├── .gitignore ├── README.md ├── cmd └── cmd.go ├── conf └── app.ini ├── feeds ├── alienvault.go ├── alienvault_test.go ├── badips.go ├── badips_test.go ├── bambenekconsulting.go ├── bambenekconsulting_test.go ├── blocklist.go ├── blocklist_test.go ├── botscout.go ├── botscout_test.go ├── bruteforceblocker.go ├── bruteforceblocker_test.go ├── cinsscore.go ├── cinsscore_test.go ├── cruzit_web_attacks.go ├── cruzit_web_attacks_test.go ├── cybercrime.go ├── cybercrime_test.go ├── cybersweat.go ├── cybersweat_test.go ├── dataplane.go ├── dataplane_test.go ├── dshield.go ├── dshield_test.go ├── emergingthreats.go ├── emergingthreats_test.go ├── feeds.go ├── feeds_test.go ├── feodotracker.go ├── feodotracker_test.go ├── greensnow.go ├── greensnow_test.go ├── malwaredomainlist.go ├── malwaredomainlist_test.go ├── maxmind.go ├── maxmind_test.go ├── netlab360.go ├── netlab360_test.go ├── rutgers.go ├── rutgers_test.go ├── zeustracker.go └── zeustracker_test.go ├── logger └── log.go ├── main.go ├── models ├── cache.go ├── evil_ips.go └── models.go ├── settings └── settings.go ├── util ├── client.go └── lib.go └── web ├── init.go ├── routers ├── admin.go ├── api.go └── api_test.go └── web.go /.gitignore: -------------------------------------------------------------------------------- 1 | # Created by .ignore support plugin (hsz.mobi) 2 | .idea/ 3 | web/routers/conf/ 4 | feeds/conf/ 5 | data/ 6 | dns 7 | ips 8 | main 9 | app.ini_bak 10 | app.ini 11 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # xsec ip database 3 | 4 | xsec ip database为一个恶意IP和域名库(Malicious ip database),它获取恶意IP和域名的方式有以下几种: 5 | 6 | 1. 通过爬虫定期拉取网络中公开的恶意ip库(可能过增加新爬虫的方式订阅新的IP库) 7 | 1. 支持与自有的其他安全产品联动(HIDS、WAF、蜜罐、防火墙等产品),实时更新IP库 8 | 9 | ## 功能说明 10 | 11 | 1. 启动后会定期更新ip库,默认为1小时更新一次 12 | 1. 支持将恶意ip信息写入postgres, sqlite, mysql, mongodb数据库 13 | 1. 支持恶意ip信息导出、导入 14 | 1. 提供了恶意ip和dns检测以及与其他安全产品联动的接口 15 | 16 | ## 使用方法 17 | 18 | ```bash 19 | $ ./main 20 | [xorm] [info] 2017/09/26 13:22:58.220496 PING DATABASE mysql 21 | NAME: 22 | xsec Malicious ip database - A Malicious ip database 23 | 24 | USAGE: 25 | main [global options] command [command options] [arguments...] 26 | 27 | VERSION: 28 | 20170925 29 | 30 | AUTHOR(S): 31 | netxfly 32 | 33 | COMMANDS: 34 | serve startup evil ips 35 | dump Fetch all evil ips info and save to file 36 | load load ips from file 37 | help, h Shows a list of commands or help for one command 38 | 39 | GLOBAL OPTIONS: 40 | --help, -h show help 41 | --version, -v print the version 42 | 43 | 44 | ``` 45 | - serve会启动程序,抓取完恶意ip和域名信息后会启动web接口 46 | - dump,将恶意ip和域名导出到当前目录,文件名分别为ips和dns 47 | - load,将ips和dns中的信息导入内存并启动WEB接口 48 | 49 | ### 运行截图 50 | 51 | - 直接启动程序 52 | 53 | ![](https://docs.xsec.io/images/evil_ips/serve.png) 54 | 55 | - 导出恶意ip信息到当前目录中,使用场景为部分URL是被墙了的,需要先在国外的VPS中导出文件拖回国内使用 56 | 57 | ![](https://docs.xsec.io/images/evil_ips/dump.png) 58 | 59 | - 导入恶意ip信息并启动WEB接口 60 | ![](https://docs.xsec.io/images/evil_ips/load.png) 61 | 62 | - 恶意IP检测及实时提交测试 63 | ![](https://docs.xsec.io/images/evil_ips/api_ip.png) 64 | 65 | - 恶意域名检测及提交测试 66 | ![](https://docs.xsec.io/images/evil_ips/api_dns.png) 67 | 68 | 其中测试与其他安全产品联动的测试代码的内容如下: 69 | 70 | ```go 71 | 72 | package routers_test 73 | 74 | import ( 75 | "testing" 76 | "time" 77 | "net/http" 78 | "net/url" 79 | 80 | "xsec-evil-ips/util" 81 | ) 82 | 83 | func TestUpdateIp(t *testing.T) { 84 | u := "http://127.0.0.1:8000/api/ip/" 85 | timestamp := time.Now().Format("2006-01-02 15:04:05") 86 | k := "aadcbfbc837757a9a24ac96cf9171c8b" 87 | ip := "212.129.58.111" 88 | pro := "xsec test pro" 89 | 90 | t.Log(http.PostForm(u, url.Values{"timestamp": {timestamp}, "secureKey": {util.MakeSign(timestamp, k)}, "ip": {ip}, "pro": {pro}})) 91 | } 92 | 93 | func TestUpdateDomain(t *testing.T) { 94 | u := "http://127.0.0.1:8000/api/domain/" 95 | timestamp := time.Now().Format("2006-01-02 15:04:05") 96 | k := "aadcbfbc837757a9a24ac96cf9171c8b" 97 | domain := "www.hosting2balooonba.com" 98 | pro := "xsec test pro" 99 | 100 | t.Log(http.PostForm(u, url.Values{"timestamp": {timestamp}, "secureKey": {util.MakeSign(timestamp, k)}, "domain": {domain}, "pro": {pro}})) 101 | } 102 | ``` 103 | 104 | 提交的参数需要有以下几个参数,而且安全产品的key必须与恶意IP库的相同,否则不会接受提交的恶意ip或域名信息。 105 | 106 | - timestamp 107 | - secureKey 108 | - ip/domain,表示恶意ip或域名 109 | - pro,表示需要联动的安全产品名称 110 | 111 | ### Demo 112 | 113 | 1. 恶意IP检测,[http://xsec.io:8000/api/ip/212.129.58.111](http://xsec.io:8000/api/ip/212.129.58.111) 114 | 1. 恶意域名检测,[http://xsec.io:8000/api/domain/www.hosting2balooonba.com](http://xsec.io:8000/api/domain/www.hosting2balooonba.com) 115 | 116 | 项目地址:https://github.com/netxfly/xsec-ip-database 117 | 118 | ## 更新记录 119 | 120 | ### 2017/9/28 121 | 122 | - 恶意域名的种子中新增了360 netlab提供的DGA,使得域名记录直接上到了百万级。 123 | 124 | ![](https://docs.xsec.io/images/evil_ips/netlab_360.png) 125 | ![](https://docs.xsec.io/images/evil_ips/netlab_360_check.png) 126 | 127 | - 因为data.netlab.360.com在国内,而且体积在70M以上,所以从vps中的拉取速度很慢,建议下载到本地,将`feeds/netlab360.go`中的URL改为本地地址。 128 | 129 | ```go 130 | url := "http://data.netlab.360.com/feeds/dga/dga.txt" 131 | // url := "http://127.0.0.1:8000/dga.txt" 132 | ``` 133 | 134 | - 如果vps内存不足,会在将恶意IP和域名导出到文件中时报错,解决方案为增加swap分区。 135 | ![](https://docs.xsec.io/images/evil_ips/swap.png) -------------------------------------------------------------------------------- /cmd/cmd.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package cmd 26 | 27 | import ( 28 | "github.com/urfave/cli" 29 | 30 | "xsec-evil-ips/feeds" 31 | "xsec-evil-ips/web" 32 | ) 33 | 34 | var Serve = cli.Command{ 35 | Name: "serve", 36 | Usage: "startup evil ips", 37 | Description: "startup evil ips", 38 | Action: feeds.Startup, 39 | } 40 | 41 | var RunWeb = cli.Command{ 42 | Name: "web", 43 | Usage: "startup web interface", 44 | Description: "startup web interface", 45 | Action: web.RunWeb, 46 | } 47 | 48 | var SaveFile = cli.Command{ 49 | Name: "dump", 50 | Usage: "Fetch all evil ips info and save to file", 51 | Description: "Fetch all evil ips info and save to file", 52 | Action: feeds.Dump, 53 | } 54 | 55 | var LoadFile = cli.Command{ 56 | Name: "load", 57 | Usage: "load ips from file", 58 | Description: "load ips from file", 59 | Action: web.LoadFromFile, 60 | } 61 | -------------------------------------------------------------------------------- /conf/app.ini: -------------------------------------------------------------------------------- 1 | HTTP_HOST = 2 | HTTP_PORT = 8000 3 | DEBUG = true 4 | SECRET = aadcbfbc837757a9a24ac96cf9171c8b 5 | 6 | [DATABASE] 7 | ; DATABASE_TYPE value: postgres, sqlite, mysql, mongodb 8 | DATA_TYPE = mysql1 9 | DATA_HOST = 1.1.1.1 10 | DATA_PORT = 3306 11 | DATA_NAME = data_user 12 | USERNAME = user_name 13 | PASSWORD = password 14 | -------------------------------------------------------------------------------- /feeds/alienvault.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromAlienvault() (evilIps models.EvilIps, err error) { 36 | url := "https://reputation.alienvault.com/reputation.generic" 37 | src := "alienvault.com" 38 | desc := "evil ips" 39 | check := "# Malicious" 40 | 41 | evilIps.Src.Source = src 42 | evilIps.Src.Desc = desc 43 | 44 | resp, err := util.GetPage(url) 45 | if err == nil { 46 | ret, err := ioutil.ReadAll(resp) 47 | if err == nil { 48 | lines := strings.Split(string(ret), "\n") 49 | for _, line := range lines { 50 | if strings.HasPrefix(line, "#") || !strings.Contains(line, ".") { 51 | continue 52 | } 53 | if strings.Contains(line, check) { 54 | info := strings.Split(line, "#") 55 | ip := info[0] 56 | evilIps.Ips = append(evilIps.Ips, ip) 57 | } 58 | } 59 | } 60 | } 61 | return evilIps, err 62 | } 63 | -------------------------------------------------------------------------------- /feeds/alienvault_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromAlienvault(t *testing.T) { 33 | t.Log(feeds.FetchFromAlienvault()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/badips.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchBadips() (evilIps models.EvilIps, err error) { 36 | url := "https://www.badips.com/get/list/any/2?age=7d" 37 | src := "badips.com" 38 | desc := "known attacker" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | ips := strings.Split(string(ret), "\n") 48 | evilIps.Ips = append(evilIps.Ips, ips...) 49 | } 50 | } 51 | return evilIps, err 52 | } 53 | -------------------------------------------------------------------------------- /feeds/badips_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchBadips(t *testing.T) { 33 | t.Log(feeds.FetchBadips()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/bambenekconsulting.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchDnsFromBambenekconsulting() (evilDns models.EvilDns, err error) { 36 | url := "http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt" 37 | src := "bambenekconsulting.com" 38 | desc := "C&Cs domain" 39 | check := ",Domain used by" 40 | 41 | evilDns.Src.Source = src 42 | evilDns.Src.Desc = desc 43 | 44 | resp, err := util.GetPage(url) 45 | if err == nil { 46 | ret, err := ioutil.ReadAll(resp) 47 | if err == nil { 48 | lines := strings.Split(string(ret), "\n") 49 | for _, line := range lines { 50 | if strings.Contains(line, "#") { 51 | continue 52 | } 53 | tmp := strings.Split(line, check) 54 | if len(tmp) > 1 { 55 | evilDns.Domains = append(evilDns.Domains, tmp[0]) 56 | } 57 | } 58 | } 59 | } 60 | return evilDns, err 61 | } 62 | 63 | func FetchDGADnsFromBambenekconsulting() (evilDns models.EvilDns, err error) { 64 | url := "http://osint.bambenekconsulting.com/feeds/dga-feed.txt" 65 | src := "bambenekconsulting.com" 66 | desc := "Domain feed of known DGA domains from -2 to +3 days" 67 | check := ",Domain used by" 68 | 69 | evilDns.Src.Source = src 70 | evilDns.Src.Desc = desc 71 | 72 | resp, err := util.GetPage(url) 73 | if err == nil { 74 | ret, err := ioutil.ReadAll(resp) 75 | if err == nil { 76 | lines := strings.Split(string(ret), "\n") 77 | for _, line := range lines { 78 | if strings.Contains(line, "#") { 79 | continue 80 | } 81 | tmp := strings.Split(line, check) 82 | if len(tmp) > 1 { 83 | evilDns.Domains = append(evilDns.Domains, tmp[0]) 84 | } 85 | } 86 | } 87 | } 88 | return evilDns, err 89 | } 90 | 91 | func FetchIpFromBambenekconsulting() (evilIps models.EvilIps, err error) { 92 | url := "http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt" 93 | src := "bambenekconsulting.com" 94 | desc := "C&Cs IP" 95 | check := ",IP used by" 96 | 97 | evilIps.Src.Source = src 98 | evilIps.Src.Desc = desc 99 | 100 | resp, err := util.GetPage(url) 101 | if err == nil { 102 | ret, err := ioutil.ReadAll(resp) 103 | if err == nil { 104 | lines := strings.Split(string(ret), "\n") 105 | for _, line := range lines { 106 | if strings.Contains(line, "#") { 107 | continue 108 | } 109 | tmp := strings.Split(line, check) 110 | if len(tmp) > 1 { 111 | evilIps.Ips = append(evilIps.Ips, tmp[0]) 112 | } 113 | } 114 | } 115 | } 116 | return evilIps, err 117 | } 118 | -------------------------------------------------------------------------------- /feeds/bambenekconsulting_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromBambenekconsulting(t *testing.T) { 33 | t.Log(feeds.FetchDnsFromBambenekconsulting()) 34 | } 35 | 36 | func TestFetchIpFromBambenekconsulting(t *testing.T) { 37 | t.Log(feeds.FetchIpFromBambenekconsulting()) 38 | } 39 | 40 | func TestFetchDGADnsFromBambenekconsulting(t *testing.T) { 41 | t.Log(feeds.FetchDGADnsFromBambenekconsulting()) 42 | } 43 | -------------------------------------------------------------------------------- /feeds/blocklist.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchBlocklist() (evilIps models.EvilIps, err error) { 36 | url := "https://lists.blocklist.de/lists/all.txt" 37 | src := "lists.blocklist.de" 38 | desc := "known attacker" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | ips := strings.Split(string(ret), "\n") 48 | evilIps.Ips = append(evilIps.Ips, ips...) 49 | } 50 | } 51 | return evilIps, err 52 | } 53 | -------------------------------------------------------------------------------- /feeds/blocklist_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchBlocklist(t *testing.T) { 33 | t.Log(feeds.FetchBlocklist()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/botscout.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromBotscout() (evilIps models.EvilIps, err error) { 36 | url := "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_1d.ipset" 37 | src := "botscout.com" 38 | desc := "spammer" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | lines := strings.Split(string(ret), "\n") 48 | for _, line := range lines { 49 | if strings.HasPrefix(line, "#") || !strings.Contains(line, ".") { 50 | continue 51 | } 52 | evilIps.Ips = append(evilIps.Ips, line) 53 | } 54 | } 55 | } 56 | return evilIps, err 57 | } 58 | -------------------------------------------------------------------------------- /feeds/botscout_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromBotscout(t *testing.T) { 33 | t.Log(feeds.FetchFromBotscout()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/bruteforceblocker.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromBruteforceblocker() (evilIps models.EvilIps, err error) { 36 | url := "http://danger.rulez.sk/projects/bruteforceblocker/blist.php" 37 | src := "danger.rulez.sk" 38 | desc := "known attacker" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | lines := strings.Split(string(ret), "\n") 48 | for _, line := range lines { 49 | if strings.HasPrefix(line, "#") || !strings.Contains(line, ".") { 50 | continue 51 | } 52 | tmp := strings.Split(line, "#") 53 | if len(tmp) > 1 { 54 | ip := strings.TrimSpace(tmp[0]) 55 | evilIps.Ips = append(evilIps.Ips, ip) 56 | } 57 | } 58 | } 59 | } 60 | return evilIps, err 61 | } 62 | -------------------------------------------------------------------------------- /feeds/bruteforceblocker_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromBruteforceblocker(t *testing.T) { 33 | t.Log(feeds.FetchFromBruteforceblocker()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/cinsscore.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromCinsscore() (evilIps models.EvilIps, err error) { 36 | url := "http://cinsscore.com/list/ci-badguys.txt" 37 | src := "cinsscore.com" 38 | desc := "known attacker" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | ips := strings.Split(string(ret), "\n") 48 | evilIps.Ips = append(evilIps.Ips, ips...) 49 | } 50 | } 51 | return evilIps, err 52 | } 53 | -------------------------------------------------------------------------------- /feeds/cinsscore_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromCinsscore(t *testing.T) { 33 | t.Log(feeds.FetchFromCinsscore()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/cruzit_web_attacks.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromCruzitWebAttacks() (evilIps models.EvilIps, err error) { 36 | url := "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit_web_attacks.ipset" 37 | src := "CruzIt.com" 38 | desc := "web attacks" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | lines := strings.Split(string(ret), "\n") 48 | for _, line := range lines { 49 | if strings.HasPrefix(line, "#") || !strings.Contains(line, ".") { 50 | continue 51 | } 52 | evilIps.Ips = append(evilIps.Ips, line) 53 | } 54 | } 55 | } 56 | return evilIps, err 57 | } 58 | -------------------------------------------------------------------------------- /feeds/cruzit_web_attacks_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromCruzitWebAttacks(t *testing.T) { 33 | t.Log(feeds.FetchFromCruzitWebAttacks()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/cybercrime.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "github.com/PuerkitoBio/goquery" 32 | ) 33 | 34 | func FetchFromCybercrime() (evilDns models.EvilDns, err error) { 35 | url := "http://cybercrime-tracker.net/ccam.php" 36 | src := "cybercrime-tracker.net" 37 | desc := "Atmos Strategic Monitoring" 38 | 39 | evilDns.Src.Source = src 40 | evilDns.Src.Desc = desc 41 | 42 | resp, err := util.GetPage(url) 43 | if err == nil { 44 | doc, err := goquery.NewDocumentFromReader(resp) 45 | if err == nil { 46 | TRs := doc.Find(".monitoring") 47 | TRs.Each(func(_ int, sec *goquery.Selection) { 48 | td := sec.Find("td") 49 | if len(td.Nodes) == 5 { 50 | evilDns.Domains = append(evilDns.Domains, td.Nodes[2].FirstChild.Data) 51 | } 52 | }) 53 | } 54 | } 55 | return evilDns, err 56 | } 57 | -------------------------------------------------------------------------------- /feeds/cybercrime_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromCybercrime(t *testing.T) { 33 | t.Log(feeds.FetchFromCybercrime()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/cybersweat.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromcyBersweat() (evilIps models.EvilIps, err error) { 36 | url := "http://cybersweat.shop/iprep/iprep_ramnode.txt" 37 | src := "cybersweat.shop" 38 | desc := "known attacker" 39 | check := ";" 40 | 41 | evilIps.Src.Source = src 42 | evilIps.Src.Desc = desc 43 | 44 | resp, err := util.GetPage(url) 45 | if err == nil { 46 | ret, err := ioutil.ReadAll(resp) 47 | if err == nil { 48 | lines := strings.Split(string(ret), "\n") 49 | for _, line := range lines { 50 | if strings.HasPrefix(line, "#") || !strings.Contains(line, ".") { 51 | continue 52 | } 53 | tmp := strings.Split(line, check) 54 | if len(tmp) > 1 { 55 | ip := tmp[0] 56 | evilIps.Ips = append(evilIps.Ips, ip) 57 | } 58 | } 59 | } 60 | } 61 | return evilIps, err 62 | } 63 | -------------------------------------------------------------------------------- /feeds/cybersweat_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromcyBersweat(t *testing.T) { 33 | t.Log(feeds.FetchFromcyBersweat()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/dataplane.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromDataplane() (evilIps models.EvilIps, err error) { 36 | urls := []string{ 37 | "https://dataplane.org/dnsrd.txt", 38 | "https://dataplane.org/dnsrdany.txt", 39 | "https://dataplane.org/dnsversion.txt", 40 | "https://dataplane.org/sipinvitation.txt", 41 | "https://dataplane.org/sipquery.txt", 42 | "https://dataplane.org/sipregistration.txt", 43 | "https://dataplane.org/sshclient.txt", 44 | "https://dataplane.org/sshpwauth.txt", 45 | "https://dataplane.org/vncrfb.txt", 46 | } 47 | 48 | src := "dataplane.org" 49 | desc := "known attacker" 50 | check := "|" 51 | 52 | evilIps.Src.Source = src 53 | evilIps.Src.Desc = desc 54 | 55 | for _, url := range urls { 56 | resp, err := util.GetPage(url) 57 | if err == nil { 58 | ret, err := ioutil.ReadAll(resp) 59 | if err == nil { 60 | lines := strings.Split(string(ret), "\n") 61 | for _, line := range lines { 62 | if strings.HasPrefix(line, "#") || !strings.Contains(line, ".") { 63 | continue 64 | } 65 | tmp := strings.Split(line, check) 66 | if len(tmp) == 5 { 67 | ip := strings.TrimSpace(tmp[2]) 68 | evilIps.Ips = append(evilIps.Ips, ip) 69 | } 70 | } 71 | } 72 | } 73 | } 74 | return evilIps, err 75 | } 76 | -------------------------------------------------------------------------------- /feeds/dataplane_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromDataplane(t *testing.T) { 33 | t.Log(feeds.FetchFromDataplane()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/dshield.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchDomainsFromdShield() (evilDns models.EvilDns, err error) { 36 | 37 | url := "https://isc.sans.edu/feeds/suspiciousdomains_Low.txt" 38 | src := "dataplane.org" 39 | desc := "suspicious domain" 40 | 41 | evilDns.Src.Source = src 42 | evilDns.Src.Desc = desc 43 | 44 | resp, err := util.GetPage(url) 45 | if err == nil { 46 | ret, err := ioutil.ReadAll(resp) 47 | if err == nil { 48 | lines := strings.Split(string(ret), "\n") 49 | for _, line := range lines { 50 | if strings.HasPrefix(line, "#") || !strings.Contains(line, ".") { 51 | continue 52 | } 53 | evilDns.Domains = append(evilDns.Domains, line) 54 | } 55 | } 56 | } 57 | return evilDns, err 58 | } 59 | 60 | func FetchIpsFromdShield() (evilIps models.EvilIps, err error) { 61 | 62 | url := "http://feeds.dshield.org/top10-2.txt" 63 | src := "dataplane.org" 64 | desc := "known attacker" 65 | 66 | evilIps.Src.Source = src 67 | evilIps.Src.Desc = desc 68 | 69 | resp, err := util.GetPage(url) 70 | if err == nil { 71 | ret, err := ioutil.ReadAll(resp) 72 | if err == nil { 73 | lines := strings.Split(string(ret), "\n") 74 | for _, line := range lines { 75 | if strings.HasPrefix(line, "#") || !strings.Contains(line, ".") { 76 | continue 77 | } 78 | tmp := strings.Split(line, "\t") 79 | if len(tmp) > 0 { 80 | ip := tmp[0] 81 | evilIps.Ips = append(evilIps.Ips, ip) 82 | } 83 | 84 | } 85 | } 86 | } 87 | return evilIps, err 88 | } 89 | -------------------------------------------------------------------------------- /feeds/dshield_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchDomainsFromdShield(t *testing.T) { 33 | t.Log(feeds.FetchDomainsFromdShield()) 34 | } 35 | 36 | func TestFetchIpsFromdShield(t *testing.T) { 37 | t.Log(feeds.FetchIpsFromdShield()) 38 | } 39 | -------------------------------------------------------------------------------- /feeds/emergingthreats.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | "regexp" 34 | ) 35 | 36 | func FetchFromEmergingthreats() (evilIps models.EvilIps, err error) { 37 | url := "http://rules.emergingthreats.net/open/suricata/rules/botcc.rules" 38 | src := "emergingthreats.net" 39 | desc := "potential malware site" 40 | check := "alert ip" 41 | 42 | evilIps.Src.Source = src 43 | evilIps.Src.Desc = desc 44 | 45 | numBlock := "(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])" 46 | regexPattern := numBlock + "\\." + numBlock + "\\." + numBlock + "\\." + numBlock 47 | reg := regexp.MustCompile(regexPattern) 48 | 49 | resp, err := util.GetPage(url) 50 | if err == nil { 51 | ret, err := ioutil.ReadAll(resp) 52 | if err == nil { 53 | lines := strings.Split(string(ret), "\n") 54 | for _, line := range lines { 55 | if strings.HasPrefix(line, "#") || !strings.Contains(line, check) { 56 | continue 57 | } 58 | ret := reg.FindAllString(line, -1) 59 | evilIps.Ips = append(evilIps.Ips, ret...) 60 | } 61 | } 62 | } 63 | return evilIps, err 64 | } 65 | 66 | func FetchIpsFromEmergingthreats() (evilIps models.EvilIps, err error) { 67 | url := "http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt" 68 | src := "emergingthreats.net" 69 | desc := "compromised ips" 70 | 71 | evilIps.Src.Source = src 72 | evilIps.Src.Desc = desc 73 | 74 | resp, err := util.GetPage(url) 75 | if err == nil { 76 | ret, err := ioutil.ReadAll(resp) 77 | if err == nil { 78 | ips := strings.Split(string(ret), "\n") 79 | evilIps.Ips = append(evilIps.Ips, ips...) 80 | } 81 | } 82 | return evilIps, err 83 | } 84 | -------------------------------------------------------------------------------- /feeds/emergingthreats_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromEmergingthreats(t *testing.T) { 33 | t.Log(feeds.FetchFromEmergingthreats()) 34 | } 35 | 36 | func TestFetchIpsFromEmergingthreats(t *testing.T) { 37 | t.Log(feeds.FetchIpsFromEmergingthreats()) 38 | } 39 | -------------------------------------------------------------------------------- /feeds/feeds.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/logger" 30 | "xsec-evil-ips/web" 31 | 32 | "sync" 33 | "time" 34 | 35 | "github.com/urfave/cli" 36 | ) 37 | 38 | type EvilIpFunc func() (evilIps models.EvilIps, err error) 39 | 40 | type EvilDnsFunc func() (evilDns models.EvilDns, err error) 41 | 42 | var ( 43 | EvilIpFuncs []EvilIpFunc 44 | EvilDnsFuncs []EvilDnsFunc 45 | ) 46 | 47 | func Init() { 48 | // Evil ips func 49 | EvilIpFuncs = append(EvilIpFuncs, FetchFromAlienvault) 50 | EvilIpFuncs = append(EvilIpFuncs, FetchBadips) 51 | EvilIpFuncs = append(EvilIpFuncs, FetchBlocklist) 52 | EvilIpFuncs = append(EvilIpFuncs, FetchFromBotscout) 53 | EvilIpFuncs = append(EvilIpFuncs, FetchFromBruteforceblocker) 54 | EvilIpFuncs = append(EvilIpFuncs, FetchFromCinsscore) 55 | EvilIpFuncs = append(EvilIpFuncs, FetchFromCruzitWebAttacks) 56 | EvilIpFuncs = append(EvilIpFuncs, FetchFromcyBersweat) 57 | EvilIpFuncs = append(EvilIpFuncs, FetchFromDataplane) 58 | EvilIpFuncs = append(EvilIpFuncs, FetchIpsFromdShield) 59 | EvilIpFuncs = append(EvilIpFuncs, FetchFromEmergingthreats) 60 | EvilIpFuncs = append(EvilIpFuncs, FetchIpsFromEmergingthreats) 61 | EvilIpFuncs = append(EvilIpFuncs, FetchFromFeodotracker) 62 | EvilIpFuncs = append(EvilIpFuncs, FetchFromGreensnow) 63 | EvilIpFuncs = append(EvilIpFuncs, FetchFromMalwaredomainlist) 64 | EvilIpFuncs = append(EvilIpFuncs, FetchFrommaxmind) 65 | EvilIpFuncs = append(EvilIpFuncs, FetchFromRutgers) 66 | EvilIpFuncs = append(EvilIpFuncs, FetchFromZeustracker) 67 | 68 | // Evil dns func 69 | EvilDnsFuncs = append(EvilDnsFuncs, FetchDnsFromBambenekconsulting) 70 | EvilDnsFuncs = append(EvilDnsFuncs, FetchFromCybercrime) 71 | EvilDnsFuncs = append(EvilDnsFuncs, FetchDomainsFromdShield) 72 | EvilDnsFuncs = append(EvilDnsFuncs, FetchDGADataFrom360Netlab) 73 | 74 | } 75 | 76 | func FetchEvilIps() { 77 | var wg sync.WaitGroup 78 | startTime := time.Now() 79 | wg.Add(len(EvilIpFuncs)) 80 | for _, fn := range EvilIpFuncs { 81 | go func(fn EvilIpFunc) { 82 | models.SaveEvilIps(fn()) 83 | wg.Done() 84 | }(fn) 85 | } 86 | wg.Wait() 87 | logger.Logger.Infof("Fetch Evil ips Done, used time: %v", time.Since(startTime)) 88 | } 89 | 90 | func FetchEvilDns() { 91 | var wg sync.WaitGroup 92 | startTime := time.Now() 93 | wg.Add(len(EvilDnsFuncs)) 94 | for _, fn := range EvilDnsFuncs { 95 | go func(fn EvilDnsFunc) { 96 | models.SaveEvilDns(fn()) 97 | wg.Done() 98 | }(fn) 99 | } 100 | wg.Wait() 101 | logger.Logger.Infof("Fetch Evil Dns Done, used time: %v", time.Since(startTime)) 102 | } 103 | 104 | func FetchAll(ctx *cli.Context) { 105 | 106 | for { 107 | go func(ctx *cli.Context) { 108 | FetchEvilDns() 109 | FetchEvilIps() 110 | models.Status() 111 | models.SaveToDB() 112 | models.SaveToFile(ctx) 113 | }(ctx) 114 | 115 | // update ip database interval, default 1 hour 116 | time.Sleep(60 * 60 * time.Second) 117 | } 118 | } 119 | 120 | func Startup(ctx *cli.Context) (err error) { 121 | Init() 122 | go FetchAll(ctx) 123 | web.RunWeb(ctx) 124 | return err 125 | } 126 | 127 | func Dump(ctx *cli.Context) (err error) { 128 | Init() 129 | FetchEvilDns() 130 | FetchEvilIps() 131 | models.Status() 132 | models.SaveToFile(ctx) 133 | return err 134 | } 135 | -------------------------------------------------------------------------------- /feeds/feeds_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchEvilDns(t *testing.T) { 33 | feeds.Init() 34 | 35 | feeds.FetchEvilDns() 36 | } 37 | 38 | func TestFetchEvilIps(t *testing.T) { 39 | feeds.Init() 40 | 41 | feeds.FetchEvilIps() 42 | } 43 | -------------------------------------------------------------------------------- /feeds/feodotracker.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromFeodotracker() (evilIps models.EvilIps, err error) { 36 | url := "https://feodotracker.abuse.ch/blocklist/?download=ipblocklist" 37 | src := "feodotracker.abuse.ch" 38 | desc := "malware" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | lines := strings.Split(string(ret), "\n") 48 | for _, line := range lines { 49 | if strings.HasPrefix(line, "#") || !strings.Contains(line, ".") { 50 | continue 51 | } 52 | evilIps.Ips = append(evilIps.Ips, line) 53 | } 54 | } 55 | } 56 | return evilIps, err 57 | } 58 | -------------------------------------------------------------------------------- /feeds/feodotracker_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromFeodotracker(t *testing.T) { 33 | t.Log(feeds.FetchFromFeodotracker()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/greensnow.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromGreensnow() (evilIps models.EvilIps, err error) { 36 | url := "http://blocklist.greensnow.co/greensnow.txt" 37 | src := "blocklist.greensnow.co" 38 | desc := "known attacker" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | ips := strings.Split(string(ret), "\n") 48 | evilIps.Ips = append(evilIps.Ips, ips...) 49 | } 50 | } 51 | return evilIps, err 52 | } 53 | -------------------------------------------------------------------------------- /feeds/greensnow_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromGreensnow(t *testing.T) { 33 | t.Log(feeds.FetchFromGreensnow()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/malwaredomainlist.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromMalwaredomainlist() (evilIps models.EvilIps, err error) { 36 | url := "http://www.malwaredomainlist.com/hostslist/ip.txt" 37 | src := "malwaredomainlist.com" 38 | desc := "potential malware site" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | ips := strings.Split(string(ret), "\r\n") 48 | evilIps.Ips = append(evilIps.Ips, ips...) 49 | } 50 | } 51 | return evilIps, err 52 | } 53 | -------------------------------------------------------------------------------- /feeds/malwaredomainlist_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromMalwaredomainlist(t *testing.T) { 33 | t.Log(feeds.FetchFromMalwaredomainlist()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/maxmind.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "github.com/PuerkitoBio/goquery" 32 | ) 33 | 34 | func FetchFrommaxmind() (evilIps models.EvilIps, err error) { 35 | url := "https://www.maxmind.com/en/high-risk-ip-sample-list" 36 | src := "www.maxmind.com" 37 | desc := "bad reputation (suspicious)" 38 | 39 | evilIps.Src.Source = src 40 | evilIps.Src.Desc = desc 41 | 42 | resp, err := util.GetPage(url) 43 | if err == nil { 44 | doc, err := goquery.NewDocumentFromReader(resp) 45 | if err == nil { 46 | TRs := doc.Find("a.span3") 47 | TRs.Each(func(_ int, sec *goquery.Selection) { 48 | if len(sec.Nodes) > 0 { 49 | ip := sec.Nodes[0].FirstChild.Data 50 | evilIps.Ips = append(evilIps.Ips, ip) 51 | } 52 | }) 53 | } 54 | } 55 | return evilIps, err 56 | } 57 | -------------------------------------------------------------------------------- /feeds/maxmind_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFrommaxmind(t *testing.T) { 33 | t.Log(feeds.FetchFrommaxmind()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/netlab360.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchDGADataFrom360Netlab() (evilDns models.EvilDns, err error) { 36 | url := "http://data.netlab.360.com/feeds/dga/dga.txt" 37 | // url := "http://127.0.0.1:8000/dga.txt" 38 | src := "data.netlab.360.com" 39 | desc := "360 netlab DGA Domain List" 40 | check := "\t" 41 | 42 | evilDns.Src.Source = src 43 | evilDns.Src.Desc = desc 44 | 45 | resp, err := util.GetPage(url) 46 | if err == nil { 47 | ret, err := ioutil.ReadAll(resp) 48 | if err == nil { 49 | lines := strings.Split(string(ret), "\n") 50 | for _, line := range lines { 51 | if strings.Contains(line, "#") { 52 | continue 53 | } 54 | tmp := strings.Split(line, check) 55 | if len(tmp) > 1 { 56 | evilDns.Domains = append(evilDns.Domains, tmp[1]) 57 | } 58 | } 59 | } 60 | } 61 | return evilDns, err 62 | } 63 | -------------------------------------------------------------------------------- /feeds/netlab360_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchDGADataFrom360Netlab(t *testing.T) { 33 | t.Log(feeds.FetchDGADataFrom360Netlab()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/rutgers.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromRutgers() (evilIps models.EvilIps, err error) { 36 | url := "https://report.cs.rutgers.edu/DROP/attackers" 37 | src := "rutgers.edu" 38 | desc := "known attacker" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | ips := strings.Split(string(ret), "\n") 48 | evilIps.Ips = append(evilIps.Ips, ips...) 49 | } 50 | } 51 | return evilIps, err 52 | } 53 | -------------------------------------------------------------------------------- /feeds/rutgers_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromRutgers(t *testing.T) { 33 | t.Log(feeds.FetchFromRutgers()) 34 | } 35 | -------------------------------------------------------------------------------- /feeds/zeustracker.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds 26 | 27 | import ( 28 | "xsec-evil-ips/models" 29 | "xsec-evil-ips/util" 30 | 31 | "io/ioutil" 32 | "strings" 33 | ) 34 | 35 | func FetchFromZeustracker() (evilIps models.EvilIps, err error) { 36 | url := "https://zeustracker.abuse.ch/blocklist.php?download=badips" 37 | src := "zeustracker.abuse.ch" 38 | desc := "known attacker" 39 | 40 | evilIps.Src.Source = src 41 | evilIps.Src.Desc = desc 42 | 43 | resp, err := util.GetPage(url) 44 | if err == nil { 45 | ret, err := ioutil.ReadAll(resp) 46 | if err == nil { 47 | lines := strings.Split(string(ret), "\n") 48 | for _, line := range lines { 49 | if strings.HasPrefix(line, "#") || !strings.Contains(line, ".") { 50 | continue 51 | } 52 | evilIps.Ips = append(evilIps.Ips, line) 53 | } 54 | } 55 | } 56 | return evilIps, err 57 | } 58 | -------------------------------------------------------------------------------- /feeds/zeustracker_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package feeds_test 26 | 27 | import ( 28 | "testing" 29 | "xsec-evil-ips/feeds" 30 | ) 31 | 32 | func TestFetchFromZeustracker(t *testing.T) { 33 | t.Log(feeds.FetchFromZeustracker()) 34 | } 35 | -------------------------------------------------------------------------------- /logger/log.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package logger 26 | 27 | import ( 28 | "github.com/sirupsen/logrus" 29 | "github.com/x-cray/logrus-prefixed-formatter" 30 | ) 31 | 32 | var ( 33 | Logger *logrus.Entry 34 | ) 35 | 36 | func init() { 37 | l := logrus.New() 38 | l.Formatter = new(prefixed.TextFormatter) 39 | l.Level = logrus.DebugLevel 40 | Logger = l.WithFields(logrus.Fields{"prefix": "xsec evil ips"}) 41 | } 42 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package main 26 | 27 | import ( 28 | "github.com/urfave/cli" 29 | 30 | "xsec-evil-ips/cmd" 31 | 32 | "os" 33 | "runtime" 34 | ) 35 | 36 | func init() { 37 | runtime.GOMAXPROCS(runtime.NumCPU()) 38 | } 39 | 40 | func main() { 41 | app := cli.NewApp() 42 | app.Name = "xsec Malicious ip database" 43 | app.Version = "20170925" 44 | app.Usage = "A Malicious ip database" 45 | app.Author = "netxfly" 46 | app.Email = "x@xsec.io" 47 | 48 | app.Commands = []cli.Command{ 49 | cmd.Serve, 50 | // cmd.RunWeb, 51 | cmd.SaveFile, 52 | cmd.LoadFile, 53 | } 54 | 55 | app.Run(os.Args) 56 | } 57 | -------------------------------------------------------------------------------- /models/cache.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package models 26 | 27 | import ( 28 | "github.com/patrickmn/go-cache" 29 | "github.com/urfave/cli" 30 | "github.com/toolkits/slice" 31 | 32 | "xsec-evil-ips/logger" 33 | 34 | "encoding/gob" 35 | ) 36 | 37 | func init() { 38 | gob.Register(DomainList{}) 39 | gob.Register(IpList{}) 40 | } 41 | 42 | func CacheStatus(cache *cache.Cache) (count int, items map[string]cache.Item) { 43 | count = cache.ItemCount() 44 | items = cache.Items() 45 | return count, items 46 | } 47 | 48 | func Status() { 49 | { 50 | count, _ := CacheStatus(CACHE_IPS) 51 | logger.Logger.Infof("Evil Ips count:%v", count) 52 | } 53 | 54 | { 55 | count, _ := CacheStatus(CACHE_DNS) 56 | logger.Logger.Infof("Evil Dns count:%v", count) 57 | } 58 | } 59 | 60 | func SaveToFile(ctx *cli.Context) (err error) { 61 | CACHE_IPS.SaveFile("ips") 62 | CACHE_DNS.SaveFile("dns") 63 | return err 64 | } 65 | 66 | func SaveToDB() { 67 | ClearDB() 68 | 69 | Num := 5000 70 | domainList := make([]DomainList, 0) 71 | { 72 | n, items := CacheStatus(CACHE_DNS) 73 | for _, v := range items { 74 | d := v.Object.(DomainList) 75 | domainList = append(domainList, d) 76 | } 77 | 78 | if n%Num == 0 { 79 | batch := n / Num 80 | for i := 0; i < batch; i++ { 81 | domains := domainList[i*Num:(i+1)*Num] 82 | InsertDomains2Db(domains) 83 | //log.Println(ret, err, i*Num, (i+1)*Num) 84 | } 85 | } else { 86 | batch := n / Num 87 | for i := 0; i < batch; i++ { 88 | domains := domainList[i*Num:(i+1)*Num] 89 | InsertDomains2Db(domains) 90 | } 91 | InsertDomains2Db(domainList[batch*Num:n]) 92 | } 93 | } 94 | 95 | ipList := make([]IpList, 0) 96 | { 97 | n, items := CacheStatus(CACHE_IPS) 98 | for _, v := range items { 99 | i := v.Object.(IpList) 100 | ipList = append(ipList, i) 101 | } 102 | 103 | if n%Num == 0 { 104 | batch := n / Num 105 | for i := 0; i < batch; i++ { 106 | ips := ipList[i*Num:(i+1)*Num] 107 | InsertIps2Db(ips) 108 | 109 | } 110 | } else { 111 | batch := n / Num 112 | for i := 0; i < batch; i++ { 113 | ips := ipList[i*Num:(i+1)*Num] 114 | InsertIps2Db(ips) 115 | 116 | } 117 | InsertIps2Db(ipList[batch*Num:n]) 118 | } 119 | } 120 | } 121 | 122 | func SaveEvilDns(evilDns EvilDns, err error) { 123 | if err == nil { 124 | domains := evilDns.Domains 125 | src := evilDns.Src 126 | for _, d := range domains { 127 | infos := make([]Source, 0) 128 | infos = append(infos, src) 129 | domain := NewDomainList(d, infos) 130 | item, found := CACHE_DNS.Get(d) 131 | if found { 132 | v := item.(DomainList) 133 | infos := v.Info 134 | 135 | sliceSource := make([]string, 0) 136 | for _, s := range infos { 137 | sliceSource = append(sliceSource, s.Source) 138 | } 139 | if !slice.ContainsString(sliceSource, src.Source) { 140 | infos = append(infos, src) 141 | } 142 | domain = NewDomainList(d, infos) 143 | 144 | } 145 | 146 | CACHE_DNS.Set(d, domain, cache.NoExpiration) 147 | } 148 | } 149 | } 150 | 151 | func SaveEvilIps(evilIps EvilIps, err error) { 152 | if err == nil { 153 | ips := evilIps.Ips 154 | src := evilIps.Src 155 | for _, ip := range ips { 156 | infos := make([]Source, 0) 157 | infos = append(infos, src) 158 | ipList := NewIpList(ip, infos) 159 | item, found := CACHE_IPS.Get(ip) 160 | if found { 161 | v := item.(IpList) 162 | infos := v.Info 163 | 164 | sliceSource := make([]string, 0) 165 | for _, s := range infos { 166 | sliceSource = append(sliceSource, s.Source) 167 | } 168 | if !slice.ContainsString(sliceSource, src.Source) { 169 | infos = append(infos, src) 170 | } 171 | ipList = NewIpList(ip, infos) 172 | } 173 | CACHE_IPS.Set(ip, ipList, cache.NoExpiration) 174 | } 175 | } 176 | } 177 | -------------------------------------------------------------------------------- /models/evil_ips.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package models 26 | 27 | // bad ip or dns source info 28 | type Source struct { 29 | Desc string 30 | Source string 31 | } 32 | 33 | // evil ips 34 | type EvilIps struct { 35 | Ips []string 36 | Src Source 37 | } 38 | 39 | // evil dns 40 | type EvilDns struct { 41 | Domains []string 42 | Src Source 43 | } 44 | 45 | type IpList struct { 46 | Id int64 47 | Ip string `xorm:"ip"` 48 | Info []Source `xorm:"info"` 49 | } 50 | 51 | type DomainList struct { 52 | Id int64 53 | Domain string `xorm:"domain"` 54 | Info []Source `xorm:"info"` 55 | } 56 | 57 | func NewIpList(ip string, info []Source) (IpList) { 58 | infos := make([]Source, 0) 59 | infos = append(infos, info...) 60 | return IpList{Ip: ip, Info: infos} 61 | } 62 | 63 | func (i *IpList) IsExist() (has bool, err error) { 64 | var iplist IpList 65 | has, err = Engine.Table("ip_list").Where("ip=?", i.Ip).Get(&iplist) 66 | return has, err 67 | } 68 | 69 | func (i *IpList) Update() (err error) { 70 | var iplist IpList 71 | has, err := Engine.Table("ip_list").Where("ip=?", i.Ip).Get(&iplist) 72 | if err == nil && has { 73 | Id := iplist.Id 74 | iplist.Info = append(iplist.Info, i.Info[0]) 75 | _, err = Engine.Table("ip_list").ID(Id).Update(&iplist) 76 | } 77 | return err 78 | } 79 | 80 | func (i *IpList) Insert() (err error) { 81 | _, err = Engine.Table("ip_list").Insert(i) 82 | return err 83 | } 84 | 85 | func NewDomainList(domain string, info []Source) (DomainList) { 86 | infos := make([]Source, 0) 87 | infos = append(infos, info...) 88 | return DomainList{Domain: domain, Info: infos} 89 | } 90 | 91 | func (d *DomainList) IsExist() (has bool, err error) { 92 | var domainList DomainList 93 | has, err = Engine.Table("domain_list").Where("domain=?", d.Domain).Get(&domainList) 94 | return has, err 95 | } 96 | 97 | func (d *DomainList) Update() (err error) { 98 | var domainList DomainList 99 | has, err := Engine.Table("domain_list").Where("domain=?", d.Domain).Get(&domainList) 100 | if err == nil && has { 101 | Id := domainList.Id 102 | domainList.Info = append(domainList.Info, d.Info[0]) 103 | _, err = Engine.Table("domain_list").ID(Id).Update(&domainList) 104 | } 105 | return err 106 | } 107 | 108 | func (d *DomainList) Insert() (err error) { 109 | _, err = Engine.Table("domain_list").Insert(d) 110 | return err 111 | } 112 | 113 | func InsertIps2Db(ips []IpList) (int64, error) { 114 | return Engine.Table("ip_list").Insert(ips) 115 | } 116 | 117 | func InsertDomains2Db(domains []DomainList) (int64, error) { 118 | return Engine.Table("domain_list").Insert(domains) 119 | } 120 | 121 | func ClearDB() (err error) { 122 | _, err = Engine.Exec("delete from ip_list") 123 | _, err = Engine.Exec("delte from domain_list") 124 | return err 125 | } 126 | -------------------------------------------------------------------------------- /models/models.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package models 26 | 27 | import ( 28 | "xsec-evil-ips/settings" 29 | "xsec-evil-ips/logger" 30 | 31 | "github.com/go-xorm/xorm" 32 | "github.com/go-xorm/core" 33 | "github.com/patrickmn/go-cache" 34 | 35 | _ "github.com/go-sql-driver/mysql" 36 | _ "github.com/lib/pq" 37 | _ "github.com/mattn/go-sqlite3" 38 | 39 | "path/filepath" 40 | "fmt" 41 | ) 42 | 43 | var ( 44 | DATA_TYPE string 45 | DATA_NAME string 46 | DATA_HOST string 47 | DATA_PORT int 48 | USERNAME string 49 | PASSWORD string 50 | SSL_MODE string 51 | 52 | Engine *xorm.Engine 53 | CACHE_IPS, CACHE_DNS *cache.Cache 54 | ) 55 | 56 | func init() { 57 | cfg := settings.Cfg 58 | sec := cfg.Section("DATABASE") 59 | 60 | DATA_TYPE = sec.Key("DATA_TYPE").MustString("sqlite") 61 | DATA_NAME = sec.Key("DATA_NAME").MustString("data") 62 | DATA_HOST = sec.Key("DATA_HOST").MustString("DATA_HOST") 63 | DATA_PORT = sec.Key("DATA_PORT").MustInt(3306) 64 | USERNAME = sec.Key("USERNAME").MustString("USERNAME") 65 | PASSWORD = sec.Key("PASSWORD").MustString("PASSWORD") 66 | SSL_MODE = sec.Key("SSL_MODE").MustString("disable") 67 | 68 | err := NewDbEngine() 69 | if err == nil { 70 | Engine.Sync2(new(IpList)) 71 | Engine.Sync2(new(DomainList)) 72 | } 73 | 74 | CACHE_IPS = cache.New(cache.NoExpiration, cache.DefaultExpiration) 75 | CACHE_DNS = cache.New(cache.NoExpiration, cache.DefaultExpiration) 76 | 77 | } 78 | 79 | // init a database instance 80 | func NewDbEngine() (err error) { 81 | switch DATA_TYPE { 82 | case "sqlite": 83 | cur, _ := filepath.Abs(".") 84 | dataSourceName := fmt.Sprintf("%v/%v/%v.db", cur, "data", DATA_NAME) 85 | logger.Logger.Infof("sqlite db: %v", dataSourceName) 86 | Engine, err = xorm.NewEngine("sqlite3", dataSourceName) 87 | Engine.Logger().SetLevel(core.LOG_OFF) 88 | err = Engine.Ping() 89 | 90 | case "mysql": 91 | dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", 92 | USERNAME, PASSWORD, DATA_HOST, DATA_PORT, DATA_NAME) 93 | 94 | Engine, err = xorm.NewEngine("mysql", dataSourceName) 95 | err = Engine.Ping() 96 | case "postgres": 97 | dbSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", USERNAME, PASSWORD, DATA_HOST, 98 | DATA_PORT, DATA_NAME, SSL_MODE) 99 | Engine, err = xorm.NewEngine("postgres", dbSourceName) 100 | err = Engine.Ping() 101 | 102 | default: 103 | cur, _ := filepath.Abs(".") 104 | dataSourceName := fmt.Sprintf("%v/%v/%v.db", cur, "data", DATA_NAME) 105 | logger.Logger.Infof("sqlite db: %v", dataSourceName) 106 | Engine, err = xorm.NewEngine("sqlite3", dataSourceName) 107 | err = Engine.Ping() 108 | } 109 | 110 | return err 111 | } 112 | -------------------------------------------------------------------------------- /settings/settings.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package settings 26 | 27 | import ( 28 | "gopkg.in/ini.v1" 29 | 30 | "xsec-evil-ips/logger" 31 | ) 32 | 33 | var ( 34 | Cfg *ini.File 35 | DEBUG bool 36 | SECRET string 37 | ) 38 | 39 | func init() { 40 | var err error 41 | source := "conf/app.ini" 42 | Cfg, err = ini.Load(source) 43 | 44 | if err != nil { 45 | logger.Logger.Panicln(err) 46 | } 47 | DEBUG = Cfg.Section("").Key("DEBUG").MustBool(true) 48 | SECRET = Cfg.Section("").Key("SECRET").MustString("SECRET_KEY") 49 | } 50 | -------------------------------------------------------------------------------- /util/client.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package util 26 | 27 | import ( 28 | "bytes" 29 | "crypto/tls" 30 | "io" 31 | "net/http" 32 | "time" 33 | 34 | "xsec-evil-ips/settings" 35 | "xsec-evil-ips/logger" 36 | ) 37 | 38 | func GetPage(url string) (io.Reader, error) { 39 | if settings.DEBUG { 40 | logger.Logger.Infof("Get data from %v", url) 41 | } 42 | 43 | req, err := http.NewRequest("GET", url, nil) 44 | if err != nil { 45 | return nil, err 46 | } 47 | req.Header.Set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.25 Safari/537.36") 48 | client := &http.Client{ 49 | Transport: &http.Transport{ 50 | TLSClientConfig: &tls.Config{ 51 | InsecureSkipVerify: false, 52 | }, 53 | }, 54 | Timeout: 30 * time.Second, 55 | } 56 | 57 | resp, err := client.Do(req) 58 | if err != nil { 59 | return nil, err 60 | } 61 | 62 | defer func() { 63 | if resp != nil { 64 | resp.Body.Close() 65 | } 66 | }() 67 | 68 | buf := bytes.NewBuffer(nil) 69 | _, err = io.Copy(buf, resp.Body) 70 | if err != nil { 71 | return nil, err 72 | } 73 | return buf, nil 74 | } 75 | -------------------------------------------------------------------------------- /util/lib.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package util 26 | 27 | import ( 28 | "crypto/md5" 29 | "fmt" 30 | "io" 31 | ) 32 | 33 | // md5 function 34 | func MD5(s string) (m string) { 35 | h := md5.New() 36 | io.WriteString(h, s) 37 | return fmt.Sprintf("%x", h.Sum(nil)) 38 | } 39 | 40 | // create a sign by key & md5 41 | func MakeSign(t string, key string) (sign string) { 42 | sign = MD5(fmt.Sprintf("%s%s", t, key)) 43 | return sign 44 | } 45 | -------------------------------------------------------------------------------- /web/init.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package web 26 | 27 | import ( 28 | "xsec-evil-ips/settings" 29 | ) 30 | 31 | var ( 32 | HTTP_HOST string 33 | HTTP_PORT int 34 | ) 35 | 36 | func init() { 37 | cfg := settings.Cfg 38 | HTTP_HOST = cfg.Section("").Key("HTTP_HOST").MustString("127.0.0.1") 39 | HTTP_PORT = cfg.Section("").Key("HTTP_PORT").MustInt(8000) 40 | } 41 | -------------------------------------------------------------------------------- /web/routers/admin.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package routers 26 | 27 | import ( 28 | "gopkg.in/macaron.v1" 29 | ) 30 | 31 | func Index(ctx *macaron.Context) { 32 | ctx.Write([]byte("test")) 33 | } 34 | -------------------------------------------------------------------------------- /web/routers/api.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package routers 26 | 27 | import ( 28 | "gopkg.in/macaron.v1" 29 | "github.com/patrickmn/go-cache" 30 | "github.com/toolkits/slice" 31 | 32 | "xsec-evil-ips/models" 33 | "xsec-evil-ips/logger" 34 | "xsec-evil-ips/settings" 35 | "xsec-evil-ips/util" 36 | 37 | "strings" 38 | ) 39 | 40 | type IplistApi struct { 41 | Evil bool `json:"evil"` 42 | Data models.IpList `json:"data"` 43 | } 44 | 45 | type DnsApi struct { 46 | Evil bool `json:"evil"` 47 | Data models.DomainList `json:"data"` 48 | } 49 | 50 | func CheckIp(ctx *macaron.Context) { 51 | var ipApi IplistApi 52 | ip := strings.TrimSpace(ctx.Params("ip")) 53 | v, has := models.CACHE_IPS.Get(ip) 54 | data, ok := v.(models.IpList) 55 | 56 | if settings.DEBUG { 57 | logger.Logger.Infof("ip: %v, ret: %v", ip, data) 58 | } 59 | 60 | if ok { 61 | ipApi.Evil = has 62 | ipApi.Data = data 63 | } 64 | ctx.JSON(200, ipApi) 65 | } 66 | 67 | func CheckDomain(ctx *macaron.Context) { 68 | var domainApi DnsApi 69 | domain := strings.TrimSpace(ctx.Params("domain")) 70 | v, has := models.CACHE_DNS.Get(domain) 71 | data, ok := v.(models.DomainList) 72 | 73 | if settings.DEBUG { 74 | logger.Logger.Infof("ip: %v, ret: %v", domain, data) 75 | } 76 | 77 | if ok { 78 | domainApi.Evil = has 79 | domainApi.Data = data 80 | } 81 | ctx.JSON(200, domainApi) 82 | } 83 | 84 | func UpdateIp(ctx *macaron.Context) { 85 | ctx.Req.ParseForm() 86 | timestamp := ctx.Req.Form.Get("timestamp") 87 | secureKey := ctx.Req.Form.Get("secureKey") 88 | ip := ctx.Req.Form.Get("ip") 89 | pro := ctx.Req.Form.Get("pro") 90 | if secureKey == util.MakeSign(timestamp, settings.SECRET) { 91 | var info []models.Source 92 | srcPro := models.Source{Desc: "real time attacker", Source: pro} 93 | info = append(info, srcPro) 94 | ipList := models.NewIpList(ip, info) 95 | item, found := models.CACHE_IPS.Get(ip) 96 | if found { 97 | v := item.(models.IpList) 98 | infos := v.Info 99 | 100 | sliceSource := make([]string, 0) 101 | for _, s := range infos { 102 | sliceSource = append(sliceSource, s.Source) 103 | } 104 | if !slice.ContainsString(sliceSource, srcPro.Source) { 105 | infos = append(infos, srcPro) 106 | } 107 | ipList = models.NewIpList(ip, infos) 108 | } 109 | models.CACHE_IPS.Set(ip, ipList, cache.NoExpiration) 110 | ips := make([]models.IpList, 0) 111 | ips = append(ips, ipList) 112 | models.InsertIps2Db(ips) 113 | ctx.JSON(200, ipList) 114 | } else { 115 | ctx.JSON(200, "error") 116 | } 117 | } 118 | 119 | func UpdateDomain(ctx *macaron.Context) { 120 | ctx.Req.ParseForm() 121 | timestamp := ctx.Req.Form.Get("timestamp") 122 | secureKey := ctx.Req.Form.Get("secureKey") 123 | domain := ctx.Req.Form.Get("domain") 124 | pro := ctx.Req.Form.Get("pro") 125 | if secureKey == util.MakeSign(timestamp, settings.SECRET) { 126 | var info []models.Source 127 | srcPro := models.Source{Desc: "real time attacker", Source: pro} 128 | info = append(info, srcPro) 129 | d := models.NewDomainList(domain, info) 130 | 131 | item, found := models.CACHE_DNS.Get(domain) 132 | if found { 133 | v := item.(models.DomainList) 134 | infos := v.Info 135 | 136 | sliceSource := make([]string, 0) 137 | for _, s := range infos { 138 | sliceSource = append(sliceSource, s.Source) 139 | } 140 | if !slice.ContainsString(sliceSource, srcPro.Source) { 141 | infos = append(infos, srcPro) 142 | } 143 | d = models.NewDomainList(domain, infos) 144 | } 145 | 146 | models.CACHE_DNS.Set(domain, d, cache.NoExpiration) 147 | domains := make([]models.DomainList, 0) 148 | domains = append(domains, d) 149 | models.InsertDomains2Db(domains) 150 | ctx.JSON(200, domains) 151 | } else { 152 | ctx.JSON(200, "error") 153 | } 154 | } 155 | -------------------------------------------------------------------------------- /web/routers/api_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package routers_test 26 | 27 | import ( 28 | "testing" 29 | "time" 30 | "net/http" 31 | "net/url" 32 | 33 | "xsec-evil-ips/util" 34 | ) 35 | 36 | func TestUpdateIp(t *testing.T) { 37 | u := "http://127.0.0.1:8000/api/ip/" 38 | timestamp := time.Now().Format("2006-01-02 15:04:05") 39 | k := "aadcbfbc837757a9a24ac96cf9171c8b" 40 | ip := "212.129.58.111" 41 | pro := "xsec test pro" 42 | 43 | t.Log(http.PostForm(u, url.Values{"timestamp": {timestamp}, "secureKey": {util.MakeSign(timestamp, k)}, "ip": {ip}, "pro": {pro}})) 44 | } 45 | 46 | func TestUpdateDomain(t *testing.T) { 47 | u := "http://127.0.0.1:8000/api/domain/" 48 | timestamp := time.Now().Format("2006-01-02 15:04:05") 49 | k := "aadcbfbc837757a9a24ac96cf9171c8b" 50 | domain := "www.hosting2balooonba.com" 51 | pro := "xsec test pro" 52 | 53 | t.Log(http.PostForm(u, url.Values{"timestamp": {timestamp}, "secureKey": {util.MakeSign(timestamp, k)}, "domain": {domain}, "pro": {pro}})) 54 | } -------------------------------------------------------------------------------- /web/web.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Copyright (c) 2017 xsec.io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | */ 24 | 25 | package web 26 | 27 | import ( 28 | "fmt" 29 | "net/http" 30 | 31 | "github.com/go-macaron/cache" 32 | "github.com/go-macaron/csrf" 33 | "github.com/go-macaron/session" 34 | "gopkg.in/macaron.v1" 35 | 36 | "github.com/urfave/cli" 37 | 38 | "xsec-evil-ips/web/routers" 39 | "xsec-evil-ips/models" 40 | "xsec-evil-ips/logger" 41 | ) 42 | 43 | func RunWeb(ctx *cli.Context) (err error) { 44 | m := macaron.Classic() 45 | m.Use(macaron.Renderer()) 46 | m.Use(session.Sessioner()) 47 | m.Use(csrf.Csrfer()) 48 | m.Use(cache.Cacher()) 49 | 50 | m.Get("/", routers.Index) 51 | m.Get("/api/ip/:ip", routers.CheckIp) 52 | m.Post("/api/ip/", routers.UpdateIp) 53 | 54 | m.Get("/api/domain/:domain", routers.CheckDomain) 55 | m.Post("/api/domain/", routers.UpdateDomain) 56 | 57 | logger.Logger.Infof("run server on %v", fmt.Sprintf("%v:%v", HTTP_HOST, HTTP_PORT)) 58 | err = http.ListenAndServe(fmt.Sprintf("%v:%v", HTTP_HOST, HTTP_PORT), m) 59 | 60 | return err 61 | } 62 | 63 | func LoadFromFile(ctx *cli.Context) (err error) { 64 | models.Status() 65 | models.CACHE_IPS.LoadFile("ips") 66 | models.CACHE_DNS.LoadFile("dns") 67 | models.Status() 68 | models.SaveToDB() 69 | RunWeb(ctx) 70 | return err 71 | } 72 | --------------------------------------------------------------------------------