建立危险 IP 域名库

创建:xiaozi · 最后修改:xiaozi 2019-07-27 16:25 ·

背景目标

场景

  1. 短网址,需要保护好用户不会访问到钓鱼网站,防止网站被chrome等浏览器屏蔽

  2. 网页截图,防止服务器下载到有害网页

  3. 防止外部IP恶意攻击网站

功能分析

详细设计

数据源

参考:xsec-ip-database

格式 类型 地址 描述

文本

IP

https://reputation.alienvault.com/reputation.generic

alienvault

文本

IP

https://www.badips.com/get/list/any/2?age=7d

badips

文本

DOMAIN

http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt http://osint.bambenekconsulting.com/feeds/dga-feed.txt http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt

bambenekconsulting

文本

IP

https://lists.blocklist.de/lists/all.txt

blocklist

文本

IP

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_1d.ipset

botscout

文本

IP

http://danger.rulez.sk/projects/bruteforceblocker/blist.php

bruteforceblocker

文本

IP

http://cinsscore.com/list/ci-badguys.txt

cinsscore

文本

IP

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit_web_attacks.ipset

cruzit

文本

DOMAIN

http://cybercrime-tracker.net/ccam.php

cybercrime

文本

IP

http://cybersweat.shop/iprep/iprep_ramnode.txt

cybersweat

文本

IP

https://dataplane.org/dnsrd.txt https://dataplane.org/dnsrdany.txt https://dataplane.org/dnsversion.txt https://dataplane.org/sipinvitation.txt https://dataplane.org/sipquery.txt https://dataplane.org/sipregistration.txt https://dataplane.org/sshclient.txt https://dataplane.org/sshpwauth.txt https://dataplane.org/vncrfb.txt

dataplane

文本

IP&DOMAIN

https://isc.sans.edu/feeds/suspiciousdomains_Low.txt http://feeds.dshield.org/top10-2.txt

dshield

文本

IP

http://rules.emergingthreats.net/open/suricata/rules/botcc.rules http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt

emergingthreats

文本

IP

https://feodotracker.abuse.ch/blocklist/?download=ipblocklist

feodotracker

文本

IP

http://blocklist.greensnow.co/greensnow.txt

greensnow

文本

IP

http://www.malwaredomainlist.com/hostslist/ip.txt

malware

HTML

IP

https://www.maxmind.com/en/high-risk-ip-sample-list

maxmind

文本

DOMAIN

http://data.netlab.360.com/feeds/dga/dga.txt

netlab360

文本

IP

https://report.cs.rutgers.edu/DROP/attackers

rutgers

文本

IP

https://zeustracker.abuse.ch/blocklist.php?download=badips

zeustracker

区间合并

这边会用到leetcode上的一道算法题

127.0.0.1 ~ 127.0.0.4
127.0.0.3
127.0.0.4 ~ 127.0.0.6

合并成 ->

127.0.0.1 ~ 127.0.0.6
inputs = [
        ipaddress.ip_network('127.0.0.1'),
        ipaddress.ip_network('127.0.0.2'),
        ipaddress.ip_network('127.0.0.3'),
        ipaddress.ip_network('127.0.0.4'),
        ipaddress.ip_network('127.0.0.125/32')]
start, end = (ipaddress.ip_network('127.0.0.1')[0], ipaddress.ip_network('127.0.0.1')[0])
for inp in inputs:
    l = inp.num_addresses
    if inp[0] > end + 1:
        print(start, end)
        print([i for i in ipaddress.summarize_address_range(start, end)])
        start = inp[0]
        end = inp[l-1]
    elif inp[l-1] > end:
        end = inp[l-1]
print(start, end)

区间插入


浏览 16176 次

首页
Copyright © 2011-2021 iteam. Current version is 2.78.0. UTC+08:00, 2021-10-19 19:51
浙ICP备14020137号-1 $访客地图$