diff --git a/.gitignore b/.gitignore index 67996c7..2d90c1a 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ db/ logs/ __pycache__/ +mods/mod_jsonrpc.py configuration.json -install.log +*.log test.py \ No newline at end of file diff --git a/core/base.py b/core/base.py index bb39d27..808e9b6 100644 --- a/core/base.py +++ b/core/base.py @@ -218,7 +218,7 @@ class Base: """Supprime les modules de la base de données Args: - cmd (str): le module a enregistrer + cmd (str): le module a supprimer """ insert_cmd_query = f"DELETE FROM {self.Config.table_module} WHERE module_name = :module_name" mes_donnees = {'module_name': module_name} @@ -307,7 +307,7 @@ class Base: def db_update_core_config(self, module_name:str, dataclassObj: object, param_key:str, param_value: str) -> bool: - core_table = 'core_config' + core_table = self.Config.table_config # Check if the param exist if not hasattr(dataclassObj, param_key): self.logs.error(f"Le parametre {param_key} n'existe pas dans la variable global") @@ -330,6 +330,10 @@ class Base: if updated_rows > 0: setattr(dataclassObj, param_key, self.int_if_possible(param_value)) self.logs.debug(f'Parameter updated : {param_key} - {param_value} | Module: {module_name}') + else: + self.logs.error(f'Parameter NOT updated : {param_key} - {param_value} | Module: {module_name}') + else: + self.logs.error(f'Parameter and Module do not exist: Param ({param_key}) - Value ({param_value}) | Module ({module_name})') self.logs.debug(dataclassObj) diff --git a/core/connection.py b/core/connection.py index db4ff57..0b403d4 100644 --- a/core/connection.py +++ b/core/connection.py @@ -203,7 +203,6 @@ class Connection: final_message = ' '.join(message) self.send2socket(f"PRIVMSG {clone_channel} :{final_message}") - except UnicodeEncodeError: for data in cmd: diff --git a/core/installation.py b/core/installation.py index fb68d56..a29ffd7 100644 --- a/core/installation.py +++ b/core/installation.py @@ -36,8 +36,6 @@ class Install: if self.skip_install: return None - print(f'Configuration loaded : {self.config}') - # Sinon tester les dependances python et les installer avec pip if self.do_install(): diff --git a/core/irc.py b/core/irc.py index d6bf9a0..2e7e80e 100644 --- a/core/irc.py +++ b/core/irc.py @@ -1,4 +1,4 @@ -import ssl, re, importlib, sys, time, threading, socket +import ssl, re, importlib, sys, time, threading, socket, traceback from ssl import SSLSocket from datetime import datetime, timedelta from typing import Union, Literal @@ -176,6 +176,7 @@ class Irc: self.Base.logs.critical(f"AttributeError: {atte}") except Exception as e: self.Base.logs.critical(f"Exception: {e}") + self.Base.logs.critical(traceback.print_exc()) def __link(self, writer:Union[socket.socket, SSLSocket]) -> None: """Créer le link et envoyer les informations nécessaires pour la @@ -274,14 +275,20 @@ class Irc: response = data.decode(self.CHARSET[0]).split() self.cmd(response) - except UnicodeEncodeError: + except UnicodeEncodeError as ue: for data in responses: response = data.decode(self.CHARSET[1],'replace').split() self.cmd(response) - except UnicodeDecodeError: + self.Base.logs.error(f'UnicodeEncodeError: {ue}') + self.Base.logs.error(response) + + except UnicodeDecodeError as ud: for data in responses: response = data.decode(self.CHARSET[1],'replace').split() self.cmd(response) + self.Base.logs.error(f'UnicodeDecodeError: {ud}') + self.Base.logs.error(response) + except AssertionError as ae: self.Base.logs.error(f"Assertion error : {ae}") @@ -446,6 +453,7 @@ class Irc: except ModuleNotFoundError as moduleNotFound: self.Base.logs.error(f"MODULE_NOT_FOUND: {moduleNotFound}") self.send2socket(f":{self.Config.SERVICE_NICKNAME} PRIVMSG {self.Config.SERVICE_CHANLOG} :[ {self.Config.CONFIG_COLOR['rouge']}MODULE_NOT_FOUND{self.Config.CONFIG_COLOR['noire']} ]: {moduleNotFound}") + self.Base.db_delete_module(module_name) except Exception as e: self.Base.logs.error(f"Something went wrong with a module you want to load : {e}") self.send2socket(f":{self.Config.SERVICE_NICKNAME} PRIVMSG {self.Config.SERVICE_CHANLOG} :[ {self.Config.CONFIG_COLOR['rouge']}ERROR{self.Config.CONFIG_COLOR['noire']} ]: {e}") @@ -576,7 +584,6 @@ class Irc: return None def thread_check_for_new_version(self, fromuser: str) -> None: - dnickname = self.Config.SERVICE_NICKNAME if self.Base.check_for_new_version(True): @@ -587,35 +594,39 @@ class Irc: return None - def cmd(self, data:list) -> None: + def cmd(self, data: list[str]) -> None: + """Parse server response + + Args: + data (list[str]): Server response splitted in a list + """ try: + original_response: list[str] = data.copy() - cmd_to_send:list[str] = data.copy() - cmd = data.copy() + interm_response: list[str] = data.copy() + """This the original without first value""" - cmd_to_debug = data.copy() - cmd_to_debug.pop(0) + interm_response.pop(0) - if len(cmd) == 0 or len(cmd) == 1: - self.Base.logs.warning(f'Size ({str(len(cmd))}) - {cmd}') + if len(original_response) == 0 or len(original_response) == 1: + self.Base.logs.warning(f'Size ({str(len(original_response))}) - {original_response}') return False - # self.debug(cmd_to_debug) - if len(data) == 7: - if data[2] == 'PRIVMSG' and data[4] == ':auth': - data_copy = data.copy() + if len(original_response) == 7: + if original_response[2] == 'PRIVMSG' and original_response[4] == ':auth': + data_copy = original_response.copy() data_copy[6] = '**********' self.Base.logs.debug(data_copy) else: - self.Base.logs.debug(data) + self.Base.logs.debug(original_response) else: - self.Base.logs.debug(data) + self.Base.logs.debug(original_response) - match cmd[0]: + match original_response[0]: case 'PING': # Sending PONG response to the serveur - pong = str(cmd[1]).replace(':','') + pong = str(original_response[1]).replace(':','') self.send2socket(f"PONG :{pong}") return None @@ -624,19 +635,19 @@ class Irc: # 'PREFIX=(qaohv)~&@%+', 'SID=001', 'MLOCK', 'TS=1703793941', 'EXTSWHOIS'] # GET SERVER ID HOST - if len(cmd) > 5: - if '=' in cmd[5]: - serveur_hosting_id = str(cmd[5]).split('=') + if len(original_response) > 5: + if '=' in original_response[5]: + serveur_hosting_id = str(original_response[5]).split('=') self.HSID = serveur_hosting_id[1] return False case _: pass - if len(cmd) < 2: + if len(original_response) < 2: return False - match cmd[1]: + match original_response[1]: case 'SLOG': # self.Base.scan_ports(cmd[7]) @@ -647,20 +658,18 @@ class Irc: case 'REPUTATION': # :001 REPUTATION 91.168.141.239 118 try: - # if self.Config.ABUSEIPDB == 1: - # self.Base.create_thread(self.abuseipdb_scan, (cmd[2], )) - self.first_connexion_ip = cmd[2] + self.first_connexion_ip = original_response[2] self.first_score = 0 - if str(cmd[3]).find('*') != -1: + if str(original_response[3]).find('*') != -1: # If * available, it means that an ircop changed the repurtation score # means also that the user exist will try to update all users with same IP - self.first_score = int(str(cmd[3]).replace('*','')) + self.first_score = int(str(original_response[3]).replace('*','')) for user in self.User.UID_DB: if user.remote_ip == self.first_connexion_ip: user.score_connexion = self.first_score else: - self.first_score = int(cmd[3]) + self.first_score = int(original_response[3]) # Possibilité de déclancher les bans a ce niveau. except IndexError as ie: @@ -683,7 +692,7 @@ class Irc: case 'EOS': - hsid = str(cmd[0]).replace(':','') + hsid = str(original_response[0]).replace(':','') if hsid == self.HSID: if self.INIT == 1: current_version = self.Config.current_version @@ -693,10 +702,6 @@ class Irc: else: version = f'{current_version}' - # self.send2socket(f":{self.Config.SERVICE_NICKNAME} SVSJOIN {self.Config.SERVICE_NICKNAME} {self.Config.SERVICE_CHANLOG}") - # self.send2socket(f":{self.Config.SERVICE_NICKNAME} MODE {self.Config.SERVICE_CHANLOG} +o {self.Config.SERVICE_NICKNAME}") - # self.send2socket(f":{self.Config.SERVICE_NICKNAME} MODE {self.Config.SERVICE_CHANLOG} +{self.Config.SERVICE_CMODES}") - print(f"################### DEFENDER ###################") print(f"# SERVICE CONNECTE ") print(f"# SERVEUR : {self.Config.SERVEUR_IP} ") @@ -728,15 +733,15 @@ class Irc: case _: pass - if len(cmd) < 3: + if len(original_response) < 3: return False - match cmd[2]: + match original_response[2]: case 'QUIT': # :001N1WD7L QUIT :Quit: free_znc_1 - cmd.pop(0) - uid_who_quit = str(cmd[0]).replace(':', '') + + uid_who_quit = str(interm_response[0]).replace(':', '') self.User.delete(uid_who_quit) self.Channel.delete_user_from_all_channel(uid_who_quit) @@ -748,10 +753,8 @@ class Irc: # ['@unrealircd.org/geoip=FR;unrealircd.org/', ':001OOU2H3', 'NICK', 'WebIrc', '1703795844'] # Changement de nickname - # Supprimer la premiere valeur de la liste - cmd.pop(0) - uid = str(cmd[0]).replace(':','') - newnickname = cmd[2] + uid = str(interm_response[0]).replace(':','') + newnickname = interm_response[2] self.User.update(uid, newnickname) case 'MODE': @@ -766,24 +769,24 @@ class Irc: # ':001T6VU3F', '001JGWB2K', '@11ZAAAAAB', # '001F16WGR', '001X9YMGQ', '*+001DYPFGP', '@00BAAAAAJ', '001AAGOG9', '001FMFVG8', '001DAEEG7', # '&~G:unknown-users', '"~G:websocket-users', '"~G:known-users', '"~G:webirc-users'] - cmd.pop(0) - channel = str(cmd[3]).lower() - len_cmd = len(cmd) + + channel = str(interm_response[3]).lower() + len_cmd = len(interm_response) list_users:list = [] occurence = 0 start_boucle = 0 # Trouver le premier user for i in range(len_cmd): - s: list = re.findall(fr':', cmd[i]) + s: list = re.findall(fr':', interm_response[i]) if s: occurence += 1 if occurence == 2: start_boucle = i # Boucle qui va ajouter l'ensemble des users (UID) - for i in range(start_boucle, len(cmd)): - parsed_UID = str(cmd[i]) + for i in range(start_boucle, len(interm_response)): + parsed_UID = str(interm_response[i]) # pattern = fr'[:|@|%|\+|~|\*]*' # pattern = fr':' # parsed_UID = re.sub(pattern, '', parsed_UID) @@ -801,29 +804,31 @@ class Irc: case 'PART': # ['@unrealircd.org/geoip=FR;unrealircd.org/userhost=50d6492c@80.214.73.44;unrealircd.org/userip=50d6492c@80.214.73.44;msgid=YSIPB9q4PcRu0EVfC9ci7y-/mZT0+Gj5FLiDSZshH5NCw;time=2024-08-15T15:35:53.772Z', # ':001EPFBRD', 'PART', '#welcome', ':WEB', 'IRC', 'Paris'] - uid = str(cmd[1]).replace(':','') - channel = str(cmd[3]).lower() - self.Channel.delete_user_from_channel(channel, uid) + try: + uid = str(interm_response[0]).replace(':','') + channel = str(interm_response[2]).lower() + self.Channel.delete_user_from_channel(channel, uid) - pass + except IndexError as ie: + self.Base.logs.error(f'Index Error: {ie}') case 'UID': # ['@s2s-md/geoip=cc=GB|cd=United\\sKingdom|asn=16276|asname=OVH\\sSAS;s2s-md/tls_cipher=TLSv1.3-TLS_CHACHA20_POLY1305_SHA256;s2s-md/creationtime=1721564601', # ':001', 'UID', 'albatros', '0', '1721564597', 'albatros', 'vps-91b2f28b.vps.ovh.net', # '001HB8G04', '0', '+iwxz', 'Clk-A62F1D18.vps.ovh.net', 'Clk-A62F1D18.vps.ovh.net', 'MyZBwg==', ':...'] - if 'webirc' in cmd[0]: + if 'webirc' in original_response[0]: isWebirc = True else: isWebirc = False - uid = str(cmd[8]) - nickname = str(cmd[3]) - username = str(cmd[6]) - hostname = str(cmd[7]) - umodes = str(cmd[10]) - vhost = str(cmd[11]) + uid = str(original_response[8]) + nickname = str(original_response[3]) + username = str(original_response[6]) + hostname = str(original_response[7]) + umodes = str(original_response[10]) + vhost = str(original_response[11]) if not 'S' in umodes: - remote_ip = self.Base.decode_ip(str(cmd[13])) + remote_ip = self.Base.decode_ip(str(original_response[13])) else: remote_ip = '127.0.0.1' @@ -845,18 +850,19 @@ class Irc: ) for classe_name, classe_object in self.loaded_classes.items(): - classe_object.cmd(cmd_to_send) + classe_object.cmd(original_response) case 'PRIVMSG': try: # Supprimer la premiere valeur - cmd.pop(0) + cmd = interm_response.copy() + get_uid_or_nickname = str(cmd[0].replace(':','')) user_trigger = self.User.get_nickname(get_uid_or_nickname) dnickname = self.Config.SERVICE_NICKNAME if len(cmd) == 6: - if cmd[1] == 'PRIVMSG' and str(cmd[3]).replace('.','') == ':auth': + if cmd[1] == 'PRIVMSG' and str(cmd[3]).replace(self.Config.SERVICE_PREFIX,'') == ':auth': cmd_copy = cmd.copy() cmd_copy[5] = '**********' self.Base.logs.info(cmd_copy) @@ -913,11 +919,11 @@ class Irc: return False if not arg[0].lower() in self.commands: - self.debug(f"This command {arg[0]} is not available") + self.Base.logs.debug(f"This command {arg[0]} sent by {user_trigger} is not available") return False cmd_to_send = convert_to_string.replace(':','') - self.Base.log_cmd(self.User.get_nickname(user_trigger), cmd_to_send) + self.Base.log_cmd(user_trigger, cmd_to_send) fromchannel = None if len(arg) >= 2: @@ -931,15 +937,26 @@ class Irc: case _: pass - if cmd[2] != 'UID': + if original_response[2] != 'UID': # Envoyer la commande aux classes dynamiquement chargées for classe_name, classe_object in self.loaded_classes.items(): - classe_object.cmd(cmd_to_send) + classe_object.cmd(original_response) except IndexError as ie: - self.Base.logs.error(f"{ie} / {cmd} / length {str(len(cmd))}") + self.Base.logs.error(f"{ie} / {original_response} / length {str(len(original_response))}") - def _hcmds(self, user: str, channel: Union[str, None], cmd:list, fullcmd: list = []) -> None: + def _hcmds(self, user: str, channel: Union[str, None], cmd: list, fullcmd: list = []) -> None: + """_summary_ + + Args: + user (str): The user who sent the query + channel (Union[str, None]): If the command contain the channel + cmd (list): The defender cmd + fullcmd (list, optional): The full list of the cmd coming from PRIVMS. Defaults to []. + + Returns: + None: Nothing to return + """ fromuser = self.User.get_nickname(user) # Nickname qui a lancé la commande uid = self.User.get_uid(fromuser) # Récuperer le uid de l'utilisateur @@ -1285,10 +1302,6 @@ class Irc: results = self.Base.db_execute_query(f'SELECT module_name FROM {self.Config.table_module}') results = results.fetchall() - # if len(results) == 0: - # self.send2socket(f":{dnickname} NOTICE {fromuser} :There is no module loaded") - # return False - found = False for module in all_modules: @@ -1303,9 +1316,6 @@ class Irc: found = False - # for r in results: - # self.send2socket(f":{dnickname} NOTICE {fromuser} :{r[0]} - {self.Config.CONFIG_COLOR['verte']}Loaded{self.Config.CONFIG_COLOR['nogc']}") - case 'show_timers': if self.Base.running_timers: diff --git a/mods/mod_defender.py b/mods/mod_defender.py index 9178699..0e87e0d 100644 --- a/mods/mod_defender.py +++ b/mods/mod_defender.py @@ -4,6 +4,7 @@ from typing import Union import re, socket, psutil, requests, json, time from sys import exit from core.irc import Irc +from core.Model import User # Le module crée devra réspecter quelques conditions # 1. Le nom de la classe devra toujours s'appeler comme le module. Exemple => nom de class Defender | nom du module mod_defender @@ -107,12 +108,19 @@ class Defender(): # self.join_saved_channels() self.timeout = self.Config.API_TIMEOUT + + self.abuseipdb_UserModel: list[User.UserModel] = [] + self.freeipapi_UserModel: list[User.UserModel] = [] + self.cloudfilt_UserModel: list[User.UserModel] = [] + self.psutil_UserModel: list[User.UserModel] = [] + self.localscan_UserModel: list[User.UserModel] = [] + # Listes qui vont contenir les ip a scanner avec les différentes API - self.freeipapi_remote_ip:list = [] - self.cloudfilt_remote_ip:list = [] - self.abuseipdb_remote_ip:list = [] - self.psutil_remote_ip:list = [] - self.localscan_remote_ip:list = [] + # self.freeipapi_remote_ip:list = [] + # self.cloudfilt_remote_ip:list = [] + # self.abuseipdb_remote_ip:list = [] + # self.psutil_remote_ip:list = [] + # self.localscan_remote_ip:list = [] # Variables qui indique que les threads sont en cours d'éxecutions self.abuseipdb_isRunning:bool = True @@ -605,23 +613,33 @@ class Defender(): return None - def scan_ports(self, remote_ip: str) -> None: + def scan_ports(self, userModel: User.UserModel) -> None: """local_scan Args: remote_ip (str): _description_ """ + User = userModel + remote_ip = User.remote_ip + username = User.username + hostname = User.hostname + nickname = User.nickname + if remote_ip in self.Config.WHITELISTED_IP: return None for port in self.Config.PORTS_TO_SCAN: - newSocket = '' - newSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM or socket.SOCK_NONBLOCK) - newSocket.settimeout(0.5) try: + newSocket = '' + newSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM or socket.SOCK_NONBLOCK) + newSocket.settimeout(0.5) + connection = (remote_ip, self.Base.int_if_possible(port)) newSocket.connect(connection) - self.Irc.send2socket(f":{self.Config.SERVICE_NICKNAME} PRIVMSG {self.Config.SERVICE_CHANLOG} :[ {self.Config.CONFIG_COLOR['rouge']}PROXY_SCAN{self.Config.CONFIG_COLOR['noire']} ] : Port [{str(port)}] ouvert sur l'adresse ip [{remote_ip}]") + + fullname = f'{nickname}!{username}@{hostname}' + + self.Irc.send2socket(f":{self.Config.SERVICE_NICKNAME} PRIVMSG {self.Config.SERVICE_CHANLOG} :[ {self.Config.CONFIG_COLOR['rouge']}PROXY_SCAN{self.Config.CONFIG_COLOR['noire']} ] {fullname} ({remote_ip}) : Port [{str(port)}] ouvert sur l'adresse ip [{remote_ip}]") # print(f"=======> Le port {str(port)} est ouvert !!") self.Base.running_sockets.append(newSocket) # print(newSocket) @@ -637,21 +655,19 @@ class Defender(): # newSocket.shutdown(socket.SHUT_RDWR) newSocket.close() self.Logs.info('=======> Fermeture de la socket') - - pass def thread_local_scan(self) -> None: try: while self.localscan_isRunning: list_to_remove:list = [] - for ip in self.localscan_remote_ip: - self.scan_ports(ip) - list_to_remove.append(ip) + for user in self.localscan_UserModel: + self.scan_ports(user) + list_to_remove.append(user) time.sleep(1) - for ip_to_remove in list_to_remove: - self.localscan_remote_ip.remove(ip_to_remove) + for user_model in list_to_remove: + self.localscan_UserModel.remove(user_model) time.sleep(1) @@ -659,7 +675,7 @@ class Defender(): except ValueError as ve: self.Logs.warning(f"thread_local_scan Error : {ve}") - def get_ports_connexion(self, remote_ip: str) -> list[int]: + def get_ports_connexion(self, userModel: User.UserModel) -> list[int]: """psutil_scan for Linux Args: @@ -669,13 +685,20 @@ class Defender(): list[int]: list of ports """ try: + User = userModel + remote_ip = User.remote_ip + username = User.username + hostname = User.hostname + nickname = User.nickname + if remote_ip in self.Config.WHITELISTED_IP: return None connections = psutil.net_connections(kind='inet') + fullname = f'{nickname}!{username}@{hostname}' matching_ports = [conn.raddr.port for conn in connections if conn.raddr and conn.raddr.ip == remote_ip] - self.Logs.info(f"Connexion of {remote_ip} using ports : {str(matching_ports)}") + self.Logs.info(f"Connexion of {fullname} ({remote_ip}) using ports : {str(matching_ports)}") return matching_ports @@ -688,13 +711,13 @@ class Defender(): while self.psutil_isRunning: list_to_remove:list = [] - for ip in self.psutil_remote_ip: - self.get_ports_connexion(ip) - list_to_remove.append(ip) + for user in self.psutil_UserModel: + self.get_ports_connexion(user) + list_to_remove.append(user) time.sleep(1) - for ip_to_remove in list_to_remove: - self.psutil_remote_ip.remove(ip_to_remove) + for user_model in list_to_remove: + self.psutil_UserModel.remove(user_model) time.sleep(1) @@ -702,16 +725,22 @@ class Defender(): except ValueError as ve: self.Logs.warning(f"thread_psutil_scan Error : {ve}") - def abuseipdb_scan(self, remote_ip:str) -> Union[dict[str, any], None]: + def abuseipdb_scan(self, userModel: User.UserModel) -> Union[dict[str, any], None]: """Analyse l'ip avec AbuseIpDB Cette methode devra etre lancer toujours via un thread ou un timer. Args: - remote_ip (_type_): l'ip a analyser + userModel (UserModel): l'objet User qui contient l'ip Returns: dict[str, any] | None: les informations du provider keys : 'score', 'country', 'isTor', 'totalReports' """ + User = userModel + remote_ip = User.remote_ip + username = User.username + hostname = User.hostname + nickname = User.nickname + if remote_ip in self.Config.WHITELISTED_IP: return None if self.ModConfig.abuseipdb_scan == 0: @@ -731,11 +760,12 @@ class Defender(): 'Key': self.abuseipdb_key } - response = requests.request(method='GET', url=url, headers=headers, params=querystring, timeout=self.timeout) - - # Formatted output - decodedResponse = json.loads(response.text) try: + response = requests.request(method='GET', url=url, headers=headers, params=querystring, timeout=self.timeout) + + # Formatted output + decodedResponse = json.loads(response.text) + if not 'data' in decodedResponse: return None @@ -751,7 +781,10 @@ class Defender(): color_red = self.Config.CONFIG_COLOR['rouge'] color_black = self.Config.CONFIG_COLOR['noire'] - self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}ABUSEIPDB_SCAN{color_black} ] : Connexion de {remote_ip} ==> Score: {str(result['score'])} | Country : {result['country']} | Tor : {str(result['isTor'])} | Total Reports : {str(result['totalReports'])}") + # pseudo!ident@host + fullname = f'{nickname}!{username}@{hostname}' + + self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}ABUSEIPDB_SCAN{color_black} ] : Connexion de {fullname} ({remote_ip}) ==> Score: {str(result['score'])} | Country : {result['country']} | Tor : {str(result['isTor'])} | Total Reports : {str(result['totalReports'])}") if result['isTor']: self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} {self.Config.GLINE_DURATION} This server do not allow Tor connexions {str(result['isTor'])} - Detected by Abuseipdb") @@ -767,20 +800,22 @@ class Defender(): self.Logs.error(f"AbuseIpDb Timeout : {rt}") except requests.ConnectionError as ce: self.Logs.error(f"AbuseIpDb Connection Error : {ce}") + except Exception as err: + self.Logs.error(f"General Error Abuseipdb : {err}") def thread_abuseipdb_scan(self) -> None: try: while self.abuseipdb_isRunning: - list_to_remove:list = [] - for ip in self.abuseipdb_remote_ip: - self.abuseipdb_scan(ip) - list_to_remove.append(ip) + list_to_remove: list = [] + for user in self.abuseipdb_UserModel: + self.abuseipdb_scan(user) + list_to_remove.append(user) time.sleep(1) - for ip_to_remove in list_to_remove: - self.abuseipdb_remote_ip.remove(ip_to_remove) + for user_model in list_to_remove: + self.abuseipdb_UserModel.remove(user_model) time.sleep(1) @@ -788,7 +823,7 @@ class Defender(): except ValueError as ve: self.Logs.error(f"thread_abuseipdb_scan Error : {ve}") - def freeipapi_scan(self, remote_ip:str) -> Union[dict[str, any], None]: + def freeipapi_scan(self, userModel: User.UserModel) -> Union[dict[str, any], None]: """Analyse l'ip avec Freeipapi Cette methode devra etre lancer toujours via un thread ou un timer. Args: @@ -798,6 +833,12 @@ class Defender(): dict[str, any] | None: les informations du provider keys : 'countryCode', 'isProxy' """ + User = userModel + remote_ip = User.remote_ip + username = User.username + hostname = User.hostname + nickname = User.nickname + if remote_ip in self.Config.WHITELISTED_IP: return None if self.ModConfig.freeipapi_scan == 0: @@ -814,11 +855,12 @@ class Defender(): 'Accept': 'application/json', } - response = requests.request(method='GET', url=url, headers=headers, timeout=self.timeout) - - # Formatted output - decodedResponse = json.loads(response.text) try: + response = requests.request(method='GET', url=url, headers=headers, timeout=self.timeout) + + # Formatted output + decodedResponse = json.loads(response.text) + status_code = response.status_code if status_code == 429: self.Logs.warning(f'Too Many Requests - The rate limit for the API has been exceeded.') @@ -832,7 +874,10 @@ class Defender(): 'isProxy': decodedResponse['isProxy'] if 'isProxy' in decodedResponse else None } - self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}FREEIPAPI_SCAN{color_black} ] : Connexion de {remote_ip} ==> Proxy: {str(result['isProxy'])} | Country : {str(result['countryCode'])}") + # pseudo!ident@host + fullname = f'{nickname}!{username}@{hostname}' + + self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}FREEIPAPI_SCAN{color_black} ] : Connexion de {fullname} ({remote_ip}) ==> Proxy: {str(result['isProxy'])} | Country : {str(result['countryCode'])}") if result['isProxy']: self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} {self.Config.GLINE_DURATION} This server do not allow proxy connexions {str(result['isProxy'])} - detected by freeipapi") @@ -841,20 +886,22 @@ class Defender(): return result except KeyError as ke: self.Logs.error(f"FREEIPAPI_SCAN KeyError : {ke}") + except Exception as err: + self.Logs.error(f"General Error Freeipapi : {err}") def thread_freeipapi_scan(self) -> None: try: while self.freeipapi_isRunning: - list_to_remove:list = [] - for ip in self.freeipapi_remote_ip: - self.freeipapi_scan(ip) - list_to_remove.append(ip) + list_to_remove: list[User.UserModel] = [] + for user in self.freeipapi_UserModel: + self.freeipapi_scan(user) + list_to_remove.append(user) time.sleep(1) - for ip_to_remove in list_to_remove: - self.freeipapi_remote_ip.remove(ip_to_remove) + for user_model in list_to_remove: + self.freeipapi_UserModel.remove(user_model) time.sleep(1) @@ -862,7 +909,7 @@ class Defender(): except ValueError as ve: self.Logs.error(f"thread_freeipapi_scan Error : {ve}") - def cloudfilt_scan(self, remote_ip:str) -> Union[dict[str, any], None]: + def cloudfilt_scan(self, userModel: User.UserModel) -> Union[dict[str, any], None]: """Analyse l'ip avec cloudfilt Cette methode devra etre lancer toujours via un thread ou un timer. Args: @@ -872,6 +919,12 @@ class Defender(): dict[str, any] | None: les informations du provider keys : 'countryCode', 'isProxy' """ + User = userModel + remote_ip = User.remote_ip + username = User.username + hostname = User.hostname + nickname = User.nickname + if remote_ip in self.Config.WHITELISTED_IP: return None if self.ModConfig.cloudfilt_scan == 0: @@ -891,11 +944,10 @@ class Defender(): 'key': self.cloudfilt_key } - response = requests.post(url=url, data=data) - - # Formatted output - decodedResponse = json.loads(response.text) try: + response = requests.post(url=url, data=data) + # Formatted output + decodedResponse = json.loads(response.text) status_code = response.status_code if status_code != 200: self.Logs.warning(f'Error connecting to cloudfilt API | Code: {str(status_code)}') @@ -908,7 +960,10 @@ class Defender(): 'host': decodedResponse['host'] if 'host' in decodedResponse else None } - self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}CLOUDFILT_SCAN{color_black} ] : Connexion de {str(remote_ip)} ==> Host: {str(result['host'])} | country: {str(result['countryiso'])} | listed: {str(result['listed'])} | listed by : {str(result['listed_by'])}") + # pseudo!ident@host + fullname = f'{nickname}!{username}@{hostname}' + + self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}CLOUDFILT_SCAN{color_black} ] : Connexion de {fullname} ({remote_ip}) ==> Host: {str(result['host'])} | country: {str(result['countryiso'])} | listed: {str(result['listed'])} | listed by : {str(result['listed_by'])}") if result['listed']: self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} {self.Config.GLINE_DURATION} You connexion is listed as dangerous {str(result['listed'])} {str(result['listed_by'])} - detected by cloudfilt") @@ -926,13 +981,13 @@ class Defender(): while self.cloudfilt_isRunning: list_to_remove:list = [] - for ip in self.cloudfilt_remote_ip: - self.cloudfilt_scan(ip) - list_to_remove.append(ip) + for user in self.cloudfilt_UserModel: + self.cloudfilt_scan(user) + list_to_remove.append(user) time.sleep(1) - for ip_to_remove in list_to_remove: - self.cloudfilt_remote_ip.remove(ip_to_remove) + for user_model in list_to_remove: + self.cloudfilt_UserModel.remove(user_model) time.sleep(1) @@ -940,7 +995,7 @@ class Defender(): except ValueError as ve: self.Logs.error(f"Thread_cloudfilt_scan Error : {ve}") - def cmd(self, data:list) -> None: + def cmd(self, data: list) -> None: service_id = self.Config.SERVICE_ID # Defender serveur id cmd = list(data).copy() @@ -966,22 +1021,6 @@ class Defender(): if not self.Base.is_valid_ip(cmd[2]): return None - # self.Base.scan_ports(cmd[2]) - if self.ModConfig.local_scan == 1 and not cmd[2] in self.Config.WHITELISTED_IP: - self.localscan_remote_ip.append(cmd[2]) - - if self.ModConfig.psutil_scan == 1 and not cmd[2] in self.Config.WHITELISTED_IP: - self.psutil_remote_ip.append(cmd[2]) - - if self.ModConfig.abuseipdb_scan == 1 and not cmd[2] in self.Config.WHITELISTED_IP: - self.abuseipdb_remote_ip.append(cmd[2]) - - if self.ModConfig.freeipapi_scan == 1 and not cmd[2] in self.Config.WHITELISTED_IP: - self.freeipapi_remote_ip.append(cmd[2]) - - if self.ModConfig.cloudfilt_scan == 1 and not cmd[2] in self.Config.WHITELISTED_IP: - self.cloudfilt_remote_ip.append(cmd[2]) - # Possibilité de déclancher les bans a ce niveau. except IndexError as ie: self.Logs.error(f'cmd reputation: index error: {ie}') @@ -1005,6 +1044,15 @@ class Defender(): # Get User information _User = self.User.get_User(str(cmd[7])) + + # If user is not service or IrcOp then scan them + if not re.match(fr'^.*[S|o?].*$', _User.umodes): + self.abuseipdb_UserModel.append(_User) if self.ModConfig.abuseipdb_scan == 1 and not _User.remote_ip in self.Config.WHITELISTED_IP else None + self.freeipapi_UserModel.append(_User) if self.ModConfig.freeipapi_scan == 1 and not _User.remote_ip in self.Config.WHITELISTED_IP else None + self.cloudfilt_UserModel.append(_User) if self.ModConfig.cloudfilt_scan == 1 and not _User.remote_ip in self.Config.WHITELISTED_IP else None + self.psutil_UserModel.append(_User) if self.ModConfig.psutil_scan == 1 and not _User.remote_ip in self.Config.WHITELISTED_IP else None + self.localscan_UserModel.append(_User) if self.ModConfig.local_scan == 1 and not _User.remote_ip in self.Config.WHITELISTED_IP else None + if _User is None: self.Logs.critical(f'This UID: [{cmd[7]}] is not available please check why') return None @@ -1582,9 +1630,10 @@ class Defender(): self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : NICKNAME : {UserObject.nickname}') self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : USERNAME : {UserObject.username}') self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : HOSTNAME : {UserObject.hostname}') - self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : IP : {UserObject.remote_ip}') - self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : REPUTATION : {UserObject.score_connexion}') self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : VHOST : {UserObject.vhost}') + self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : IP : {UserObject.remote_ip}') + self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : WebIrc : {UserObject.isWebirc}') + self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : REPUTATION : {UserObject.score_connexion}') self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : MODES : {UserObject.umodes}') self.Irc.send2socket(f':{dnickname} NOTICE {fromuser} : CONNECTION TIME : {UserObject.connexion_datetime}') else: diff --git a/version.json b/version.json index 7aa2f24..835f3fa 100644 --- a/version.json +++ b/version.json @@ -1,3 +1,3 @@ { - "version": "5.1.8" + "version": "5.2.0" } \ No newline at end of file