iio/DEFENDER
1
0
Fork 0
mirror of https://github.com/iio612/DEFENDER.git synced 2026-02-13 19:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
adator85
2024-03-23 01:50:55 +01:00
parent d16b73656f
commit 7e24d7cf4c
3 changed files with 259 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
core/base.py
View File

@@ -153,9 +153,15 @@ class Base:
except AssertionError as ae: except AssertionError as ae:
self.__debug(f'Assertion Error -> {ae}') self.__debug(f'Assertion Error -> {ae}')
def create_thread(self, func:object, func_args: tuple = ()) -> None: def create_thread(self, func:object, func_args: tuple = (), run_once:bool = False) -> None:
try: try:
func_name = func.__name__ func_name = func.__name__
if run_once:
for thread in self.running_threads:
if thread.getName() == func_name:
return None
# if func_name in self.running_threads: # if func_name in self.running_threads:
# print(f"HeartBeat is running") # print(f"HeartBeat is running")
# return None # return None
@@ -367,7 +373,7 @@ class Base:
# Run Garbage Collector Timer # Run Garbage Collector Timer
self.garbage_collector_timer() self.garbage_collector_timer()
self.garbage_collector_thread() self.garbage_collector_thread()
self.garbage_collector_sockets() # self.garbage_collector_sockets()
return None return None
for key, value in self.periodic_func.items(): for key, value in self.periodic_func.items():

105
core/irc.py
View File

@@ -38,7 +38,7 @@ class Irc:
self.commands.append(command) self.commands.append(command)
self.Base = Base(self.Config) self.Base = Base(self.Config)
self.Base.create_thread(self.heartbeat, (self.beat, )) self.Base.create_thread(func=self.heartbeat, func_args=(self.beat, ))
############################################## ##############################################
# CONNEXION IRC # # CONNEXION IRC #
@@ -57,9 +57,9 @@ class Irc:
self.IrcSocket.connect(connexion_information) self.IrcSocket.connect(connexion_information)
# Créer un object ssl # Créer un object ssl
ssl_context = self.__ssl_context() # ssl_context = self.__ssl_context()
ssl_connexion = ssl_context.wrap_socket(self.IrcSocket, server_hostname=self.Config.SERVEUR_HOSTNAME) # ssl_connexion = ssl_context.wrap_socket(self.IrcSocket, server_hostname=self.Config.SERVEUR_HOSTNAME)
self.IrcSocket = ssl_connexion # self.IrcSocket = ssl_connexion
return None return None
@@ -78,50 +78,66 @@ class Irc:
self.load_existing_modules() # Charger les modules existant dans la base de données self.load_existing_modules() # Charger les modules existant dans la base de données
while self.signal: while self.signal:
if self.RESTART == 1: try:
self.IrcSocket.shutdown(socket.SHUT_RDWR) if self.RESTART == 1:
self.IrcSocket.close() self.IrcSocket.shutdown(socket.SHUT_RDWR)
self.IrcSocket.close()
while self.IrcSocket.fileno() != -1: while self.IrcSocket.fileno() != -1:
time.sleep(0.5) time.sleep(0.5)
self.debug("--> En attente de la fermeture du socket ...") self.debug("--> En attente de la fermeture du socket ...")
self.__create_socket() self.__create_socket()
self.__link(self.IrcSocket) self.__link(self.IrcSocket)
self.load_existing_modules() self.load_existing_modules()
self.RESTART = 0 self.RESTART = 0
# 4072 max what the socket can grab # 4072 max what the socket can grab
buffer_size = self.IrcSocket.getsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF) buffer_size = self.IrcSocket.getsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF)
# data = self.IrcSocket.recv(buffer_size).splitlines(True) # data = self.IrcSocket.recv(buffer_size).splitlines(True)
data_in_bytes = self.IrcSocket.recv(buffer_size) data_in_bytes = self.IrcSocket.recv(buffer_size)
count_bytes = len(data_in_bytes)
while count_bytes > 4070: count_bytes = len(data_in_bytes)
# If the received message is > 4070 then loop and add the value to the variable
new_data = self.IrcSocket.recv(buffer_size)
data_in_bytes += new_data
count_bytes = len(new_data)
# print("========================================================")
data = data_in_bytes.splitlines() while count_bytes > 4070:
# If the received message is > 4070 then loop and add the value to the variable
new_data = self.IrcSocket.recv(buffer_size)
data_in_bytes += new_data
count_bytes = len(new_data)
# print("========================================================")
# print(f"{str(buffer_size)} - {str(len(data_in_bytes))}") data = data_in_bytes.splitlines()
# print(f"{str(buffer_size)} - {str(len(data_in_bytes))}")
if not data: if not data:
break break
self.send_response(data) self.send_response(data)
if self.IrcSocket.fileno() == -1:
print('restarting the socket')
self.RESTART = 1
except ssl.SSLEOFError as soe:
self.debug(f"SSLEOFError __connect_to_irc: {soe} - {data}")
except ssl.SSLError as se:
self.debug(f"SSLError __connect_to_irc: {se} - {data}")
except OSError as oe:
self.debug(f"SSLError __connect_to_irc: {oe} - {data}")
except Exception as e:
self.debug(f"Exception __connect_to_irc: {e} - {data}")
self.IrcSocket.shutdown(socket.SHUT_RDWR) self.IrcSocket.shutdown(socket.SHUT_RDWR)
self.IrcSocket.close() self.IrcSocket.close()
self.debug("--> Fermeture de Defender ...")
except AssertionError as ae: except AssertionError as ae:
self.debug(f'Assertion error : {ae}') self.debug(f'Assertion error : {ae}')
except ValueError as ve: except ValueError as ve:
self.debug(f'Value Error : {ve}') self.debug(f'Value Error : {ve}')
except OSError as oe: except ssl.SSLEOFError as soe:
self.debug(f"OS Error : {oe}") self.debug(f"OS Error __connect_to_irc: {soe}")
except Exception as e:
self.debug(f"Exception: {e}")
def __link(self, writer:socket.socket) -> None: def __link(self, writer:socket.socket) -> None:
"""Créer le link et envoyer les informations nécessaires pour la """Créer le link et envoyer les informations nécessaires pour la
@@ -180,8 +196,12 @@ class Irc:
self.IrcSocket.send(f"{send_message}\r\n".encode(self.CHARSET[0],'replace')) self.IrcSocket.send(f"{send_message}\r\n".encode(self.CHARSET[0],'replace'))
except AssertionError as ae: except AssertionError as ae:
self.debug(f"Assertion error : {ae}") self.debug(f"Assertion error : {ae}")
except ssl.SSLEOFError as soe:
self.debug(f"SSLEOFError send2socket: {soe} - {send_message}")
except ssl.SSLError as se:
self.debug(f"SSLError send2socket: {se} - {send_message}")
except OSError as oe: except OSError as oe:
self.debug(f"OS Error : {oe}") self.debug(f"OSError send2socket: {oe} - {send_message}")
def send_response(self, responses:list[bytes]) -> None: def send_response(self, responses:list[bytes]) -> None:
try: try:
@@ -344,8 +364,8 @@ class Irc:
except ModuleNotFoundError as moduleNotFound: except ModuleNotFoundError as moduleNotFound:
self.debug(f"MODULE_NOT_FOUND: {moduleNotFound}") self.debug(f"MODULE_NOT_FOUND: {moduleNotFound}")
self.send2socket(f":{self.Config.SERVICE_NICKNAME} PRIVMSG {self.Config.SERVICE_CHANLOG} :[ {self.Config.CONFIG_COLOR['rouge']}MODULE_NOT_FOUND{self.Config.CONFIG_COLOR['noire']} ]: {moduleNotFound}") self.send2socket(f":{self.Config.SERVICE_NICKNAME} PRIVMSG {self.Config.SERVICE_CHANLOG} :[ {self.Config.CONFIG_COLOR['rouge']}MODULE_NOT_FOUND{self.Config.CONFIG_COLOR['noire']} ]: {moduleNotFound}")
except: except Exception as e:
self.debug(f"Something went wrong with a module you want to load") self.debug(f"Something went wrong with a module you want to load : {e}")
def insert_db_uid(self, uid:str, nickname:str, username:str, hostname:str, umodes:str, vhost:str, isWebirc: bool) -> None: def insert_db_uid(self, uid:str, nickname:str, username:str, hostname:str, umodes:str, vhost:str, isWebirc: bool) -> None:
@@ -603,10 +623,13 @@ class Irc:
cmd_to_send:list[str] = data.copy() cmd_to_send:list[str] = data.copy()
cmd = data.copy() cmd = data.copy()
cmd_to_debug = data.copy()
cmd_to_debug.pop(0)
if len(cmd) == 0 or len(cmd) == 1: if len(cmd) == 0 or len(cmd) == 1:
return False return False
self.debug(cmd) self.debug(cmd_to_debug)
match cmd[0]: match cmd[0]:
@@ -1028,7 +1051,7 @@ class Irc:
class_name = module_name.split('_')[1].capitalize() # Nom de la class. exemple: Defender class_name = module_name.split('_')[1].capitalize() # Nom de la class. exemple: Defender
if class_name in self.loaded_classes: if class_name in self.loaded_classes:
self.loaded_classes[class_name].unload()
for level, command in self.loaded_classes[class_name].commands_level.items(): for level, command in self.loaded_classes[class_name].commands_level.items():
# Supprimer la commande de la variable commands # Supprimer la commande de la variable commands
for c in self.loaded_classes[class_name].commands_level[level]: for c in self.loaded_classes[class_name].commands_level[level]:
@@ -1051,6 +1074,7 @@ class Irc:
class_name = module_name.split('_')[1].capitalize() # ==> Defender class_name = module_name.split('_')[1].capitalize() # ==> Defender
if 'mods.' + module_name in sys.modules: if 'mods.' + module_name in sys.modules:
self.loaded_classes[class_name].unload()
self.debug('Module Already Loaded ... reload the module ...') self.debug('Module Already Loaded ... reload the module ...')
the_module = sys.modules['mods.' + module_name] the_module = sys.modules['mods.' + module_name]
importlib.reload(the_module) importlib.reload(the_module)
@@ -1139,7 +1163,12 @@ class Irc:
self.send2socket(f":{dnickname} PRIVMSG {dchanlog} :Aucun timers en cours d'execution") self.send2socket(f":{dnickname} PRIVMSG {dchanlog} :Aucun timers en cours d'execution")
case 'show_threads': case 'show_threads':
self.send2socket(f":{dnickname} PRIVMSG {dchanlog} :{self.Base.running_threads}")
running_thread_name:list = []
for thread in self.Base.running_threads:
running_thread_name.append(f"{thread.getName()} ({thread.is_alive()})")
self.send2socket(f":{dnickname} PRIVMSG {dchanlog} :{str(running_thread_name)}")
case 'uptime': case 'uptime':
uptime = self.get_defender_uptime() uptime = self.get_defender_uptime()

204
mods/mod_defender.py
View File

@@ -1,6 +1,6 @@
from datetime import datetime from datetime import datetime
from typing import Union from typing import Union
import re, socket, psutil, requests, json import re, socket, psutil, requests, json, time
from core.irc import Irc from core.irc import Irc
# Le module crée devra réspecter quelques conditions # Le module crée devra réspecter quelques conditions
@@ -10,7 +10,10 @@ from core.irc import Irc
# 2 . Récuperer la configuration dans une variable # 2 . Récuperer la configuration dans une variable
# 3 . Définir et enregistrer les nouvelles commandes # 3 . Définir et enregistrer les nouvelles commandes
# 4 . Créer vos tables, en utilisant toujours le nom des votre classe en minuscule ==> defender_votre-table # 4 . Créer vos tables, en utilisant toujours le nom des votre classe en minuscule ==> defender_votre-table
# 3. une methode _hcmds(self, user:str, cmd: list) devra toujours etre crée. # 3. Methode suivantes:
# cmd(self, data:list)
# _hcmds(self, user:str, cmd: list)
# unload(self)
class Defender(): class Defender():
@@ -21,6 +24,19 @@ class Defender():
self.Base = ircInstance.Base # Ajouter l'objet Base au module ( Obligatoire ) self.Base = ircInstance.Base # Ajouter l'objet Base au module ( Obligatoire )
self.timeout = self.Config.API_TIMEOUT # API Timeout self.timeout = self.Config.API_TIMEOUT # API Timeout
self.freeipapi_remote_ip:list = [] # Liste qui va contenir les adresses ip a scanner avec freeipapi
self.cloudfilt_remote_ip:list = [] # Liste qui va contenir les adresses ip a scanner avec cloudfilt
self.abuseipdb_remote_ip:list = [] # Liste qui va contenir les adresses ip a scanner avec abuseipdb
self.psutil_remote_ip:list = [] # Liste qui va contenir les adresses ip a scanner avec psutil_scan
self.localscan_remote_ip:list = [] # Liste qui va contenir les adresses ip a scanner avec local_scan
self.abuseipdb_isRunning:bool = True
self.freeipapi_isRunning:bool = True
self.cloudfilt_isRunning:bool = True
self.psutil_isRunning:bool = True
self.localscan_isRunning:bool = True
self.reputationTimer_isRunning:bool = True
self.Irc.debug(f'Module {self.__class__.__name__} loaded ...') self.Irc.debug(f'Module {self.__class__.__name__} loaded ...')
# Créer les nouvelles commandes du module # Créer les nouvelles commandes du module
@@ -53,6 +69,22 @@ class Defender():
return None return None
def unload(self) -> None:
self.freeipapi_remote_ip:list = [] # Liste qui va contenir les adresses ip a scanner avec freeipapi
self.cloudfilt_remote_ip:list = [] # Liste qui va contenir les adresses ip a scanner avec cloudfilt
self.abuseipdb_remote_ip:list = [] # Liste qui va contenir les adresses ip a scanner avec abuseipdb
self.psutil_remote_ip:list = [] # Liste qui va contenir les adresses ip a scanner avec psutil_scan
self.localscan_remote_ip:list = [] # Liste qui va contenir les adresses ip a scanner avec local_scan
self.abuseipdb_isRunning:bool = False
self.freeipapi_isRunning:bool = False
self.cloudfilt_isRunning:bool = False
self.psutil_isRunning:bool = False
self.localscan_isRunning:bool = False
self.reputationTimer_isRunning:bool = False
return None
def __create_tables(self) -> None: def __create_tables(self) -> None:
"""Methode qui va créer la base de donnée si elle n'existe pas. """Methode qui va créer la base de donnée si elle n'existe pas.
Une Session unique pour cette classe sera crée, qui sera utilisé dans cette classe / module Une Session unique pour cette classe sera crée, qui sera utilisé dans cette classe / module
@@ -123,6 +155,14 @@ class Defender():
# Syncrhoniser la variable defConfig avec la configuration de la base de données. # Syncrhoniser la variable defConfig avec la configuration de la base de données.
self.sync_db_configuration() self.sync_db_configuration()
# Démarrer les threads pour démarrer les api
self.Base.create_thread(func=self.thread_freeipapi_scan)
self.Base.create_thread(func=self.thread_cloudfilt_scan)
self.Base.create_thread(func=self.thread_abuseipdb_scan)
self.Base.create_thread(func=self.thread_local_scan)
self.Base.create_thread(func=self.thread_psutil_scan)
self.Base.create_thread(func=self.thread_reputation_timer)
return True return True
def sync_db_configuration(self) -> None: def sync_db_configuration(self) -> None:
@@ -400,7 +440,7 @@ class Defender():
self.Irc.debug(f"system_reputation : {jailed_nickname} à été capturé par le système de réputation") self.Irc.debug(f"system_reputation : {jailed_nickname} à été capturé par le système de réputation")
# self.Irc.create_ping_timer(int(self.defConfig['reputation_timer']) * 60, 'Defender', 'system_reputation_timer') # self.Irc.create_ping_timer(int(self.defConfig['reputation_timer']) * 60, 'Defender', 'system_reputation_timer')
self.Base.create_timer(int(self.defConfig['reputation_timer']) * 60, self.system_reputation_timer) # self.Base.create_timer(int(self.defConfig['reputation_timer']) * 60, self.system_reputation_timer)
else: else:
self.Irc.debug(f"system_reputation : {jailed_nickname} à été supprimé du système de réputation car connecté via WebIrc ou il est dans la 'Trusted list'") self.Irc.debug(f"system_reputation : {jailed_nickname} à été supprimé du système de réputation car connecté via WebIrc ou il est dans la 'Trusted list'")
self.delete_db_reputation(uid) self.delete_db_reputation(uid)
@@ -453,6 +493,16 @@ class Defender():
except AssertionError as ae: except AssertionError as ae:
self.Irc.debug(f'Assertion Error -> {ae}') self.Irc.debug(f'Assertion Error -> {ae}')
def thread_reputation_timer(self) -> None:
try:
while self.reputationTimer_isRunning:
self.system_reputation_timer()
time.sleep(5)
return None
except ValueError as ve:
self.Irc.debug(f"thread_reputation_timer Error : {ve}")
def _execute_flood_action(self, action:str, channel:str) -> None: def _execute_flood_action(self, action:str, channel:str) -> None:
"""DO NOT EXECUTE THIS FUNCTION WITHOUT THREADING """DO NOT EXECUTE THIS FUNCTION WITHOUT THREADING
@@ -539,7 +589,11 @@ class Defender():
return None return None
def scan_ports(self, remote_ip: str) -> None: def scan_ports(self, remote_ip: str) -> None:
"""local_scan
Args:
remote_ip (str): _description_
"""
if remote_ip in self.Config.WHITELISTED_IP: if remote_ip in self.Config.WHITELISTED_IP:
return None return None
@@ -569,8 +623,34 @@ class Defender():
pass pass
def get_ports_connexion(self, remote_ip: str) -> list[int]: def thread_local_scan(self) -> None:
try:
while self.localscan_isRunning:
list_to_remove:list = []
for ip in self.localscan_remote_ip:
self.scan_ports(ip)
list_to_remove.append(ip)
time.sleep(1)
for ip_to_remove in list_to_remove:
self.localscan_remote_ip.remove(ip_to_remove)
time.sleep(1)
return None
except ValueError as ve:
self.Irc.debug(f"thread_local_scan Error : {ve}")
def get_ports_connexion(self, remote_ip: str) -> list[int]:
"""psutil_scan
Args:
remote_ip (str): _description_
Returns:
list[int]: _description_
"""
if remote_ip in self.Config.WHITELISTED_IP: if remote_ip in self.Config.WHITELISTED_IP:
return None return None
@@ -581,6 +661,25 @@ class Defender():
return matching_ports return matching_ports
def thread_psutil_scan(self) -> None:
try:
while self.psutil_isRunning:
list_to_remove:list = []
for ip in self.psutil_remote_ip:
self.get_ports_connexion(ip)
list_to_remove.append(ip)
time.sleep(1)
for ip_to_remove in list_to_remove:
self.psutil_remote_ip.remove(ip_to_remove)
time.sleep(1)
return None
except ValueError as ve:
self.Irc.debug(f"thread_psutil_scan Error : {ve}")
def abuseipdb_scan(self, remote_ip:str) -> Union[dict[str, any], None]: def abuseipdb_scan(self, remote_ip:str) -> Union[dict[str, any], None]:
"""Analyse l'ip avec AbuseIpDB """Analyse l'ip avec AbuseIpDB
Cette methode devra etre lancer toujours via un thread ou un timer. Cette methode devra etre lancer toujours via un thread ou un timer.
@@ -633,15 +732,38 @@ class Defender():
self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}ABUSEIPDB_SCAN{color_black} ] : Connexion de {remote_ip} ==> Score: {str(result['score'])} | Country : {result['country']} | Tor : {str(result['isTor'])} | Total Reports : {str(result['totalReports'])}") self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}ABUSEIPDB_SCAN{color_black} ] : Connexion de {remote_ip} ==> Score: {str(result['score'])} | Country : {result['country']} | Tor : {str(result['isTor'])} | Total Reports : {str(result['totalReports'])}")
if result['isTor']: if result['isTor']:
self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} 1d This server do not allow Tor connexions {str(result['isTor'])}") self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} 30 This server do not allow Tor connexions {str(result['isTor'])} - Detected by Abuseipdb")
elif result['score'] >= 95: elif result['score'] >= 95:
self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} 1d You were banned from this server because your abuse score is = {str(result['score'])}") self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} 30 You were banned from this server because your abuse score is = {str(result['score'])} - Detected by Abuseipdb")
response.close() response.close()
return result return result
except KeyError as ke: except KeyError as ke:
self.Irc.debug(f"AbuseIpDb KeyError : {ke}") self.Irc.debug(f"AbuseIpDb KeyError : {ke}")
except requests.ReadTimeout as rt:
self.Irc.debug(f"AbuseIpDb Timeout : {rt}")
except requests.ConnectionError as ce:
self.Irc.debug(f"AbuseIpDb Connection Error : {ce}")
def thread_abuseipdb_scan(self) -> None:
try:
while self.abuseipdb_isRunning:
list_to_remove:list = []
for ip in self.abuseipdb_remote_ip:
self.abuseipdb_scan(ip)
list_to_remove.append(ip)
time.sleep(1)
for ip_to_remove in list_to_remove:
self.abuseipdb_remote_ip.remove(ip_to_remove)
time.sleep(1)
return None
except ValueError as ve:
self.Irc.debug(f"thread_abuseipdb_scan Error : {ve}")
def freeipapi_scan(self, remote_ip:str) -> Union[dict[str, any], None]: def freeipapi_scan(self, remote_ip:str) -> Union[dict[str, any], None]:
"""Analyse l'ip avec Freeipapi """Analyse l'ip avec Freeipapi
@@ -687,16 +809,35 @@ class Defender():
'isProxy': decodedResponse['isProxy'] if 'isProxy' in decodedResponse else None 'isProxy': decodedResponse['isProxy'] if 'isProxy' in decodedResponse else None
} }
self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}FREEIPAPI_SCAN{color_black} ] : Connexion de {remote_ip} ==> Proxy: {str(result['isProxy'])} | Country : {result['countryCode']}") self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}FREEIPAPI_SCAN{color_black} ] : Connexion de {remote_ip} ==> Proxy: {str(result['isProxy'])} | Country : {str(result['countryCode'])}")
if result['isProxy']: if result['isProxy']:
self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} 1d This server do not allow proxy connexions {str(result['isProxy'])} - detected by freeipapi") self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} 30 This server do not allow proxy connexions {str(result['isProxy'])} - detected by freeipapi")
response.close() response.close()
return result return result
except KeyError as ke: except KeyError as ke:
self.Irc.debug(f"FREEIPAPI_SCAN KeyError : {ke}") self.Irc.debug(f"FREEIPAPI_SCAN KeyError : {ke}")
def thread_freeipapi_scan(self) -> None:
try:
while self.freeipapi_isRunning:
list_to_remove:list = []
for ip in self.freeipapi_remote_ip:
self.freeipapi_scan(ip)
list_to_remove.append(ip)
time.sleep(1)
for ip_to_remove in list_to_remove:
self.freeipapi_remote_ip.remove(ip_to_remove)
time.sleep(1)
return None
except ValueError as ve:
self.Irc.debug(f"thread_freeipapi_scan Error : {ve}")
def cloudfilt_scan(self, remote_ip:str) -> Union[dict[str, any], None]: def cloudfilt_scan(self, remote_ip:str) -> Union[dict[str, any], None]:
"""Analyse l'ip avec cloudfilt """Analyse l'ip avec cloudfilt
Cette methode devra etre lancer toujours via un thread ou un timer. Cette methode devra etre lancer toujours via un thread ou un timer.
@@ -743,10 +884,10 @@ class Defender():
'host': decodedResponse['host'] if 'host' in decodedResponse else None 'host': decodedResponse['host'] if 'host' in decodedResponse else None
} }
self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}CLOUDFILT_SCAN{color_black} ] : Connexion de {remote_ip} ==> Host: {str(result['host'])} | country: {str(result['countryiso'])} | listed: {str(result['listed'])} | listed by : {result['listed_by']}") self.Irc.send2socket(f":{service_id} PRIVMSG {service_chanlog} :[ {color_red}CLOUDFILT_SCAN{color_black} ] : Connexion de {str(remote_ip)} ==> Host: {str(result['host'])} | country: {str(result['countryiso'])} | listed: {str(result['listed'])} | listed by : {str(result['listed_by'])}")
if result['listed']: if result['listed']:
self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} 1d You connexion is listed as dangerous {str(result['listed'])} {str(result['listed_by'])} - detected by cloudfilt") self.Irc.send2socket(f":{service_id} GLINE +*@{remote_ip} 30 You connexion is listed as dangerous {str(result['listed'])} {str(result['listed_by'])} - detected by cloudfilt")
response.close() response.close()
@@ -755,6 +896,25 @@ class Defender():
self.Irc.debug(f"CLOUDFILT_SCAN KeyError : {ke}") self.Irc.debug(f"CLOUDFILT_SCAN KeyError : {ke}")
return None return None
def thread_cloudfilt_scan(self) -> None:
try:
while self.cloudfilt_isRunning:
list_to_remove:list = []
for ip in self.cloudfilt_remote_ip:
self.cloudfilt_scan(ip)
list_to_remove.append(ip)
time.sleep(1)
for ip_to_remove in list_to_remove:
self.cloudfilt_remote_ip.remove(ip_to_remove)
time.sleep(1)
return None
except ValueError as ve:
self.Irc.debug(f"Thread_cloudfilt_scan Error : {ve}")
def cmd(self, data:list) -> None: def cmd(self, data:list) -> None:
service_id = self.Config.SERVICE_ID # Defender serveur id service_id = self.Config.SERVICE_ID # Defender serveur id
@@ -773,19 +933,20 @@ class Defender():
# self.Base.scan_ports(cmd[2]) # self.Base.scan_ports(cmd[2])
if self.defConfig['local_scan'] == 1 and not cmd[2] in self.Config.WHITELISTED_IP: if self.defConfig['local_scan'] == 1 and not cmd[2] in self.Config.WHITELISTED_IP:
self.Base.create_thread(self.scan_ports, (cmd[2], )) self.localscan_remote_ip.append(cmd[2])
if self.defConfig['psutil_scan'] == 1 and not cmd[2] in self.Config.WHITELISTED_IP: if self.defConfig['psutil_scan'] == 1 and not cmd[2] in self.Config.WHITELISTED_IP:
self.Base.create_thread(self.get_ports_connexion, (cmd[2], )) self.psutil_remote_ip.append(cmd[2])
if self.defConfig['abuseipdb_scan'] == 1 and not cmd[2] in self.Config.WHITELISTED_IP: if self.defConfig['abuseipdb_scan'] == 1 and not cmd[2] in self.Config.WHITELISTED_IP:
self.Base.create_thread(self.abuseipdb_scan, (cmd[2], )) self.abuseipdb_remote_ip.append(cmd[2])
if self.defConfig['freeipapi_scan'] == 1 and not cmd[2] in self.Config.WHITELISTED_IP: if self.defConfig['freeipapi_scan'] == 1 and not cmd[2] in self.Config.WHITELISTED_IP:
self.Base.create_thread(self.freeipapi_scan, (cmd[2], )) self.freeipapi_remote_ip.append(cmd[2])
if self.defConfig['cloudfilt_scan'] == 1 and not cmd[2] in self.Config.WHITELISTED_IP: if self.defConfig['cloudfilt_scan'] == 1 and not cmd[2] in self.Config.WHITELISTED_IP:
self.Base.create_thread(self.cloudfilt_scan, (cmd[2], )) self.cloudfilt_remote_ip.append(cmd[2])
# Possibilité de déclancher les bans a ce niveau. # Possibilité de déclancher les bans a ce niveau.
except IndexError: except IndexError:
self.Irc.debug(f'cmd reputation: index error') self.Irc.debug(f'cmd reputation: index error')
@@ -870,19 +1031,19 @@ class Defender():
# self.Base.scan_ports(cmd[7]) # self.Base.scan_ports(cmd[7])
cmd.pop(0) cmd.pop(0)
if self.defConfig['local_scan'] == 1 and not cmd[7] in self.Config.WHITELISTED_IP: if self.defConfig['local_scan'] == 1 and not cmd[7] in self.Config.WHITELISTED_IP:
self.Base.create_thread(self.scan_ports, (cmd[7], )) self.localscan_remote_ip.append(cmd[7])
if self.defConfig['psutil_scan'] == 1 and not cmd[7] in self.Config.WHITELISTED_IP: if self.defConfig['psutil_scan'] == 1 and not cmd[7] in self.Config.WHITELISTED_IP:
self.Base.create_thread(self.get_ports_connexion, (cmd[7], )) self.psutil_remote_ip.append(cmd[7])
if self.defConfig['abuseipdb_scan'] == 1 and not cmd[7] in self.Config.WHITELISTED_IP: if self.defConfig['abuseipdb_scan'] == 1 and not cmd[7] in self.Config.WHITELISTED_IP:
self.Base.create_thread(self.abuseipdb_scan, (cmd[7], )) self.abuseipdb_remote_ip.append(cmd[7])
if self.defConfig['freeipapi_scan'] == 1 and not cmd[7] in self.Config.WHITELISTED_IP: if self.defConfig['freeipapi_scan'] == 1 and not cmd[7] in self.Config.WHITELISTED_IP:
self.Base.create_thread(self.freeipapi_scan, (cmd[7], )) self.freeipapi_remote_ip.append[cmd[7]]
if self.defConfig['cloudfilt_scan'] == 1 and not cmd[7] in self.Config.WHITELISTED_IP: if self.defConfig['cloudfilt_scan'] == 1 and not cmd[7] in self.Config.WHITELISTED_IP:
self.Base.create_thread(self.cloudfilt_scan, (cmd[7], )) self.cloudfilt_remote_ip.append(cmd[7])
case 'NICK': case 'NICK':
# :0010BS24L NICK [NEWNICK] 1697917711 # :0010BS24L NICK [NEWNICK] 1697917711
@@ -1175,12 +1336,15 @@ class Defender():
self.Irc.send2socket(f":{dnickname} PRIVMSG {dchanlog} :[ {color_green}PROXY_SCAN {option.upper()}{color_black} ] : Already activated") self.Irc.send2socket(f":{dnickname} PRIVMSG {dchanlog} :[ {color_green}PROXY_SCAN {option.upper()}{color_black} ] : Already activated")
return None return None
self.update_db_configuration(option, 1) self.update_db_configuration(option, 1)
self.Irc.send2socket(f":{dnickname} PRIVMSG {dchanlog} :[ {color_green}PROXY_SCAN {option.upper()}{color_black} ] : Activated by {fromuser}") self.Irc.send2socket(f":{dnickname} PRIVMSG {dchanlog} :[ {color_green}PROXY_SCAN {option.upper()}{color_black} ] : Activated by {fromuser}")
elif action == 'off': elif action == 'off':
if self.defConfig[option] == 0: if self.defConfig[option] == 0:
self.Irc.send2socket(f":{dnickname} PRIVMSG {dchanlog} :[ {color_red}PROXY_SCAN {option.upper()}{color_black} ] : Already Deactivated") self.Irc.send2socket(f":{dnickname} PRIVMSG {dchanlog} :[ {color_red}PROXY_SCAN {option.upper()}{color_black} ] : Already Deactivated")
return None return None
self.update_db_configuration(option, 0) self.update_db_configuration(option, 0)
self.Irc.send2socket(f":{dnickname} PRIVMSG {dchanlog} :[ {color_red}PROXY_SCAN {option.upper()}{color_black} ] : Deactivated by {fromuser}") self.Irc.send2socket(f":{dnickname} PRIVMSG {dchanlog} :[ {color_red}PROXY_SCAN {option.upper()}{color_black} ] : Deactivated by {fromuser}")
case 'cloudfilt_scan': case 'cloudfilt_scan':