142.21.140, 207 | 52.142.21.141, 208 | 52.143.80.209, 209 | 52.143.81.222, 210 | 52.143.84.45, 211 | 52.143.86.214, 212 | 52.143.87.28, 213 | 52.147.176.8, 214 | 52.148.148.114, 215 | 52.152.108.96, 216 | 52.152.110.14, 217 | 52.155.95.90, 218 | 52.155.115.56, 219 | 52.155.169.137, 220 | 52.155.183.99, 221 | 52.155.217.156, 222 | 52.155.223.194, 223 | 52.156.144.83, 224 | 52.158.114.119, 225 | 52.158.122.14, 226 | 52.161.15.246, 227 | 52.164.221.179, 228 | 52.164.226.245, 229 | 52.167.222.82, 230 | 52.167.222.147, 231 | 52.167.223.135, 232 | 52.169.82.131, 233 | 52.169.83.3, 234 | 52.169.87.42, 235 | 52.169.123.48, 236 | 52.175.23.79, 237 | 52.177.164.251, 238 | 52.177.247.15, 239 | 52.178.192.146, 240 | 52.179.216.235, 241 | 52.179.219.14, 242 | 52.183.47.176, 243 | 52.183.118.171, 244 | 52.184.152.136, 245 | 52.184.155.206, 246 | 52.184.212.181, 247 | 52.184.213.21, 248 | 52.184.213.187, 249 | 52.184.214.53, 250 | 52.184.214.123, 251 | 52.184.214.139, 252 | 52.184.216.174, 253 | 52.184.216.226, 254 | 52.184.216.246, 255 | 52.184.217.20, 256 | 52.184.217.37, 257 | 52.184.217.56, 258 | 52.187.60.107, 259 | 52.188.72.233, 260 | 52.226.130.114, 261 | 52.229.170.171, 262 | 52.229.170.224, 263 | 52.229.171.86, 264 | 52.229.171.202, 265 | 52.229.172.155, 266 | 52.229.174.29, 267 | 52.229.174.172, 268 | 52.229.174.233, 269 | 52.229.175.79, 270 | 52.230.216.17, 271 | 52.230.216.157, 272 | 52.230.220.159, 273 | 52.230.223.92, 274 | 52.230.223.167, 275 | 52.232.225.93, 276 | 52.238.248.1, 277 | 52.238.248.2, 278 | 52.238.248.3, 279 | 52.238.248.4, 280 | 52.238.248.5, 281 | 52.238.248.6, 282 | 52.238.248.7, 283 | 52.242.97.97, 284 | 52.242.101.226, 285 | 52.242.231.32, 286 | 52.242.231.33, 287 | 52.242.231.35, 288 | 52.242.231.36, 289 | 52.242.231.37, 290 | 52.243.153.146, 291 | 52.248.96.36, 292 | 52.249.24.101, 293 | 52.249.36.200, 294 | 52.249.36.205, 295 | 52.249.36.206, 296 | 52.249.36.207, 297 | 52.249.58.51, 298 | 52.250.46.232, 299 | 52.250.46.237, 300 | 52.250.46.238, 301 | 52.250.195.200, 302 | 52.250.195.204, 303 | 52.250.195.206, 304 | 52.250.195.207, 305 | 52.251.79.25, 306 | 52.253.130.84, 307 | 52.254.106.61, 308 | 52.254.114.64, 309 | 52.254.114.65, 310 | 52.254.114.67, 311 | 52.254.114.68, 312 | 52.254.114.69, 313 | 52.254.114.70, 314 | 52.254.114.71, 315 | 64.4.27.50, 316 | 65.52.108.29, 317 | 65.52.108.33, 318 | 65.52.108.59, 319 | 65.52.108.90, 320 | 65.52.108.92, 321 | 65.52.108.153, 322 | 65.52.108.154, 323 | 65.52.108.185, 324 | 65.55.138.0/24, 325 | 65.55.242.254, 326 | 66.119.144.157, 327 | 66.119.144.158, 328 | 66.119.144.189, 329 | 66.119.144.190, 330 | 67.26.27.254, 331 | 104.45.177.233, 332 | 111.221.29.40, 333 | 134.170.51.187, 334 | 134.170.51.188, 335 | 134.170.51.190, 336 | 134.170.51.246, 337 | 134.170.51.247, 338 | 134.170.51.248, 339 | 134.170.53.29, 340 | 134.170.53.30, 341 | 134.170.58.0/24, 342 | 134.170.115.55, 343 | 134.170.115.56, 344 | 134.170.115.60, 345 | 134.170.115.62, 346 | 134.170.165.248, 347 | 134.170.165.249, 348 | 134.170.165.251, 349 | 134.170.165.253, 350 | 137.135.62.92, 351 | 157.55.133.204, 352 | 157.55.240.89, 353 | 157.55.240.126, 354 | 157.55.240.220, 355 | 157.56.77.138, 356 | 157.56.77.139, 357 | 157.56.77.140, 358 | 157.56.77.141, 359 | 157.56.77.148, 360 | 157.56.77.149, 361 | 157.56.96.54, 362 | 157.56.96.58, 363 | 157.56.96.123, 364 | 157.56.96.157, 365 | 191.232.80.53, 366 | 191.232.80.58, 367 | 191.232.80.60, 368 | 191.232.80.62, 369 | 191.232.139.2, 370 | 191.232.139.182, 371 | 191.232.139.253, 372 | 191.232.139.254, 373 | 191.234.72.183, 374 | 191.234.72.186, 375 | 191.234.72.188, 376 | 191.234.72.190, 377 | 207.46.114.58, 378 | 207.46.114.61 379 | -------------------------------------------------------------------------------- /data/eset/update.txt: -------------------------------------------------------------------------------- 1 | ### WindowsSpyBlocker - ESET Firewall update rules 2 | ### License: MIT 3 | ### More info: https://github.com/crazy-max/WindowsSpyBlocker 4 | 5 | 13.68.87.47, 6 | 13.68.87.175, 7 | 13.68.88.129, 8 | 13.68.93.109, 9 | 13.74.179.117, 10 | 13.78.168.230, 11 | 13.78.177.144, 12 | 13.78.179.199, 13 | 13.78.180.50, 14 | 13.78.180.90, 15 | 13.78.184.44, 16 | 13.78.184.186, 17 | 13.78.186.254, 18 | 13.78.187.58, 19 | 13.78.230.134, 20 | 13.83.148.218, 21 | 13.83.148.235, 22 | 13.83.149.5, 23 | 13.83.149.67, 24 | 13.83.151.160, 25 | 13.86.124.174, 26 | 13.86.124.184, 27 | 13.86.124.191, 28 | 13.91.16.64, 29 | 13.91.16.65, 30 | 13.91.16.66, 31 | 13.91.16.67, 32 | 13.91.16.68, 33 | 13.91.16.69, 34 | 13.91.16.70, 35 | 13.91.16.71, 36 | 13.92.211.120, 37 | 13.107.4.50, 38 | 13.107.4.52, 39 | 13.107.4.254, 40 | 20.36.222.39, 41 | 20.36.252.130, 42 | 20.41.41.23, 43 | 20.42.24.29, 44 | 20.42.24.50, 45 | 20.44.77.24, 46 | 20.44.77.45, 47 | 20.44.77.49, 48 | 20.44.77.219, 49 | 20.45.4.77, 50 | 20.45.4.178, 51 | 20.54.24.69, 52 | 20.54.24.79, 53 | 20.54.24.148, 54 | 20.54.24.169, 55 | 20.54.24.231, 56 | 20.54.24.246, 57 | 20.54.25.4, 58 | 20.54.25.16, 59 | 20.54.89.15, 60 | 20.54.89.106, 61 | 20.54.110.119, 62 | 20.54.110.249, 63 | 20.62.190.184, 64 | 20.62.190.185, 65 | 20.62.190.186, 66 | 20.62.190.187, 67 | 20.62.190.188, 68 | 20.62.190.189, 69 | 20.62.190.190, 70 | 20.62.190.191, 71 | 20.83.81.160, 72 | 20.83.81.161, 73 | 20.83.81.162, 74 | 20.83.81.163, 75 | 20.83.81.164, 76 | 20.83.81.165, 77 | 20.185.109.208, 78 | 20.186.48.46, 79 | 20.188.74.161, 80 | 20.188.78.184, 81 | 20.188.78.185, 82 | 20.188.78.187, 83 | 20.188.78.188, 84 | 20.188.78.189, 85 | 20.190.3.175, 86 | 20.190.9.86, 87 | 20.191.46.109, 88 | 20.191.46.211, 89 | 20.199.120.85, 90 | 20.199.120.151, 91 | 20.199.120.182, 92 | 23.103.189.125, 93 | 23.103.189.126, 94 | 23.103.189.157, 95 | 23.103.189.158, 96 | 40.67.248.104, 97 | 40.67.251.132, 98 | 40.67.251.134, 99 | 40.67.252.175, 100 | 40.67.252.206, 101 | 40.67.253.249, 102 | 40.67.254.36, 103 | 40.67.254.97, 104 | 40.67.255.199, 105 | 40.69.216.73, 106 | 40.69.216.129, 107 | 40.69.216.251, 108 | 40.69.218.62, 109 | 40.69.219.197, 110 | 40.69.220.46, 111 | 40.69.221.239, 112 | 40.69.222.109, 113 | 40.69.223.39, 114 | 40.69.223.198, 115 | 40.70.224.144, 116 | 40.70.224.145, 117 | 40.70.224.147, 118 | 40.70.224.148, 119 | 40.70.224.149, 120 | 40.70.229.150, 121 | 40.77.18.167, 122 | 40.77.224.8, 123 | 40.77.224.11, 124 | 40.77.224.145, 125 | 40.77.224.254, 126 | 40.77.226.13, 127 | 40.77.226.181, 128 | 40.77.226.246, 129 | 40.77.226.247, 130 | 40.77.226.248, 131 | 40.77.226.249, 132 | 40.77.226.250, 133 | 40.77.229.8, 134 | 40.77.229.9, 135 | 40.77.229.12, 136 | 40.77.229.13, 137 | 40.77.229.16, 138 | 40.77.229.21, 139 | 40.77.229.22, 140 | 40.77.229.24, 141 | 40.77.229.26, 142 | 40.77.229.27, 143 | 40.77.229.29, 144 | 40.77.229.30, 145 | 40.77.229.32, 146 | 40.77.229.35, 147 | 40.77.229.38, 148 | 40.77.229.44, 149 | 40.77.229.45, 150 | 40.77.229.50, 151 | 40.77.229.53, 152 | 40.77.229.62, 153 | 40.77.229.65, 154 | 40.77.229.67, 155 | 40.77.229.69, 156 | 40.77.229.70, 157 | 40.77.229.71, 158 | 40.77.229.74, 159 | 40.77.229.76, 160 | 40.77.229.80, 161 | 40.77.229.81, 162 | 40.77.229.82, 163 | 40.77.229.88, 164 | 40.77.229.118, 165 | 40.77.229.123, 166 | 40.77.229.128, 167 | 40.77.229.133, 168 | 40.77.229.141, 169 | 40.77.229.199, 170 | 40.79.65.78, 171 | 40.79.65.123, 172 | 40.79.65.235, 173 | 40.79.65.237, 174 | 40.79.66.194, 175 | 40.79.66.209, 176 | 40.79.67.176, 177 | 40.79.70.158, 178 | 40.91.73.169, 179 | 40.91.73.219, 180 | 40.91.75.5, 181 | 40.91.80.89, 182 | 40.91.91.94, 183 | 40.91.120.196, 184 | 40.91.122.44, 185 | 40.125.122.151, 186 | 40.125.122.176, 187 | 51.103.5.159, 188 | 51.103.5.186, 189 | 51.104.162.50, 190 | 51.104.162.168, 191 | 51.104.164.114, 192 | 51.104.167.48, 193 | 51.104.167.186, 194 | 51.104.167.245, 195 | 51.104.167.255, 196 | 51.105.249.223, 197 | 51.105.249.228, 198 | 51.105.249.239, 199 | 52.137.102.105, 200 | 52.137.103.96, 201 | 52.137.103.130, 202 | 52.137.110.235, 203 | 52.142.21.136, 204 | 52.142.21.137, 205 | 52.142.21.139, 206 | 52.142.21.140, 207 | 52.142.21.141, 208 | 52.143.80.209, 209 | 52.143.81.222, 210 | 52.143.84.45, 211 | 52.143.86.214, 212 | 52.143.87.28, 213 | 52.147.176.8, 214 | 52.148.148.114, 215 | 52.152.108.96, 216 | 52.152.110.14, 217 | 52.155.95.90, 218 | 52.155.115.56, 219 | 52.155.169.137, 220 | 52.155.183.99, 221 | 52.155.217.156, 222 | 52.155.223.194, 223 | 52.156.144.83, 224 | 52.158.114.119, 225 | 52.158.122.14, 226 | 52.161.15.246, 227 | 52.164.221.179, 228 | 52.164.226.245, 229 | 52.167.222.82, 230 | 52.167.222.147, 231 | 52.167.223.135, 232 | 52.169.82.131, 233 | 52.169.83.3, 234 | 52.169.87.42, 235 | 52.169.123.48, 236 | 52.175.23.79, 237 | 52.177.164.251, 238 | 52.177.247.15, 239 | 52.178.192.146, 240 | 52.179.216.235, 241 | 52.179.219.14, 242 | 52.183.47.176, 243 | 52.183.118.171, 244 | 52.184.152.136, 245 | 52.184.155.206, 246 | 52.184.212.181, 247 | 52.184.213.21, 248 | 52.184.213.187, 249 | 52.184.214.53, 250 | 52.184.214.123, 251 | 52.184.214.139, 252 | 52.184.216.174, 253 | 52.184.216.226, 254 | 52.184.216.246, 255 | 52.184.217.20, 256 | 52.184.217.37, 257 | 52.184.217.56, 258 | 52.187.60.107, 259 | 52.188.72.233, 260 | 52.226.130.114, 261 | 52.229.170.171, 262 | 52.229.170.224, 263 | 52.229.171.86, 264 | 52.229.171.202, 265 | 52.229.172.155, 266 | 52.229.174.29, 267 | 52.229.174.172, 268 | 52.229.174.233, 269 | 52.229.175.79, 270 | 52.230.216.17, 271 | 52.230.216.157, 272 | 52.230.220.159, 273 | 52.230.223.92, 274 | 52.230.223.167, 275 | 52.232.225.93, 276 | 52.238.248.1, 277 | 52.238.248.2, 278 | 52.238.248.3, 279 | 52.238.248.4, 280 | 52.238.248.5, 281 | 52.238.248.6, 282 | 52.238.248.7, 283 | 52.242.97.97, 284 | 52.242.101.226, 285 | 52.242.231.32, 286 | 52.242.231.33, 287 | 52.242.231.35, 288 | 52.242.231.36, 289 | 52.242.231.37, 290 | 52.243.153.146, 291 | 52.248.96.36, 292 | 52.249.24.101, 293 | 52.249.36.200, 294 | 52.249.36.205, 295 | 52.249.36.206, 296 | 52.249.36.207, 297 | 52.249.58.51, 298 | 52.250.46.232, 299 | 52.250.46.237, 300 | 52.250.46.238, 301 | 52.250.195.200, 302 | 52.250.195.204, 303 | 52.250.195.206, 304 | 52.250.195.207, 305 | 52.251.79.25, 306 | 52.253.130.84, 307 | 52.254.106.61, 308 | 52.254.114.64, 309 | 52.254.114.65, 310 | 52.254.114.67, 311 | 52.254.114.68, 312 | 52.254.114.69, 313 | 52.254.114.70, 314 | 52.254.114.71, 315 | 64.4.27.50, 316 | 65.52.108.29, 317 | 65.52.108.33, 318 | 65.52.108.59, 319 | 65.52.108.90, 320 | 65.52.108.92, 321 | 65.52.108.153, 322 | 65.52.108.154, 323 | 65.52.108.185, 324 | 65.55.138.0-65.55.138.255, 325 | 65.55.242.254, 326 | 66.119.144.157, 327 | 66.119.144.158, 328 | 66.119.144.189, 329 | 66.119.144.190, 330 | 67.26.27.254, 331 | 104.45.177.233, 332 | 111.221.29.40, 333 | 134.170.51.187, 334 | 134.170.51.188, 335 | 134.170.51.190, 336 | 134.170.51.246, 337 | 134.170.51.247, 338 | 134.170.51.248, 339 | 134.170.53.29, 340 | 134.170.53.30, 341 | 134.170.58.0-134.170.58.255, 342 | 134.170.115.55, 343 | 134.170.115.56, 344 | 134.170.115.60, 345 | 134.170.115.62, 346 | 134.170.165.248, 347 | 134.170.165.249, 348 | 134.170.165.251, 349 | 134.170.165.253, 350 | 137.135.62.92, 351 | 157.55.133.204, 352 | 157.55.240.89, 353 | 157.55.240.126, 354 | 157.55.240.220, 355 | 157.56.77.138, 356 | 157.56.77.139, 357 | 157.56.77.140, 358 | 157.56.77.141, 359 | 157.56.77.148, 360 | 157.56.77.149, 361 | 157.56.96.54, 362 | 157.56.96.58, 363 | 157.56.96.123, 364 | 157.56.96.157, 365 | 191.232.80.53, 366 | 191.232.80.58, 367 | 191.232.80.60, 368 | 191.232.80.62, 369 | 191.232.139.2, 370 | 191.232.139.182, 371 | 191.232.139.253, 372 | 191.232.139.254, 373 | 191.234.72.183, 374 | 191.234.72.186, 375 | 191.234.72.188, 376 | 191.234.72.190, 377 | 207.46.114.58, 378 | 207.46.114.61 379 | -------------------------------------------------------------------------------- /app/cmds/telemetry/firewall/firewall.go: -------------------------------------------------------------------------------- 1 | package firewall 2 | 3 | import ( 4 | "bytes" 5 | "errors" 6 | "fmt" 7 | "strings" 8 | "time" 9 | 10 | "github.com/akyoto/color" 11 | "github.com/crazy-max/WindowsSpyBlocker/app/menu" 12 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/cmd" 13 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/data" 14 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 15 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/stringsu" 16 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/timeu" 17 | ole "github.com/go-ole/go-ole" 18 | "github.com/go-ole/go-ole/oleutil" 19 | ) 20 | 21 | // PREFIX for firewall rule 22 | const PREFIX = "windowsSpyBlocker" 23 | 24 | // Menu of Firewall 25 | func Menu(args ...string) (err error) { 26 | menuCommands := []menu.CommandOption{ 27 | { 28 | Description: "Add spy rules (recommended)", 29 | Color: color.FgHiYellow, 30 | Function: addSpy, 31 | }, 32 | { 33 | Description: "Add update rules", 34 | Color: color.FgHiYellow, 35 | Function: addUpdate, 36 | }, 37 | { 38 | Description: "Add extra rules (ONLY use if you know what you do)", 39 | Color: color.FgHiYellow, 40 | Function: addExtra, 41 | }, 42 | { 43 | Description: "Remove WindowsSpyBlocker rules", 44 | Color: color.FgHiYellow, 45 | Function: removeRules, 46 | }, 47 | { 48 | Description: "Display your current WindowsSpyBlocker rules", 49 | Color: color.FgHiYellow, 50 | Function: currentRules, 51 | }, 52 | } 53 | 54 | menuOptions := menu.NewOptions("Firewall", "'menu' for help [telemetry-firewall]> ", 0, "") 55 | 56 | menuN := menu.NewMenu(menuCommands, menuOptions) 57 | menuN.Start() 58 | return 59 | } 60 | 61 | func addExtra(args ...string) error { 62 | addRules(data.RULES_EXTRA) 63 | return nil 64 | } 65 | 66 | func addSpy(args ...string) error { 67 | addRules(data.RULES_SPY) 68 | return nil 69 | } 70 | 71 | func addUpdate(args ...string) error { 72 | addRules(data.RULES_UPDATE) 73 | return nil 74 | } 75 | 76 | func addRules(rule string) { 77 | fmt.Println() 78 | defer timeu.Track(time.Now()) 79 | 80 | prefix := getPrefix(rule) 81 | fmt.Printf("Get IPs for %s... ", rule) 82 | ips, err := data.GetFirewallIpsByRule(rule) 83 | if err != nil { 84 | print.Error(err) 85 | return 86 | } 87 | print.Ok() 88 | 89 | for _, ip := range ips { 90 | addFirewallRule(prefix, ip.IP) 91 | } 92 | } 93 | 94 | func removeRules(args ...string) error { 95 | fmt.Println() 96 | defer timeu.Track(time.Now()) 97 | 98 | rule := "" 99 | if len(args) > 0 { 100 | rule = args[0] 101 | } 102 | 103 | prefix := getPrefix(rule) 104 | fmt.Print("Remove rules starting with") 105 | color.New(color.FgYellow).Printf(" %s", prefix) 106 | fmt.Print("...\n") 107 | 108 | ole.CoInitialize(0) 109 | defer ole.CoUninitialize() 110 | 111 | unk, err := oleutil.CreateObject("HNetCfg.FwPolicy2") 112 | if err != nil { 113 | print.ErrorStr(fmt.Sprintf("Error creating HNetCfg.FwPolicy2 object: %s\n", err.Error())) 114 | return nil 115 | } 116 | 117 | dsp, err := unk.QueryInterface(ole.IID_IDispatch) 118 | if err != nil { 119 | print.ErrorStr(fmt.Sprintf("Error querying IID_IDispatch interface: %s\n", err.Error())) 120 | return nil 121 | } 122 | 123 | rules := oleutil.MustGetProperty(dsp, "Rules").ToIDispatch() 124 | oleutil.ForEach(rules, func(v *ole.VARIANT) error { 125 | rule := v.ToIDispatch() 126 | name := oleutil.MustGetProperty(rule, "Name").ToString() 127 | if strings.HasPrefix(name, prefix) { 128 | removeFirewallRule(name) 129 | } 130 | return nil 131 | }) 132 | 133 | return nil 134 | } 135 | 136 | func currentRules(args ...string) error { 137 | fmt.Println() 138 | 139 | ole.CoInitialize(0) 140 | defer ole.CoUninitialize() 141 | 142 | unk, err := oleutil.CreateObject("HNetCfg.FwPolicy2") 143 | if err != nil { 144 | print.ErrorStr(fmt.Sprintf("Error creating HNetCfg.FwPolicy2 object: %s\n", err.Error())) 145 | return nil 146 | } 147 | 148 | dsp, err := unk.QueryInterface(ole.IID_IDispatch) 149 | if err != nil { 150 | print.ErrorStr(fmt.Sprintf("Error querying IID_IDispatch interface: %s\n", err.Error())) 151 | return nil 152 | } 153 | 154 | rules := oleutil.MustGetProperty(dsp, "Rules").ToIDispatch() 155 | oleutil.ForEach(rules, func(v *ole.VARIANT) error { 156 | rule := v.ToIDispatch() 157 | name := oleutil.MustGetProperty(rule, "Name").ToString() 158 | if strings.HasPrefix(name, getPrefix("")) { 159 | fmt.Println(name) 160 | } 161 | return nil 162 | }) 163 | 164 | return nil 165 | } 166 | 167 | func getPrefix(rule string) string { 168 | var prefix bytes.Buffer 169 | prefix.WriteString(PREFIX) 170 | if len(rule) > 0 { 171 | prefix.WriteString(stringsu.UcFirst(rule)) 172 | } 173 | return prefix.String() 174 | } 175 | 176 | func addFirewallRule(prefix string, ip string) { 177 | fmt.Print("Adding outbound firewall rule for") 178 | color.New(color.FgCyan).Printf(" %s", ip) 179 | fmt.Print("... ") 180 | 181 | ole.CoInitialize(0) 182 | defer ole.CoUninitialize() 183 | 184 | unk, err := oleutil.CreateObject("HNetCfg.FwPolicy2") 185 | if err != nil { 186 | print.ErrorStr(fmt.Sprintf("Error creating HNetCfg.FwPolicy2 object: %s\n", strings.TrimSpace(err.Error()))) 187 | return 188 | } 189 | 190 | dsp, err := unk.QueryInterface(ole.IID_IDispatch) 191 | if err != nil { 192 | print.ErrorStr(fmt.Sprintf("Error querying IID_IDispatch interface: %s\n", strings.TrimSpace(err.Error()))) 193 | return 194 | } 195 | 196 | rules := oleutil.MustGetProperty(dsp, "Rules").ToIDispatch() 197 | err = oleutil.ForEach(rules, func(v *ole.VARIANT) error { 198 | rule := v.ToIDispatch() 199 | name := oleutil.MustGetProperty(rule, "Name").ToString() 200 | if name == fmt.Sprintf("%s-%s", prefix, ip) { 201 | return errors.New("emit macho dwarf: elf header corrupted") 202 | } 203 | return nil 204 | }) 205 | if err != nil { 206 | color.New(color.FgYellow).Print("Warning: Rule already exists\n") 207 | return 208 | } 209 | 210 | cmdResult, err := cmd.Exec(cmd.Options{ 211 | Command: "netsh", 212 | Args: []string{ 213 | "advfirewall", "firewall", "add", "rule", 214 | fmt.Sprintf(`name="%s-%s"`, prefix, ip), 215 | "dir=out", "protocol=any", "action=block", fmt.Sprintf(`remoteip="%s"`, ip), 216 | }, 217 | }) 218 | if err != nil { 219 | print.Error(err) 220 | return 221 | } 222 | 223 | if cmdResult.ExitCode != 0 { 224 | if len(cmdResult.Stderr) > 0 { 225 | print.ErrorStr(fmt.Sprintf("%d\n%s\n", cmdResult.ExitCode, cmdResult.Stderr)) 226 | } else if len(cmdResult.Stdout) > 0 { 227 | print.ErrorStr(fmt.Sprintf("%d\n%s\n", cmdResult.ExitCode, cmdResult.Stdout)) 228 | } else { 229 | print.ErrorStr(fmt.Sprintf("%d\n", cmdResult.ExitCode)) 230 | } 231 | return 232 | } 233 | 234 | print.Ok() 235 | } 236 | 237 | func removeFirewallRule(name string) { 238 | fmt.Print("Removing firewall rule") 239 | color.New(color.FgYellow).Printf(" %s", name) 240 | fmt.Print("... ") 241 | 242 | cmdResult, err := cmd.Exec(cmd.Options{ 243 | Command: "netsh", 244 | Args: []string{ 245 | "advfirewall", "firewall", "delete", "rule", 246 | fmt.Sprintf(`name="%s"`, name), 247 | }, 248 | }) 249 | if err != nil { 250 | print.Error(err) 251 | return 252 | } 253 | 254 | if cmdResult.ExitCode != 0 { 255 | if len(cmdResult.Stderr) > 0 { 256 | print.ErrorStr(fmt.Sprintf("%d\n%s\n", cmdResult.ExitCode, cmdResult.Stderr)) 257 | } else if len(cmdResult.Stdout) > 0 { 258 | print.ErrorStr(fmt.Sprintf("%d\n%s\n", cmdResult.ExitCode, cmdResult.Stdout)) 259 | } else { 260 | print.ErrorStr(fmt.Sprintf("%d\n", cmdResult.ExitCode)) 261 | } 262 | return 263 | } 264 | 265 | print.Ok() 266 | } 267 | -------------------------------------------------------------------------------- /app/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "uris": { 3 | "latestVersion": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/.res/latest", 4 | "threatcrowd": "https://www.threatcrowd.org/searchApi/v2/%s/report/?%s=%s", 5 | "whatis": "https://whatismyipaddress.com/ip/", 6 | "dnsquery": "https://dnsquery.org/whois/", 7 | "ipapi": "http://ip-api.com/json/", 8 | "ipinfo": "https://ipinfo.io/%s/json", 9 | "ipnf": "https://ip.nf/%s.json", 10 | "ip6": "https://ip6.nl/resolve.plp?domain=%s" 11 | }, 12 | "libs": { 13 | "wireshark_32": { 14 | "url": "https://dl.crazymax.dev/Wireshark-win32-3.0.2.zip", 15 | "checkfile": "wireshark\\tshark.exe" 16 | }, 17 | "wireshark_64": { 18 | "url": "https://dl.crazymax.dev/Wireshark-win64-3.0.2.zip", 19 | "checkfile": "wireshark\\tshark.exe" 20 | }, 21 | "npcap": { 22 | "url": "https://nmap.org/npcap/dist/npcap-0.995.exe", 23 | "checkfile": "C:\\Windows\\System32\\Npcap\\wpcap.dll" 24 | }, 25 | "sysmon": { 26 | "url": "https://dl.crazymax.dev/Sysmon-3.10.zip", 27 | "checkfile": "sysmon\\Sysmon.exe" 28 | } 29 | }, 30 | "dataTpl": { 31 | "dnscrypt": { 32 | "head": "", 33 | "value": "%s" 34 | }, 35 | "eset": { 36 | "head": "### WindowsSpyBlocker - ESET Firewall %s rules\n### License: MIT\n### More info: %s\n\n", 37 | "value": "%s," 38 | }, 39 | "kaspersky": { 40 | "head": "### WindowsSpyBlocker - Kaspersky ips %s rules\n### License: MIT\n### More info: %s\n\n", 41 | "value": "%s," 42 | }, 43 | "openwrt": { 44 | "ip": { 45 | "head": "### WindowsSpyBlocker - OpenWRT ips %s rules (/etc/firewall.user)\n### License: MIT\n### More info: %s\n\n# enforce router DNS\niptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53\niptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53\n\n# rules\n", 46 | "value": "iptables -I FORWARD -j DROP -d %s" 47 | }, 48 | "domains": { 49 | "head": "### WindowsSpyBlocker - OpenWRT hosts %s rules (/etc/dnsmasq.conf)\n### License: MIT\n### More info: %s\n\n", 50 | "value": "server=/%s/" 51 | } 52 | }, 53 | "p2p": { 54 | "head": "### WindowsSpyBlocker - P2P %s rules\n### License: MIT\n### More info: %s\n\n", 55 | "value": "WindowsSpyBlocker:%s" 56 | }, 57 | "proxifier": { 58 | "ip": { 59 | "head": "", 60 | "value": "%s;" 61 | }, 62 | "domains": { 63 | "head": "", 64 | "value": "%s;" 65 | } 66 | }, 67 | "simplewall": { 68 | "head": "\n\n\n\n\n\n\n", 69 | "value": "\t" 70 | } 71 | }, 72 | "proxifier": { 73 | "unvalidLines": [ 74 | "Welcome to Proxifier", 75 | "Profile ", 76 | "Profile saved as", 77 | "Log file enabled", 78 | "Traffic log enabled", 79 | "Traffic file disabled", 80 | "Verbose output enabled", 81 | "Log Directory is set to", 82 | "Local CMOS Clock", 83 | "Automatic DNS mode detection", 84 | "(IPv6)", 85 | "source socket not found", 86 | "Connections do not originate from the applications" 87 | ] 88 | }, 89 | "sysmon": { 90 | "evtxPath": "C:\\Windows\\sysnative\\winevt\\Logs\\Microsoft-Windows-Sysmon%4Operational.evtx" 91 | }, 92 | "ncsi": { 93 | "reg": { 94 | "key": "SYSTEM\\CurrentControlSet\\Services\\NlaSvc\\Parameters\\Internet", 95 | "webProbeHost": "ActiveWebProbeHost", 96 | "webProbePath": "ActiveWebProbePath", 97 | "webProbeContent": "ActiveWebProbeContent", 98 | "webProbeHostV6": "ActiveWebProbeHostV6", 99 | "webProbePathV6": "ActiveWebProbePathV6", 100 | "webProbeContentV6": "ActiveWebProbeContentV6", 101 | "dnsProbeHost": "ActiveDnsProbeHost", 102 | "dnsProbeContent": "ActiveDnsProbeContent", 103 | "dnsProbeHostV6": "ActiveDnsProbeHostV6", 104 | "dnsProbeContentV6": "ActiveDnsProbeContentV6" 105 | }, 106 | "probes": { 107 | "microsoft": { 108 | "webHostV4": "www.msftconnecttest.com", 109 | "webPathV4": "connecttest.txt", 110 | "webContentV4": "Microsoft Connect Test", 111 | "webHostV6": "ipv6.msftconnecttest.com", 112 | "webPathV6": "connecttest.txt", 113 | "webContentV6": "Microsoft Connect Test", 114 | "dnsHostV4": "dns.msftncsi.com", 115 | "dnsContentV4": "131.107.255.255", 116 | "dnsHostV6": "dns.msftncsi.com", 117 | "dnsContentV6": "fd3e:4f5a:5b81::1" 118 | }, 119 | "debian": { 120 | "webHostV4": "network-test.debian.org", 121 | "webPathV4": "nm", 122 | "webContentV4": "NetworkManager is online\n", 123 | "webHostV6": "network-test.debian.org", 124 | "webPathV6": "nm", 125 | "webContentV6": "NetworkManager is online\n", 126 | "dnsHostV4": "resolver1.opendns.com", 127 | "dnsContentV4": "208.67.222.222", 128 | "dnsHostV6": "resolver1.opendns.com", 129 | "dnsContentV6": "2620:119:35::35" 130 | }, 131 | "firefox": { 132 | "webHostV4": "detectportal.firefox.com", 133 | "webPathV4": "success.txt", 134 | "webContentV4": "success\n", 135 | "webHostV6": "detectportal.firefox.com", 136 | "webPathV6": "success.txt", 137 | "webContentV6": "success\n", 138 | "dnsHostV4": "resolver1.opendns.com", 139 | "dnsContentV4": "208.67.222.222", 140 | "dnsHostV6": "resolver1.opendns.com", 141 | "dnsContentV6": "2620:119:35::35" 142 | } 143 | } 144 | }, 145 | "wilcardSubdomains": [ 146 | "*.2mdn.net", 147 | "*.a-msedge.net", 148 | "*.adnexus.net", 149 | "*.adnxs.com", 150 | "*.ads*.msads.net", 151 | "*.ads*.msn.com", 152 | "*.ams*.msecn.net", 153 | "*.appex-rf.msn.com", 154 | "*.atdmt.com", 155 | "*.c-msedge.net", 156 | "*.dc-msedge.net", 157 | "*.delivery.dsp.mp.microsoft.com.nsatc.net", 158 | "*.delivery.mp.microsoft.com", 159 | "*.dl.delivery.mp.microsoft.com", 160 | "*.e-msedge.net", 161 | "*.glbdns2.microsoft.com", 162 | "*.location.live.net", 163 | "*.messenger.live.com", 164 | "*.microsoftwindowsupdate.net", 165 | "*.msedge.net", 166 | "*.msftconnecttest.com", 167 | "*.msftncsi.com", 168 | "*.nrb.footprintdns.com", 169 | "*.prod.do.dsp.mp.microsoft.com", 170 | "*.rad.live.com", 171 | "*.rad.msn.com", 172 | "*.rads.msn.com", 173 | "*.s-msedge.net", 174 | "*.search.msn.com", 175 | "*.services.appex.bing.com", 176 | "*.services.social.microsoft.com", 177 | "*.smartscreen.microsoft.com", 178 | "*.telemetry.appex.bing.net", 179 | "*.telemetry.microsoft.com", 180 | "*.telemetry.microsoft.com.nsatc.net", 181 | "*.telemetry.urs.microsoft.com", 182 | "*.tile.appex.bing.com", 183 | "*.tlu.dl.delivery.mp.microsoft.com.c.footprint.net", 184 | "*.update.microsoft.com", 185 | "*.update.microsoft.com.akadns.net", 186 | "*.virtualearth.net", 187 | "*.vo.msecnd.net", 188 | "*.vortex*.data.metron.live.com.nsatc.net", 189 | "*.vortex*.data.microsoft.com", 190 | "*.vortex.data.microsoft.com", 191 | "*wac.phicdn.net", 192 | "*wac.edgecastcdn.net", 193 | "*.weather.microsoft.com", 194 | "*.windowsupdate.com", 195 | "*.windowsupdate.org", 196 | "*.windowupdate.org", 197 | "*.ws.microsoft.com", 198 | "*.xboxlive.com", 199 | "array*-prod.do.dsp.mp.microsoft.com", 200 | "cy2.*.md.mp.microsoft.com.*.", 201 | "vortex-*.metron.live.com.nsatc.net" 202 | ] 203 | } 204 | -------------------------------------------------------------------------------- /app/cmds/dev/diff/diff.go: -------------------------------------------------------------------------------- 1 | package diff 2 | 3 | import ( 4 | "bytes" 5 | "encoding/csv" 6 | "fmt" 7 | "io" 8 | "net" 9 | "os" 10 | "path" 11 | "sort" 12 | "strings" 13 | "time" 14 | 15 | "github.com/akyoto/color" 16 | "github.com/crazy-max/WindowsSpyBlocker/app/dnsres" 17 | "github.com/crazy-max/WindowsSpyBlocker/app/menu" 18 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/data" 19 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/netu" 20 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/pathu" 21 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/print" 22 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/stringsu" 23 | "github.com/crazy-max/WindowsSpyBlocker/app/utils/timeu" 24 | "github.com/crazy-max/WindowsSpyBlocker/app/whois" 25 | ) 26 | 27 | type diff struct { 28 | Host string `json:"host"` 29 | } 30 | 31 | type diffs []diff 32 | 33 | func (slice diffs) Len() int { 34 | return len(slice) 35 | } 36 | 37 | func (slice diffs) Less(i, j int) bool { 38 | hostA := []byte(slice[i].Host) 39 | if netu.IsValidIPv4(slice[i].Host) { 40 | hostA = net.ParseIP(slice[i].Host) 41 | } 42 | hostB := []byte(slice[j].Host) 43 | if netu.IsValidIPv4(slice[j].Host) { 44 | hostB = net.ParseIP(slice[j].Host) 45 | } 46 | switch bytes.Compare(hostA, hostB) { 47 | case -1: 48 | return true 49 | case 0, 1: 50 | return false 51 | default: 52 | return false 53 | } 54 | } 55 | 56 | func (slice diffs) Swap(i, j int) { 57 | slice[i], slice[j] = slice[j], slice[i] 58 | } 59 | 60 | // Menu of Diff 61 | func Menu(args ...string) (err error) { 62 | menuCommands := []menu.CommandOption{ 63 | { 64 | Description: "All", 65 | Color: color.FgHiYellow, 66 | Function: diffAll, 67 | }, 68 | { 69 | Description: "Proxifier", 70 | Color: color.FgHiYellow, 71 | Function: diffProxifier, 72 | }, 73 | { 74 | Description: "Sysmon", 75 | Color: color.FgHiYellow, 76 | Function: diffSysmon, 77 | }, 78 | { 79 | Description: "Wireshark", 80 | Color: color.FgHiYellow, 81 | Function: diffWireshark, 82 | }, 83 | } 84 | 85 | menuOptions := menu.NewOptions("Diff", "'menu' for help [dev-diff]> ", 0, "") 86 | 87 | menuN := menu.NewMenu(menuCommands, menuOptions) 88 | menuN.Start() 89 | return 90 | } 91 | 92 | func diffAll(args ...string) error { 93 | fmt.Println() 94 | defer timeu.Track(time.Now()) 95 | 96 | var resultsTmp diffs 97 | resultsTmp = append(resultsTmp, _diff("proxifier", true)...) 98 | resultsTmp = append(resultsTmp, _diff("sysmon", true)...) 99 | resultsTmp = append(resultsTmp, _diff("wireshark", true)...) 100 | 101 | var results diffs 102 | duplicates := make(map[string]string) 103 | for _, resultTmp := range resultsTmp { 104 | if _, ok := duplicates[resultTmp.Host]; ok { 105 | continue 106 | } 107 | duplicates[resultTmp.Host] = resultTmp.Host 108 | results = append(results, resultTmp) 109 | } 110 | 111 | if len(results) == 0 { 112 | fmt.Println("No diffs found...") 113 | return nil 114 | } 115 | 116 | fmt.Println() 117 | color.New(color.FgGreen).Printf("%d", len(results)) 118 | fmt.Print(" diff(s) found\n") 119 | 120 | _writeResultFile("diff-all", results) 121 | return nil 122 | } 123 | 124 | func diffProxifier(args ...string) error { 125 | prog("proxifier") 126 | return nil 127 | } 128 | 129 | func diffSysmon(args ...string) error { 130 | prog("sysmon") 131 | return nil 132 | } 133 | 134 | func diffWireshark(args ...string) error { 135 | prog("wireshark") 136 | return nil 137 | } 138 | 139 | func prog(prog string) { 140 | fmt.Println() 141 | defer timeu.Track(time.Now()) 142 | 143 | _diff(prog, false) 144 | } 145 | 146 | func _diff(prog string, all bool) diffs { 147 | var result diffs 148 | hostsCountPath := path.Join(pathu.Logs, prog+"-hosts-count.csv") 149 | 150 | fmt.Printf("Seeking %s... ", strings.TrimLeft(hostsCountPath, pathu.Current)) 151 | if _, err := os.Stat(hostsCountPath); err != nil { 152 | print.Error(err) 153 | return result 154 | } 155 | print.Ok() 156 | 157 | fmt.Printf("Opening %s... ", strings.TrimLeft(hostsCountPath, pathu.Current)) 158 | logFile, err := os.Open(hostsCountPath) 159 | if err != nil { 160 | print.Error(err) 161 | return result 162 | } 163 | print.Ok() 164 | defer logFile.Close() 165 | 166 | fmt.Print("Getting current data... ") 167 | dataList, err := _getCurrentData() 168 | if err != nil { 169 | print.Error(err) 170 | return result 171 | } 172 | print.Ok() 173 | 174 | fmt.Print("Comparing with current data... ") 175 | reader := csv.NewReader(logFile) 176 | reader.Comma = ',' 177 | reader.FieldsPerRecord = -1 178 | 179 | for { 180 | line, err := reader.Read() 181 | if err == io.EOF { 182 | break 183 | } else if err != nil { 184 | print.Error(err) 185 | return result 186 | } 187 | 188 | host := strings.TrimSpace(line[0]) 189 | if host == "" || host == "HOST" { 190 | continue 191 | } 192 | 193 | if !stringsu.InSlice(host, dataList) { 194 | result = append(result, diff{Host: host}) 195 | } 196 | } 197 | print.Ok() 198 | 199 | if all { 200 | return result 201 | } 202 | 203 | if len(result) == 0 { 204 | fmt.Println("No diffs found...") 205 | return result 206 | } 207 | 208 | fmt.Println() 209 | color.New(color.FgGreen).Printf("%d", len(result)) 210 | fmt.Print(" diff(s) found in ") 211 | color.New(color.FgYellow).Printf("%s\n", strings.TrimLeft(hostsCountPath, pathu.Current)) 212 | 213 | _writeResultFile("diff-"+prog, result) 214 | return nil 215 | } 216 | 217 | func _writeResultFile(filename string, results diffs) { 218 | csvResultFile, _ := os.Create(path.Join(pathu.Logs, filename+".csv")) 219 | fmt.Printf("\nGenerating %s... ", strings.TrimLeft(csvResultFile.Name(), pathu.Current)) 220 | csvResultFile.WriteString("HOST,ORGANIZATION,COUNTRY,RESOLVED DATE,RESOLVED DOMAIN") 221 | sort.Sort(results) 222 | for _, result := range results { 223 | csvResultFile.WriteString(fmt.Sprintf("\n%s", result.Host)) 224 | whoisResult := whois.GetWhois(result.Host) 225 | if whoisResult != (whois.Whois{}) { 226 | csvResultFile.WriteString(fmt.Sprintf(",%s,%s", whoisResult.Org, whoisResult.Country)) 227 | } else { 228 | csvResultFile.WriteString(",,") 229 | } 230 | if netu.IsValidIPv4(result.Host) { 231 | dnsresList := dnsres.GetDnsRes(result.Host) 232 | if len(dnsresList) > 0 { 233 | countRes := 0 234 | for _, res := range dnsresList { 235 | if countRes == 0 { 236 | csvResultFile.WriteString(fmt.Sprintf(",%s,%s", res.LastResolved.Format("2006-01-02"), res.IpOrDomain)) 237 | } else { 238 | csvResultFile.WriteString(fmt.Sprintf("\n,,,%s,%s", res.LastResolved.Format("2006-01-02"), res.IpOrDomain)) 239 | } 240 | countRes++ 241 | } 242 | } else { 243 | csvResultFile.WriteString(",,") 244 | } 245 | } 246 | } 247 | print.Ok() 248 | 249 | fmt.Printf("Writing %s... ", strings.TrimLeft(csvResultFile.Name(), pathu.Current)) 250 | if err := csvResultFile.Sync(); err != nil { 251 | print.Error(err) 252 | } else { 253 | print.Ok() 254 | } 255 | csvResultFile.Close() 256 | } 257 | 258 | func _getCurrentData() ([]string, error) { 259 | var result []string 260 | 261 | firewallIPs, err := data.GetFirewallIps() 262 | if err != nil { 263 | return result, err 264 | } 265 | for _, firewallIP := range firewallIPs { 266 | if strings.Contains(firewallIP.IP, "-") { 267 | ips, err := netu.GetIpsFromIPRange(firewallIP.IP) 268 | if err != nil { 269 | return result, err 270 | } 271 | result = append(result, ips...) 272 | } else { 273 | result = append(result, firewallIP.IP) 274 | } 275 | } 276 | 277 | hosts, err := data.GetHosts() 278 | if err != nil { 279 | return result, err 280 | } 281 | for _, host := range hosts { 282 | result = append(result, host.Domain) 283 | } 284 | 285 | return result, nil 286 | } 287 | --------------------------------------------------------------------------------