├── README.md
├── cheatsheet.md
├── LICENSE
└── firewall_try_harder.py


/README.md:
--------------------------------------------------------------------------------
1 | # Disclaimer
2 | 
3 | The scripts provided in this repository are for educational purposes only. They are intended to demonstrate concepts and tools in a safe and controlled environment. The misuse of these scripts is strictly prohibited. The author assumes no responsibility for any illegal or unethical actions performed with these scripts. Always adhere to applicable laws and ethical guidelines.
4 | 
5 | 


--------------------------------------------------------------------------------
/cheatsheet.md:
--------------------------------------------------------------------------------
 1 | ## TCPDUMP COMMANDS
 2 | 
 3 | # Show packets with SYN flags
 4 | tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0'
 5 | 
 6 | # Exclude Port 22 (SSH Traffic)
 7 | sudo tcpdump -i any tcp and not port 22 -X
 8 | 
 9 | # To filter traffic from a specific IP address using tcpdump
10 | tcpdump -i any src host <specific-ip> -X
11 | 
12 | ## IPTABLES COMMANDS
13 | 
14 | # Add iptables rule
15 | iptables -A INPUT -s <ip> -j DROP
16 | 
17 | # Delete iptables rule
18 | iptables -D INPUT -s <ip> -j DROP
19 | 
20 | # List out iptables rules
21 | iptables -L -n -v
22 | 
23 | # Flush all iptables rules
24 | iptables -F


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2024 GnarCoding
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/firewall_try_harder.py:
--------------------------------------------------------------------------------
  1 | from scapy.all import *
  2 | import subprocess
  3 | from collections import defaultdict
  4 | from datetime import datetime, timedelta
  5 | 
  6 | # Dictionary to track scan counts and timestamps
  7 | scan_tracker = defaultdict(lambda: {"count": 0, "timestamp": None})
  8 | 
  9 | # Duration to block an IP (10 minutes)
 10 | BLOCK_DURATION = timedelta(minutes=10)
 11 | 
 12 | def is_ip_blocked(ip):
 13 |     """Check if the IP is already blocked in iptables."""
 14 |     result = subprocess.run(["sudo", "iptables", "-L", "-n"], stdout=subprocess.PIPE, text=True)
 15 |     return ip in result.stdout
 16 | 
 17 | def block_ip(ip):
 18 |     """Block the given IP using iptables."""
 19 |     if is_ip_blocked(ip):
 20 |         print(f"IP {ip} is already blocked. Skipping...")
 21 |         return
 22 | 
 23 |     print(f"Blocking IP: {ip}")
 24 |     try:
 25 |         subprocess.run(["sudo", "iptables", "-A", "INPUT", "-s", ip, "-j", "DROP"], check=True)
 26 |     except subprocess.CalledProcessError as e:
 27 |         print(f"Error blocking IP {ip}: {e}")
 28 | 
 29 | def unblock_ip(ip):
 30 |     """Unblock the given IP."""
 31 |     print(f"Unblocking IP: {ip}")
 32 |     try:
 33 |         subprocess.run(["sudo", "iptables", "-D", "INPUT", "-s", ip, "-j", "DROP"], check=True)
 34 |     except subprocess.CalledProcessError as e:
 35 |         print(f"Error unblocking IP {ip}: {e}")
 36 | 
 37 | def handle_packet(packet):
 38 |     if TCP in packet and packet[TCP].flags == "S":  # SYN flag detected
 39 |         src_ip = packet[IP].src
 40 |         port = packet[TCP].dport
 41 |         src_port = packet[TCP].sport
 42 | 
 43 |         print(f"Scan detected on port {port} from {src_ip}")
 44 | 
 45 |         # Check and update scan count
 46 |         current_time = datetime.now()
 47 |         if scan_tracker[src_ip]["timestamp"] and current_time - scan_tracker[src_ip]["timestamp"] > BLOCK_DURATION:
 48 |             # Reset tracker after block duration
 49 |             scan_tracker[src_ip] = {"count": 0, "timestamp": None}
 50 | 
 51 |         scan_tracker[src_ip]["count"] += 1
 52 |         scan_tracker[src_ip]["timestamp"] = current_time
 53 | 
 54 |         if scan_tracker[src_ip]["count"] > 5:
 55 |             print(f"IP {src_ip} exceeded scan limit, blocking for 10 minutes...")
 56 |             block_ip(src_ip)
 57 |             # Schedule unblock
 58 |             unblock_time = datetime.now() + BLOCK_DURATION
 59 |             print(f"IP {src_ip} will be unblocked at {unblock_time.strftime('%Y-%m-%d %H:%M:%S')}")
 60 |             sniff_thread.unblock_tasks.append({"ip": src_ip, "unblock_time": unblock_time})
 61 |             return
 62 | 
 63 |         # Respond with SYN-ACK
 64 |         syn_ack = (
 65 |             IP(dst=src_ip, src=packet[IP].dst) /
 66 |             TCP(sport=port, dport=src_port, flags="SA", seq=100, ack=packet[TCP].seq + 1)
 67 |         )
 68 |         send(syn_ack, verbose=0)
 69 |         print(f"Sent SYN-ACK to {src_ip} on port {port}")
 70 | 
 71 |         # Send "try harder" message in a follow-up data packet
 72 |         data_packet = (
 73 |             IP(dst=src_ip, src=packet[IP].dst) /
 74 |             TCP(sport=port, dport=src_port, flags="PA", seq=101, ack=packet[TCP].seq + 1) /
 75 |             Raw(load="try harder")
 76 |         )
 77 |         send(data_packet, verbose=0)
 78 |         print(f"Sent data packet with message 'try harder' to {src_ip} on port {port}")
 79 | 
 80 | def unblock_expired_ips():
 81 |     """Unblock IPs whose block duration has expired."""
 82 |     now = datetime.now()
 83 |     for task in list(sniff_thread.unblock_tasks):
 84 |         if now >= task["unblock_time"]:
 85 |             unblock_ip(task["ip"])
 86 |             sniff_thread.unblock_tasks.remove(task)
 87 | 
 88 | class SniffThread:
 89 |     def __init__(self):
 90 |         self.unblock_tasks = []
 91 | 
 92 |     def start_sniffing(self):
 93 |         sniff(filter="tcp", prn=handle_packet)
 94 | 
 95 | sniff_thread = SniffThread()
 96 | 
 97 | if __name__ == "__main__":
 98 |     import threading
 99 | 
100 |     # Start the sniffing in a separate thread
101 |     sniff_thread = SniffThread()
102 |     sniff_thread_thread = threading.Thread(target=sniff_thread.start_sniffing, daemon=True)
103 |     sniff_thread_thread.start()
104 | 
105 |     # Monitor unblock tasks in the main thread
106 |     try:
107 |         while True:
108 |             unblock_expired_ips()
109 |             time.sleep(5)
110 |     except KeyboardInterrupt:
111 |         print("\nStopping...")
112 | 


--------------------------------------------------------------------------------