2016-08-03 19:59:55 +02:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
|
|
|
import csv
|
|
|
|
import ipaddress
|
2020-07-20 17:40:00 +02:00
|
|
|
import logging
|
2021-09-15 11:44:51 +02:00
|
|
|
from typing import List, Tuple
|
2016-08-03 19:59:55 +02:00
|
|
|
|
2020-07-27 10:44:30 +02:00
|
|
|
from generator import download_to_file, get_version, write_to_file, get_abspath_source_file
|
2016-08-03 19:59:55 +02:00
|
|
|
|
2022-09-09 16:22:54 +02:00
|
|
|
golden_servers_ipv4 = ['9.9.9.9', '8.8.8.8', '1.0.0.1', '1.1.1.3', '8.8.4.4', '1.1.1.1']
|
2016-08-03 19:59:55 +02:00
|
|
|
|
|
|
|
|
2021-09-15 11:44:51 +02:00
|
|
|
def process(ipv4: List, ipv6: List, hostname: List):
|
2020-07-20 17:40:00 +02:00
|
|
|
# Public DNS Domains
|
|
|
|
publicdns_hostname_dst = 'public-dns-hostname'
|
|
|
|
publicdns_hostname_warninglist = {
|
|
|
|
'description': 'Event contains one or more public DNS resolvers (expressed as hostname) as attribute with an IDS flag set',
|
|
|
|
'name': 'List of known public DNS resolvers expressed as hostname',
|
|
|
|
'type': 'hostname',
|
|
|
|
'matching_attributes': ['hostname', 'domain', 'url', 'domain|ip']
|
|
|
|
}
|
2021-09-15 11:44:51 +02:00
|
|
|
generate(hostname, publicdns_hostname_warninglist, publicdns_hostname_dst)
|
2016-08-03 19:59:55 +02:00
|
|
|
|
2020-07-20 17:40:00 +02:00
|
|
|
# Public DNS IPv4
|
|
|
|
publicdns_ipv4_dst = 'public-dns-v4'
|
|
|
|
publicdns_ipv4_warninglist = {
|
|
|
|
'description': 'Event contains one or more public IPv4 DNS resolvers as attribute with an IDS flag set',
|
|
|
|
'name': 'List of known IPv4 public DNS resolvers',
|
2021-06-10 09:54:23 +02:00
|
|
|
'type': 'cidr',
|
2024-06-15 03:45:20 +02:00
|
|
|
'matching_attributes': ['ip-src', 'ip-dst', 'domain|ip', 'ip-src|port', 'ip-dst|port']
|
2020-07-20 17:40:00 +02:00
|
|
|
}
|
2021-09-15 11:44:51 +02:00
|
|
|
generate(ipv4, publicdns_ipv4_warninglist, publicdns_ipv4_dst)
|
2016-08-03 19:59:55 +02:00
|
|
|
|
2020-07-20 17:40:00 +02:00
|
|
|
# Public DNS IPv4
|
|
|
|
publicdns_ipv6_dst = 'public-dns-v6'
|
|
|
|
publicdns_ipv6_warninglist = {
|
|
|
|
'description': 'Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set',
|
|
|
|
'name': 'List of known IPv6 public DNS resolvers',
|
2021-06-10 09:54:23 +02:00
|
|
|
'type': 'cidr',
|
2024-06-15 03:45:20 +02:00
|
|
|
'matching_attributes': ['ip-src', 'ip-dst', 'domain|ip', 'ip-src|port', 'ip-dst|port']
|
2020-07-20 17:40:00 +02:00
|
|
|
}
|
2021-09-15 11:44:51 +02:00
|
|
|
generate(ipv6, publicdns_ipv6_warninglist, publicdns_ipv6_dst)
|
2020-07-21 00:31:06 +02:00
|
|
|
|
|
|
|
|
|
|
|
def generate(data_list, warninglist, dst):
|
|
|
|
warninglist['version'] = get_version()
|
2020-07-21 13:42:50 +02:00
|
|
|
warninglist['list'] = data_list
|
2020-07-21 00:31:06 +02:00
|
|
|
|
|
|
|
write_to_file(warninglist, dst)
|
|
|
|
|
|
|
|
|
2021-09-15 11:44:51 +02:00
|
|
|
def get_lists_publidns(file) -> Tuple[List, List, List]:
|
2020-07-27 10:44:30 +02:00
|
|
|
with open(get_abspath_source_file(file)) as csv_file:
|
2020-07-21 00:31:06 +02:00
|
|
|
servers_list = csv.reader(csv_file, delimiter=',', quotechar='"')
|
|
|
|
|
|
|
|
lipv4 = []
|
|
|
|
lipv6 = []
|
|
|
|
lhostname = []
|
|
|
|
for row in servers_list:
|
|
|
|
if row[7] in (None, ""):
|
|
|
|
try:
|
|
|
|
ip = ipaddress.ip_address(row[0])
|
|
|
|
|
|
|
|
if ip.version == 4:
|
|
|
|
lipv4.append(ip.compressed)
|
|
|
|
elif ip.version == 6:
|
|
|
|
lipv6.append(ip.compressed)
|
|
|
|
|
2024-06-15 04:25:16 +02:00
|
|
|
if row[1] is not None:
|
2022-08-16 08:26:14 +02:00
|
|
|
row[1] = row[1].rstrip('.')
|
2024-06-15 04:25:16 +02:00
|
|
|
if ('.') in row[1]:
|
|
|
|
lhostname.append(row[1])
|
2020-07-21 00:31:06 +02:00
|
|
|
except ValueError as exc:
|
|
|
|
logging.warning(str(exc))
|
|
|
|
|
2021-07-13 09:21:21 +02:00
|
|
|
for golden in golden_servers_ipv4:
|
|
|
|
if golden not in lipv4:
|
|
|
|
lipv4.append(golden)
|
|
|
|
|
2020-07-21 00:31:06 +02:00
|
|
|
return lipv4, lipv6, lhostname
|
|
|
|
|
|
|
|
|
2021-09-15 11:44:51 +02:00
|
|
|
def get_lists_dnscrypt(file) -> Tuple[List, List]:
|
|
|
|
with open(get_abspath_source_file(file)) as csv_file:
|
|
|
|
servers_list = csv.reader(csv_file, delimiter=',', quotechar='"')
|
|
|
|
next(servers_list) # skip header
|
|
|
|
lipv4 = []
|
|
|
|
lipv6 = []
|
|
|
|
for row in servers_list:
|
|
|
|
address = row[10]
|
|
|
|
if address[0] == "[":
|
|
|
|
address = address[1:address.index("]")]
|
|
|
|
else:
|
|
|
|
address = address.split(":")[0]
|
|
|
|
ip = ipaddress.ip_address(address)
|
|
|
|
if ip.version == 4:
|
|
|
|
lipv4.append(ip.compressed)
|
|
|
|
elif ip.version == 6:
|
|
|
|
lipv6.append(ip.compressed)
|
|
|
|
|
|
|
|
return lipv4, lipv6
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
2020-07-21 00:31:06 +02:00
|
|
|
publicdns_url = 'https://public-dns.info/nameservers.csv'
|
|
|
|
publicdns_file = 'public-dns-nameservers.csv'
|
|
|
|
download_to_file(publicdns_url, publicdns_file)
|
|
|
|
|
2021-09-15 11:44:51 +02:00
|
|
|
dnscrypt_url = "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v1/dnscrypt-resolvers.csv"
|
|
|
|
dnscrypt_file = "dnscrypt-resolvers.csv"
|
|
|
|
download_to_file(dnscrypt_url, dnscrypt_file)
|
|
|
|
|
|
|
|
ipv4, ipv6, hostname = get_lists_publidns(publicdns_file)
|
|
|
|
ipv4_c, ipv6_c = get_lists_dnscrypt(dnscrypt_file)
|
|
|
|
|
|
|
|
ipv4 += ipv4_c
|
|
|
|
ipv6 += ipv6_c
|
|
|
|
|
|
|
|
process(ipv4, ipv6, hostname)
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
main()
|