MISP
/
misp-warninglists
mirror of https://github.com/MISP/misp-warninglists
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #184 from JakubOnderka/update 

Update
pull/187/head
Alexandre Dulaunoy 2021-06-10 18:53:13 +02:00 committed by GitHub
parent 68737e2374 f0f7b08c15
commit 0807d2b090
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 7416 additions and 539 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
generate_all.sh
View File

@ -29,6 +29,9 @@ python3 generate_tranco.py
python3 generate-university-domain-list.py
python3 generate-vpn.py
python3 generate-wikimedia.py
python3 genetate-second-level-tlds.py
python3 generate-google-gcp.py
python3 generate-google-gmail-sending-ips.py
popd
./jq_all_the_things.sh

14
lists/apple/list.json Normal file
View File

@ -0,0 +1,14 @@
{
"description": "IP ranges assigned to Apple",
"list": [
"17.0.0.0/8"
],
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"name": "List of known Apple IP ranges",
"type": "cidr",
"version": 20210610
}

47
lists/google-gcp/list.json
View File

@ -88,6 +88,7 @@
"2600:1901::/48",
"34.100.128.0/17",
"34.101.128.0/17",
"34.101.18.0/24",
"34.101.20.0/22",
"34.101.24.0/22",
"34.101.64.0/18",
@ -98,7 +99,15 @@
"34.104.108.0/23",
"34.104.110.0/23",
"34.104.112.0/23",
"34.104.116.0/22",
"34.104.120.0/23",
"34.104.122.0/23",
"34.104.124.0/23",
"34.104.126.0/23",
"34.104.128.0/17",
"34.104.27.0/24",
"34.104.49.0/24",
"34.104.52.0/24",
"34.104.64.0/21",
"34.104.72.0/22",
"34.104.76.0/22",
@ -111,7 +120,10 @@
"34.107.0.0/17",
"34.107.128.0/17",
"34.116.0.0/21",
"34.116.128.0/17",
"34.116.64.0/18",
"34.117.0.0/16",
"34.118.0.0/17",
"34.120.0.0/16",
"34.121.0.0/16",
"34.122.0.0/15",
@ -126,11 +138,44 @@
"34.124.44.0/23",
"34.124.46.0/23",
"34.124.48.0/23",
"34.124.52.0/22",
"34.124.56.0/23",
"34.124.58.0/23",
"34.124.60.0/23",
"34.124.62.0/23",
"34.124.8.0/22",
"34.125.0.0/16",
"34.126.128.0/18",
"34.126.192.0/20",
"34.126.208.0/20",
"34.126.64.0/18",
"34.127.0.0/17",
"34.127.177.0/24",
"34.127.180.0/24",
"34.129.0.0/16",
"34.131.0.0/16",
"34.132.0.0/14",
"34.136.0.0/16",
"34.137.0.0/16",
"34.138.0.0/15",
"34.140.0.0/16",
"34.141.0.0/17",
"34.141.128.0/17",
"34.142.0.0/17",
"34.145.0.0/17",
"34.145.128.0/17",
"34.146.0.0/16",
"34.147.0.0/17",
"34.147.128.0/17",
"34.148.0.0/16",
"34.149.0.0/16",
"34.150.0.0/17",
"34.150.128.0/17",
"34.151.0.0/18",
"34.151.128.0/18",
"34.151.192.0/18",
"34.151.64.0/18",
"34.152.0.0/18",
"34.64.128.0/22",
"34.64.132.0/22",
"34.64.136.0/21",
@ -392,5 +437,5 @@
],
"name": "List of known GCP (Google Cloud Platform) IP address ranges",
"type": "cidr",
"version": 20201024
"version": 20210610
}

20
lists/google-gmail-sending-ips/list.json
View File

@ -1,11 +1,18 @@
{
"description": "List of known gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en )",
"description": "List of known Gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)",
"list": [
"108.177.8.0/21",
"108.177.96.0/19",
"130.211.0.0/22",
"172.217.0.0/19",
"172.217.128.0/19",
"172.217.160.0/20",
"172.217.192.0/19",
"172.217.32.0/20",
"172.253.112.0/20",
"172.253.56.0/21",
"173.194.0.0/16",
"2001:4860:4000::/36",
"207.126.144.0/20",
"209.85.128.0/17",
"216.239.32.0/19",
"216.58.192.0/19",
@ -14,7 +21,8 @@
"2800:3f0:4000::/36",
"2a00:1450:4000::/36",
"2c0f:fb50:4000::/36",
"64.18.0.0/20",
"35.190.247.0/24",
"35.191.0.0/16",
"64.233.160.0/19",
"66.102.0.0/20",
"66.249.80.0/20",
@ -22,11 +30,11 @@
"74.125.0.0/16"
],
"matching_attributes": [
"ip-dst",
"ip-src",
"ip-dst",
"domain|ip"
],
"name": "List of known gmail sending IP ranges",
"name": "List of known Gmail sending IP ranges",
"type": "cidr",
"version": 20190809
"version": 20210610
}

1355
lists/microsoft-azure-china/list.json Normal file
View File

File diff suppressed because it is too large Load Diff

215
lists/microsoft-azure-germany/list.json Normal file
View File

@ -0,0 +1,215 @@
{
"description": "Microsoft Azure Germany Datacenter IP Ranges",
"list": [
"2a01:4180:2000::/40",
"2a01:4180:2400::/40",
"2a01:4180:4050:400::/64",
"2a01:4180:4050:800::/64",
"2a01:4180:4051:400::/64",
"2a01:4180:4051:800::/64",
"2a01:4180:c001:8::/61",
"2a01:4180:c003:8::/61",
"51.18.0.0/22",
"51.18.12.0/22",
"51.18.16.0/24",
"51.18.17.0/24",
"51.18.18.0/24",
"51.18.19.0/24",
"51.18.24.0/21",
"51.18.32.0/21",
"51.18.32.64/30",
"51.18.32.72/29",
"51.18.32.80/28",
"51.18.32.96/28",
"51.18.4.0/22",
"51.18.40.0/21",
"51.18.40.64/30",
"51.18.40.72/29",
"51.18.40.80/28",
"51.18.40.96/28",
"51.18.8.0/22",
"51.4.128.0/17",
"51.4.136.19/32",
"51.4.144.100/31",
"51.4.144.221/32",
"51.4.144.222/32",
"51.4.144.99/32",
"51.4.145.23/32",
"51.4.145.246/32",
"51.4.145.39/32",
"51.4.145.55/32",
"51.4.145.57/32",
"51.4.145.82/32",
"51.4.146.41/32",
"51.4.146.68/32",
"51.4.146.77/32",
"51.4.146.80/32",
"51.4.147.130/32",
"51.4.147.190/32",
"51.4.150.40/32",
"51.4.168.128/27",
"51.4.168.16/28",
"51.4.168.48/28",
"51.4.200.133/32",
"51.4.208.16/28",
"51.4.208.32/28",
"51.4.224.239/32",
"51.4.224.37/32",
"51.4.225.99/32",
"51.4.226.98/32",
"51.4.231.202/32",
"51.4.232.32/27",
"51.4.32.0/19",
"51.4.72.0/24",
"51.4.80.0/27",
"51.4.84.0/24",
"51.4.86.64/26",
"51.5.128.0/17",
"51.5.136.21/32",
"51.5.144.101/32",
"51.5.144.120/32",
"51.5.144.140/31",
"51.5.144.173/32",
"51.5.144.179/32",
"51.5.144.185/32",
"51.5.144.198/32",
"51.5.144.201/32",
"51.5.144.216/32",
"51.5.144.236/32",
"51.5.144.237/32",
"51.5.145.130/32",
"51.5.145.89/32",
"51.5.146.29/32",
"51.5.146.33/32",
"51.5.147.182/32",
"51.5.150.132/32",
"51.5.168.128/27",
"51.5.168.64/28",
"51.5.168.96/28",
"51.5.240.174/32",
"51.5.242.106/32",
"51.5.243.5/32",
"51.5.246.239/32",
"51.5.247.109/32",
"51.5.248.112/28",
"51.5.248.128/28",
"51.5.248.160/27",
"51.5.248.64/27",
"51.5.72.0/24",
"51.5.80.0/27",
"51.5.84.0/24",
"51.5.87.0/25",
"51.8.0.0/19",
"51.8.128.0/20",
"51.8.144.0/27",
"51.8.144.128/25",
"51.8.144.64/26",
"51.8.145.0/24",
"51.8.146.0/24",
"51.8.147.0/25",
"51.8.148.0/24",
"51.8.149.0/24",
"51.8.150.0/23",
"51.8.150.0/24",
"51.8.151.0/24",
"51.8.152.0/22",
"51.8.156.0/22",
"51.8.160.0/19",
"51.8.192.0/19",
"51.8.224.0/21",
"51.8.224.0/27",
"51.8.225.0/27",
"51.8.226.0/27",
"51.8.226.128/27",
"51.8.226.160/27",
"51.8.226.192/28",
"51.8.226.208/29",
"51.8.226.216/29",
"51.8.226.224/31",
"51.8.226.232/29",
"51.8.226.240/28",
"51.8.226.32/28",
"51.8.226.48/29",
"51.8.226.56/29",
"51.8.226.64/26",
"51.8.227.0/26",
"51.8.227.160/28",
"51.8.227.176/28",
"51.8.227.192/27",
"51.8.227.224/29",
"51.8.227.232/29",
"51.8.227.240/29",
"51.8.227.64/27",
"51.8.227.96/27",
"51.8.229.0/27",
"51.8.230.0/23",
"51.8.232.0/21",
"51.8.232.0/27",
"51.8.233.0/27",
"51.8.234.0/27",
"51.8.234.128/26",
"51.8.234.192/27",
"51.8.234.224/29",
"51.8.234.232/31",
"51.8.234.240/29",
"51.8.234.248/29",
"51.8.234.32/28",
"51.8.234.48/29",
"51.8.234.56/29",
"51.8.234.64/29",
"51.8.234.72/29",
"51.8.234.80/28",
"51.8.234.96/27",
"51.8.235.0/26",
"51.8.235.160/28",
"51.8.235.192/27",
"51.8.235.224/28",
"51.8.235.240/28",
"51.8.235.64/27",
"51.8.235.96/27",
"51.8.236.0/29",
"51.8.236.16/29",
"51.8.236.24/29",
"51.8.236.32/27",
"51.8.236.64/28",
"51.8.236.8/29",
"51.8.238.0/23",
"51.8.240.0/20",
"51.8.240.0/27",
"51.8.241.0/27",
"51.8.242.0/30",
"51.8.242.128/28",
"51.8.242.16/28",
"51.8.242.32/27",
"51.8.242.64/29",
"51.8.242.72/29",
"51.8.242.8/29",
"51.8.242.80/29",
"51.8.242.88/29",
"51.8.242.96/27",
"51.8.248.0/27",
"51.8.249.0/27",
"51.8.250.0/30",
"51.8.250.104/29",
"51.8.250.112/29",
"51.8.250.120/29",
"51.8.250.128/28",
"51.8.250.16/28",
"51.8.250.32/27",
"51.8.250.64/27",
"51.8.250.8/29",
"51.8.250.96/29",
"51.8.32.0/19",
"51.8.64.0/18",
"52.108.119.0/24",
"52.108.120.0/24"
],
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"name": "List of known Microsoft Azure Germany Datacenter IP Ranges",
"type": "cidr",
"version": 20210610
}

1958
lists/microsoft-azure-us-gov/list.json Normal file
View File

File diff suppressed because it is too large Load Diff

260
lists/microsoft-azure/list.json
View File

@ -335,6 +335,7 @@
"102.37.163.20/30",
"102.37.163.32/28",
"102.37.165.0/24",
"102.37.166.128/26",
"102.37.166.80/28",
"102.37.166.96/27",
"102.37.192.0/18",
@ -1201,6 +1202,7 @@
"104.46.161.0/25",
"104.46.161.128/25",
"104.46.162.128/26",
"104.46.162.192/27",
"104.46.162.32/27",
"104.46.162.64/27",
"104.46.162.8/29",
@ -1405,6 +1407,11 @@
"13.104.252.224/28",
"13.104.253.48/28",
"13.104.254.128/28",
"13.105.100.128/27",
"13.105.100.16/28",
"13.105.100.160/28",
"13.105.100.192/27",
"13.105.100.64/26",
"13.105.14.0/25",
"13.105.14.128/26",
"13.105.14.192/26",
@ -1909,6 +1916,7 @@
"13.69.111.128/26",
"13.69.111.192/30",
"13.69.111.200/29",
"13.69.111.32/27",
"13.69.111.64/26",
"13.69.112.0/25",
"13.69.112.128/28",
@ -1920,6 +1928,7 @@
"13.69.113.0/24",
"13.69.114.0/23",
"13.69.116.0/26",
"13.69.116.64/27",
"13.69.125.173/32",
"13.69.126.92/32",
"13.69.128.0/17",
@ -2040,6 +2049,7 @@
"13.70.112.32/29",
"13.70.113.0/27",
"13.70.114.0/26",
"13.70.114.128/27",
"13.70.114.192/26",
"13.70.114.64/26",
"13.70.120.215/32",
@ -2200,6 +2210,7 @@
"13.71.176.128/25",
"13.71.177.0/27",
"13.71.177.128/26",
"13.71.177.192/27",
"13.71.177.32/27",
"13.71.177.64/26",
"13.71.184.150/32",
@ -4421,7 +4432,6 @@
"193.149.72.0/21",
"193.149.80.0/21",
"193.149.88.0/21",
"198.180.96.0/25",
"198.180.97.0/24",
"199.30.16.0/24",
"199.30.18.0/23",
@ -4439,13 +4449,15 @@
"20.100.0.0/18",
"20.100.0.0/26",
"20.100.0.128/28",
"20.100.0.192/26",
"20.100.0.96/27",
"20.101.0.0/16",
"20.102.0.0/17",
"20.102.128.0/18",
"20.102.192.0/18",
"20.103.0.0/17",
"20.103.0.0/16",
"20.104.0.0/17",
"20.105.0.0/17",
"20.135.0.0/22",
"20.135.100.0/23",
"20.135.102.0/23",
@ -4897,6 +4909,20 @@
"20.157.107.0/24",
"20.157.108.0/24",
"20.157.128.0/19",
"20.157.128.0/24",
"20.157.129.0/24",
"20.157.130.0/24",
"20.157.131.0/24",
"20.157.132.0/24",
"20.157.133.0/24",
"20.157.134.0/24",
"20.157.135.0/24",
"20.157.136.0/24",
"20.157.137.0/24",
"20.157.138.0/24",
"20.157.139.0/24",
"20.157.140.0/24",
"20.157.141.0/24",
"20.157.2.0/24",
"20.157.3.0/24",
"20.157.32.0/19",
@ -4906,6 +4932,7 @@
"20.157.36.0/23",
"20.157.38.0/24",
"20.157.39.0/24",
"20.157.4.0/24",
"20.157.40.0/24",
"20.157.41.0/24",
"20.157.42.0/24",
@ -4923,6 +4950,10 @@
"20.157.56.0/24",
"20.157.57.0/24",
"20.157.58.0/24",
"20.157.59.0/24",
"20.157.60.0/24",
"20.157.61.0/24",
"20.157.62.0/23",
"20.157.96.0/24",
"20.157.97.0/24",
"20.157.98.0/24",
@ -5070,11 +5101,13 @@
"20.189.171.128/25",
"20.189.171.64/27",
"20.189.172.0/25",
"20.189.172.224/27",
"20.189.180.225/32",
"20.189.181.8/32",
"20.189.192.0/18",
"20.189.192.144/28",
"20.189.192.160/27",
"20.189.192.192/26",
"20.189.224.0/26",
"20.189.224.208/29",
"20.189.224.224/27",
@ -5546,6 +5579,9 @@
"20.192.104.0/21",
"20.192.112.0/20",
"20.192.128.0/19",
"20.192.152.0/26",
"20.192.152.64/27",
"20.192.152.96/28",
"20.192.160.0/21",
"20.192.160.0/28",
"20.192.160.16/30",
@ -5847,6 +5883,7 @@
"20.194.128.128/26",
"20.194.128.192/26",
"20.194.129.0/26",
"20.194.129.64/27",
"20.194.4.102/32",
"20.194.64.0/20",
"20.194.64.0/27",
@ -5898,6 +5935,7 @@
"20.194.80.0/21",
"20.194.80.0/26",
"20.194.80.128/26",
"20.194.80.192/27",
"20.194.80.64/26",
"20.194.81.0/25",
"20.194.96.0/19",
@ -5994,6 +6032,7 @@
"20.200.193.0/24",
"20.200.194.160/27",
"20.200.194.192/28",
"20.200.195.0/26",
"20.200.64.0/18",
"20.201.0.0/17",
"20.201.223.0/24",
@ -6015,9 +6054,9 @@
"20.202.43.0/24",
"20.202.61.0/24",
"20.203.0.0/18",
"20.203.0.247/32",
"20.203.128.0/17",
"20.204.0.0/17",
"20.204.128.0/18",
"20.204.0.0/16",
"20.205.0.0/18",
"20.205.0.0/29",
"20.205.0.128/27",
@ -6035,6 +6074,7 @@
"20.205.64.0/20",
"20.205.64.0/23",
"20.205.66.0/24",
"20.205.67.128/26",
"20.205.67.48/28",
"20.205.67.64/27",
"20.205.72.64/27",
@ -6084,6 +6124,78 @@
"20.205.85.0/25",
"20.205.85.128/26",
"20.205.96.0/19",
"20.206.0.0/18",
"20.206.0.0/26",
"20.207.0.0/18",
"20.207.0.0/26",
"20.21.32.0/28",
"20.21.32.16/30",
"20.21.32.192/26",
"20.21.32.20/31",
"20.21.32.22/31",
"20.21.32.24/29",
"20.21.32.32/29",
"20.21.32.64/26",
"20.21.33.0/27",
"20.21.33.128/25",
"20.21.33.32/27",
"20.21.34.160/27",
"20.21.36.0/26",
"20.21.36.124/30",
"20.21.36.128/26",
"20.21.36.64/27",
"20.21.36.96/28",
"20.21.37.0/28",
"20.21.37.112/30",
"20.21.37.116/30",
"20.21.37.120/29",
"20.21.37.128/25",
"20.21.37.32/29",
"20.21.37.40/29",
"20.21.37.48/29",
"20.21.37.56/29",
"20.21.37.64/27",
"20.21.37.96/28",
"20.21.38.0/24",
"20.21.39.0/26",
"20.21.39.128/26",
"20.21.39.224/29",
"20.21.39.232/29",
"20.21.39.240/28",
"20.21.39.64/27",
"20.21.40.64/27",
"20.21.41.64/27",
"20.21.42.0/26",
"20.21.42.112/29",
"20.21.42.120/29",
"20.21.42.128/26",
"20.21.42.192/26",
"20.21.42.64/29",
"20.21.42.76/30",
"20.21.42.80/29",
"20.21.42.88/30",
"20.21.42.96/28",
"20.21.43.0/26",
"20.21.43.128/26",
"20.21.43.224/28",
"20.21.43.244/30",
"20.21.43.248/29",
"20.21.43.64/26",
"20.21.44.0/26",
"20.21.44.128/25",
"20.21.44.64/27",
"20.21.44.96/27",
"20.21.46.0/26",
"20.21.46.128/29",
"20.21.46.64/28",
"20.21.46.80/28",
"20.21.46.96/27",
"20.21.48.0/23",
"20.21.50.0/23",
"20.21.52.0/24",
"20.21.53.0/27",
"20.21.53.32/27",
"20.21.53.64/26",
"20.36.0.0/19",
"20.36.104.0/21",
"20.36.104.0/27",
@ -6206,6 +6318,7 @@
"20.36.144.128/27",
"20.36.144.192/26",
"20.36.144.64/26",
"20.36.145.0/27",
"20.36.218.70/32",
"20.36.220.93/32",
"20.36.222.39/32",
@ -7116,11 +7229,13 @@
"20.42.65.128/25",
"20.42.65.64/29",
"20.42.65.72/29",
"20.42.65.96/27",
"20.42.66.0/23",
"20.42.66.0/24",
"20.42.67.0/24",
"20.42.68.0/26",
"20.42.68.128/26",
"20.42.68.192/27",
"20.42.68.64/26",
"20.42.7.0/25",
"20.42.7.128/27",
@ -7133,10 +7248,12 @@
"20.42.73.0/29",
"20.42.73.128/25",
"20.42.73.16/29",
"20.42.73.32/27",
"20.42.73.64/26",
"20.42.73.8/30",
"20.42.74.0/26",
"20.42.74.128/26",
"20.42.74.192/27",
"20.42.74.64/26",
"20.43.0.0/19",
"20.43.120.0/21",
@ -7700,7 +7817,6 @@
"20.46.224.0/19",
"20.46.32.0/19",
"20.46.42.220/32",
"20.46.45.161/32",
"20.46.46.173/32",
"20.46.46.252/32",
"20.46.8.0/23",
@ -7855,6 +7971,7 @@
"20.48.200.128/26",
"20.48.200.192/27",
"20.48.200.224/28",
"20.48.201.0/26",
"20.48.224.0/19",
"20.49.0.0/18",
"20.49.102.128/26",
@ -8050,6 +8167,7 @@
"20.50.200.0/24",
"20.50.201.0/26",
"20.50.201.128/26",
"20.50.201.224/27",
"20.50.201.64/26",
"20.50.211.192/32",
"20.50.212.103/32",
@ -8079,6 +8197,7 @@
"20.50.72.128/26",
"20.50.72.192/26",
"20.50.72.64/26",
"20.50.73.32/27",
"20.50.80.0/21",
"20.50.80.0/26",
"20.50.80.128/26",
@ -8185,6 +8304,7 @@
"20.52.90.128/25",
"20.52.91.128/25",
"20.52.92.0/24",
"20.52.93.128/26",
"20.52.93.40/29",
"20.52.93.80/28",
"20.52.93.96/27",
@ -8318,6 +8438,7 @@
"20.58.70.0/25",
"20.58.70.192/27",
"20.58.70.224/28",
"20.58.71.0/26",
"20.59.0.0/18",
"20.59.128.0/18",
"20.59.192.0/18",
@ -8387,6 +8508,14 @@
"20.60.216.0/23",
"20.60.218.0/23",
"20.60.22.0/23",
"20.60.220.0/23",
"20.60.222.0/23",
"20.60.224.0/23",
"20.60.226.0/23",
"20.60.228.0/23",
"20.60.230.0/23",
"20.60.232.0/23",
"20.60.234.0/23",
"20.60.24.0/23",
"20.60.26.0/23",
"20.60.28.0/23",
@ -8417,6 +8546,7 @@
"20.60.82.0/23",
"20.60.84.0/23",
"20.60.86.0/23",
"20.60.88.0/22",
"20.60.9.0/24",
"20.61.0.0/16",
"20.61.100.0/23",
@ -8650,6 +8780,9 @@
"20.74.0.115/32",
"20.74.0.127/32",
"20.74.128.0/17",
"20.74.152.13/32",
"20.74.178.102/32",
"20.74.182.99/32",
"20.75.0.0/17",
"20.75.128.0/17",
"20.76.0.0/16",
@ -8710,8 +8843,6 @@
"20.88.64.64/26",
"20.88.65.0/24",
"20.88.66.0/27",
"20.88.66.32/27",
"20.88.66.64/28",
"20.88.96.0/19",
"20.89.0.0/17",
"20.89.0.0/26",
@ -8719,6 +8850,7 @@
"20.89.0.192/26",
"20.89.0.64/26",
"20.89.1.32/29",
"20.89.1.64/27",
"20.89.10.0/24",
"20.89.11.48/28",
"20.89.11.64/27",
@ -10102,6 +10234,8 @@
"2603:1020:1104::700/121",
"2603:1020:1104::780/121",
"2603:1020:200::/46",
"2603:1020:200::682f:a517/128",
"2603:1020:200::682f:a52a/128",
"2603:1020:205::/48",
"2603:1020:206:1::/123",
"2603:1020:206:1::140/123",
@ -11660,6 +11794,9 @@
"2603:1030:107:1::500/120",
"2603:1030:107:1::600/120",
"2603:1030:107:1::80/121",
"2603:1030:107:2::/120",
"2603:1030:107:2::100/121",
"2603:1030:107:2::80/121",
"2603:1030:107:400::/125",
"2603:1030:107:400::10/125",
"2603:1030:107:400::100/122",
@ -12003,7 +12140,14 @@
"2603:1030:401:1e0::/60",
"2603:1030:401:1f0::/61",
"2603:1030:401:1f8::/64",
"2603:1030:401:1f9::/64",
"2603:1030:401:1fa::/63",
"2603:1030:401:1fc::/62",
"2603:1030:401:200::/61",
"2603:1030:401:208::/62",
"2603:1030:401:20::/59",
"2603:1030:401:20c::/63",
"2603:1030:401:20e::/64",
"2603:1030:401:2::/63",
"2603:1030:401:40::/60",
"2603:1030:401:4::/62",
@ -12502,8 +12646,8 @@
"2603:1030:802::/47",
"2603:1030:804:100::/59",
"2603:1030:804:120::/60",
"2603:1030:804:130::/63",
"2603:1030:804:132::/64",
"2603:1030:804:130::/62",
"2603:1030:804:134::/63",
"2603:1030:804:40::/60",
"2603:1030:804:53::/64",
"2603:1030:804:54::/64",
@ -12682,6 +12826,8 @@
"2603:1030:9:160::/61",
"2603:1030:9:168::/62",
"2603:1030:9:16::/64",
"2603:1030:9:16c::/63",
"2603:1030:9:16e::/64",
"2603:1030:9:17::/64",
"2603:1030:9:18::/61",
"2603:1030:9:20::/59",
@ -13304,7 +13450,66 @@
"2603:1037:1:f0::/121",
"2603:1037:1:f8::/121",
"2603:1039:205::/48",
"2603:1040:1002:1::/121",
"2603:1040:1002:1::100/121",
"2603:1040:1002:1::180/123",
"2603:1040:1002:1::1c0/123",
"2603:1040:1002:1::1e0/123",
"2603:1040:1002:1::200/120",
"2603:1040:1002:1::300/121",
"2603:1040:1002:1::380/121",
"2603:1040:1002:1::400/122",
"2603:1040:1002:1::440/123",
"2603:1040:1002:1::460/124",
"2603:1040:1002:1::470/125",
"2603:1040:1002:1::478/125",
"2603:1040:1002:1::480/121",
"2603:1040:1002:1::500/122",
"2603:1040:1002:1::540/122",
"2603:1040:1002:1::580/121",
"2603:1040:1002:1::600/120",
"2603:1040:1002:2::100/120",
"2603:1040:1002:2::20/123",
"2603:1040:1002:2::200/121",
"2603:1040:1002:2::280/121",
"2603:1040:1002:2::40/122",
"2603:1040:1002:2::80/123",
"2603:1040:1002:2::a0/123",
"2603:1040:1002:2::c0/123",
"2603:1040:1002:400::/122",
"2603:1040:1002:400::100/121",
"2603:1040:1002:400::180/125",
"2603:1040:1002:400::188/125",
"2603:1040:1002:400::190/124",
"2603:1040:1002:400::1a0/123",
"2603:1040:1002:400::1c0/122",
"2603:1040:1002:400::200/123",
"2603:1040:1002:400::230/124",
"2603:1040:1002:400::240/123",
"2603:1040:1002:400::280/121",
"2603:1040:1002:400::380/122",
"2603:1040:1002:400::3c0/124",
"2603:1040:1002:400::3e0/123",
"2603:1040:1002:400::40/125",
"2603:1040:1002:400::48/125",
"2603:1040:1002:400::58/125",
"2603:1040:1002:400::80/122",
"2603:1040:1002:400::c0/122",
"2603:1040:1002::100/120",
"2603:1040:1002::380/121",
"2603:1040:1002::40/123",
"2603:1040:1002::400/123",
"2603:1040:1002::440/122",
"2603:1040:1002::480/121",
"2603:1040:1002::500/122",
"2603:1040:1002::60/123",
"2603:1040:1002::740/123",
"2603:1040:1002::780/125",
"2603:1040:1002::7c0/123",
"2603:1040:1002::7e0/124",
"2603:1040:1002::80/122",
"2603:1040:1002::c0/123",
"2603:1040:1002::e0/123",
"2603:1040:1101:2::3/128",
"2603:1040:1101::/48",
"2603:1040:1103::/48",
@ -14897,6 +15102,8 @@
"2a01:111:f100:9001::1761:9696/128",
"2a01:111:f100:a000::/63",
"2a01:111:f100:a001::4134:e463/128",
"2a01:111:f100:a001::a83f:5c0a/128",
"2a01:111:f100:a001::a83f:5c0c/128",
"2a01:111:f100:a002::/64",
"2a01:111:f100:a004::/64",
"2a01:111:f100:a004::bfeb:8ba9/128",
@ -15303,7 +15510,6 @@
"40.119.147.102/32",
"40.119.154.72/32",
"40.119.160.0/19",
"40.119.163.43/32",
"40.119.166.152/32",
"40.119.167.95/32",
"40.119.192.0/18",
@ -15417,6 +15623,7 @@
"40.120.85.0/25",
"40.120.86.16/28",
"40.120.86.32/27",
"40.120.86.64/26",
"40.120.9.0/26",
"40.121.0.0/16",
"40.121.134.1/32",
@ -15481,7 +15688,12 @@
"40.123.136.0/24",
"40.123.140.0/22",
"40.123.144.0/26",
"40.123.144.104/30",
"40.123.144.108/31",
"40.123.144.64/29",
"40.123.144.72/29",
"40.123.144.80/28",
"40.123.144.96/29",
"40.123.16.16/28",
"40.123.192.0/19",
"40.123.204.26/32",
@ -15506,8 +15718,6 @@
"40.123.225.135/32",
"40.123.228.182/32",
"40.123.228.58/32",
"40.123.230.179/32",
"40.123.230.249/32",
"40.123.230.45/32",
"40.123.230.81/32",
"40.123.231.179/32",
@ -15530,6 +15740,7 @@
"40.124.64.128/30",
"40.124.64.136/29",
"40.124.64.144/29",
"40.124.64.160/27",
"40.124.64.192/26",
"40.124.65.0/26",
"40.124.65.64/26",
@ -17472,6 +17683,7 @@
"40.79.191.128/26",
"40.79.191.192/30",
"40.79.191.200/29",
"40.79.191.224/27",
"40.79.191.64/26",
"40.79.192.0/21",
"40.79.192.0/27",
@ -18285,6 +18497,8 @@
"40.87.171.224/28",
"40.87.171.240/29",
"40.87.171.248/31",
"40.87.171.250/31",
"40.87.171.252/30",
"40.87.171.32/30",
"40.87.171.36/30",
"40.87.171.4/30",
@ -18327,15 +18541,17 @@
"40.87.177.96/28",
"40.87.178.0/25",
"40.87.178.128/28",
"40.87.178.144/30",
"40.87.178.148/31",
"40.87.178.144/29",
"40.87.178.152/30",
"40.87.180.0/30",
"40.87.180.12/31",
"40.87.180.128/26",
"40.87.180.14/31",
"40.87.180.16/30",
"40.87.180.192/30",
"40.87.180.196/30",
"40.87.180.20/31",
"40.87.180.200/31",
"40.87.180.22/31",
"40.87.180.24/30",
"40.87.180.28/30",
@ -19344,6 +19560,7 @@
"51.107.245.0/24",
"51.107.246.112/28",
"51.107.246.128/27",
"51.107.246.192/26",
"51.107.248.0/21",
"51.107.249.0/26",
"51.107.249.128/27",
@ -20373,6 +20590,7 @@
"51.132.192.128/26",
"51.132.192.192/26",
"51.132.193.0/26",
"51.132.193.64/27",
"51.132.193.96/29",
"51.132.29.107/32",
"51.132.43.66/32",
@ -20462,6 +20680,7 @@
"51.138.213.128/25",
"51.138.213.16/28",
"51.138.214.0/24",
"51.138.215.128/26",
"51.138.215.48/28",
"51.138.215.64/27",
"51.138.40.194/32",
@ -20516,6 +20735,7 @@
"51.140.149.32/27",
"51.140.149.64/28",
"51.140.149.96/27",
"51.140.151.128/27",
"51.140.151.160/29",
"51.140.151.64/26",
"51.140.152.154/32",
@ -21684,6 +21904,7 @@
"52.139.110.0/25",
"52.139.111.0/27",
"52.139.111.32/28",
"52.139.111.64/26",
"52.139.128.0/18",
"52.139.152.27/32",
"52.139.16.105/32",
@ -22276,7 +22497,7 @@
"52.159.53.112/28",
"52.159.53.64/28",
"52.159.55.120/32",
"52.159.64.0/19",
"52.159.64.0/18",
"52.160.0.0/16",
"52.160.100.5/32",
"52.160.136.16/28",
@ -22558,11 +22779,12 @@
"52.167.110.0/24",
"52.167.111.0/26",
"52.167.111.160/30",
"52.167.111.192/27",
"52.167.111.64/26",
"52.167.117.226/32",
"52.167.143.179/32",
"52.167.145.0/26",
"52.167.145.64/27",
"52.167.145.64/26",
"52.167.155.89/32",
"52.167.163.135/32",
"52.167.171.53/32",
@ -22600,7 +22822,9 @@
"52.168.116.64/29",
"52.168.116.72/29",
"52.168.117.0/26",
"52.168.117.128/27",
"52.168.117.64/27",
"52.168.117.96/27",
"52.168.125.188/32",
"52.168.136.177/32",
"52.168.136.186/32",
@ -22779,6 +23003,7 @@
"52.172.54.225/32",
"52.172.55.127/32",
"52.172.55.231/32",
"52.172.80.0/26",
"52.172.9.47/32",
"52.173.0.0/16",
"52.173.134.115/32",
@ -22982,6 +23207,7 @@
"52.178.168.96/28",
"52.178.17.128/26",
"52.178.17.16/28",
"52.178.17.192/27",
"52.178.17.224/29",
"52.178.17.32/27",
"52.178.17.64/26",
@ -24652,5 +24878,5 @@
],
"name": "List of known Microsoft Azure Datacenter IP Ranges",
"type": "cidr",
"version": 20210604
"version": 20210610
}

2
lists/moz-top500/list.json
View File

@ -1,5 +1,5 @@
{
"description": "Event contains one or more entries from the top 500 of the most used domains (Mozilla).",
"description": "Event contains one or more entries from the top 500 of the most used domains from Moz.",
"list": [
"20minutos.es",
"4shared.com",

4
lists/mozilla-IntermediateCA/list.json
View File

@ -1,5 +1,5 @@
{
"description": "Fingerprint of known intermedicate of trusted certificates taken from Mozilla's lists at https://wiki.mozilla.org/CA",
"description": "Fingerprint of known intermediate of trusted certificates taken from Mozilla's lists at https://wiki.mozilla.org/CA",
"list": [
"000555cdcf3b5faac807b975bf2eb722b77876c797385aec00a8767daaba900f",
"000cf657b374afa36610df4a183c90b2",
@ -7270,7 +7270,7 @@
"x509-fingerprint-sha1",
"x509-fingerprint-sha256"
],
"name": "Fingerprint of known intermedicate of trusted certificates",
"name": "Fingerprint of known intermediate of trusted certificates",
"type": "string",
"version": 20210604
}

2
lists/ovh-cluster/list.json
View File

@ -439,6 +439,6 @@
"domain|ip"
],
"name": "List of known Ovh Cluster IP",
"type": "string",
"type": "cidr",
"version": 20180222
}

2
lists/public-dns-v4/list.json
View File

@ -1512,6 +1512,6 @@
"domain|ip"
],
"name": "List of known IPv4 public DNS resolvers",
"type": "string",
"type": "cidr",
"version": 20210604
}

2
lists/public-dns-v6/list.json
View File

@ -77,6 +77,6 @@
"domain|ip"
],
"name": "List of known IPv6 public DNS resolvers",
"type": "string",
"type": "cidr",
"version": 20210604
}

4
lists/rfc1918/list.json
View File

@ -1,5 +1,5 @@
{
"description": "Event contains one or more entries part of the RFC 1918 CIDR blocks",
"description": "Event contains one or more entries part of the private network CIDR blocks (RFC 1918)",
"list": [
"10.0.0.0/8",
"172.16.0.0/12",
@ -12,5 +12,5 @@
],
"name": "List of RFC 1918 CIDR blocks",
"type": "cidr",
"version": 3
"version": 4
}

4
lists/rfc5735/list.json
View File

@ -1,5 +1,5 @@
{
"description": "Event contains one or more entries part of the RFC 5735 CIDR blocks - Special Use IPv4 Addresses",
"description": "Event contains one or more entries part of the Special Use IPv4 Addresses CIDR blocks (RFC 5735)",
"list": [
"0.0.0.0/8",
"10.0.0.0/8",
@ -24,5 +24,5 @@
],
"name": "List of RFC 5735 CIDR blocks",
"type": "cidr",
"version": 3
"version": 4
}

4
lists/rfc6598/list.json
View File

@ -1,5 +1,5 @@
{
"description": "Event contains one or more entries part of the RFC 6598 CIDR blocks - Special Use IPv4 Addresses",
"description": "Event contains one or more entries part of the Shared Address Space CIDR blocks (RFC 6598)",
"list": [
"100.64.0.0/10"
],
@ -10,5 +10,5 @@
],
"name": "List of RFC 6598 CIDR blocks",
"type": "cidr",
"version": 3
"version": 4
}

4
lists/rfc6761/list.json
View File

@ -1,5 +1,5 @@
{
"description": "Event contains one or more entries part of the RFC 6761 Special-Use Domain Names",
"description": "Event contains one or more entries part of the Special-Use Domain Names (RFC 6761)",
"list": [
"10.in-addr.arpa",
"16.172.in-addr.arpa",
@ -30,5 +30,5 @@
],
"name": "List of RFC 6761 Special-Use Domain Names",
"type": "string",
"version": 1
"version": 2
}

3667
lists/second-level-tlds/list.json
View File

File diff suppressed because it is too large Load Diff

224
lists/stackpath/list.json
View File

@ -1,6 +1,226 @@
{
"description": "List of known Stackpath (Highwinds) CDN IP ranges (https://support.stackpath.com/hc/en-us/articles/360001091666-Whitelist-CDN-WAF-IP-Blocks)",
"list": [],
"list": [
"102.133.165.127/32",
"102.133.168.247/32",
"103.209.192.93/32",
"103.228.104.0/24",
"103.66.28.0/22",
"104.156.232.232/32",
"104.214.147.166/32",
"104.214.150.207/32",
"104.238.157.42/32",
"108.61.185.90/32",
"120.26.119.191/32",
"146.88.130.128/25",
"149.154.157.239/32",
"149.154.159.21/32",
"149.28.235.77/32",
"149.28.254.195/32",
"151.139.0.0/17",
"151.139.42.0/24",
"151.236.14.231/32",
"151.236.14.238/32",
"151.236.15.26/32",
"151.236.18.167/32",
"151.236.20.95/32",
"151.236.21.35/32",
"151.236.21.87/32",
"151.236.23.142/32",
"151.236.23.78/32",
"151.236.24.35/32",
"151.236.24.50/32",
"158.255.208.86/32",
"173.245.194.0/24",
"173.245.208.64/26",
"173.245.210.64/26",
"173.245.216.64/26",
"173.245.218.64/26",
"184.179.88.128/25",
"184.179.90.128/25",
"185.157.232.52/32",
"185.157.233.153/32",
"185.69.89.0/24",
"185.69.91.0/24",
"192.166.245.71/32",
"192.166.245.98/32",
"2001:1938:7001:1::/64",
"2001:1938:7002:1::/64",
"2001:1938:7003:1::/64",
"2001:1938:7004:1::/64",
"2001:1938:7005:1::/64",
"2001:1938:7006:1::/64",
"2001:1938:7007:1::/64",
"2001:1938:7008:1::/64",
"2001:19f0:5800:8bfc:5400:ff:fe1c:5b87",
"2001:19f0:5800:8d34:5400:ff:fe1c:5b8c",
"2001:19f0:6000:9301:5400:ff:fe1c:85",
"2001:19f0:6000:95c5:5400:ff:fe1c:88",
"2001:19f0:7000:9aa1:5400:ff:fe1c:1090",
"2001:19f0:7000:9c35:5400:ff:fe1c:4562",
"2001:19f0:7401:834f:5400:ff:fe1c:c96",
"2001:19f0:7401:844e:5400:ff:fe1c:c99",
"2001:19f0:8000:8652:5400:ff:fe1c:45c2",
"2001:19f0:8000:8706:5400:ff:fe1c:45c4",
"2001:4801:7824:101:be76:4eff:fe10:24dc",
"2001:4801:7824:101:be76:4eff:fe10:55c6",
"2001:4DE0:110::/64",
"2001:4DE0:2010::/64",
"2001:4DE0:210::/64",
"2001:4DE0:2110::/64",
"2001:4DE0:2210:1::/64",
"2001:4DE0:2210::/64",
"2001:4DE0:2310::/64",
"2001:4DE0:3010::/64",
"2001:4DE0:3110::/64",
"2001:4DE0:4010::/64",
"2001:4DE0:410::/64",
"2001:4DE0:4110::/64",
"2001:4DE0:4310::/64",
"2001:4DE0:5010::/64",
"2001:4DE0:510::/64",
"2001:4DE0:610::/64",
"2001:4DE0:7001:1::/64",
"2001:4DE0:7002:1::/64",
"2001:4DE0:7003:1::/64",
"2001:57A:300:1100::/64",
"2001:57A:400:1100::/64",
"2001:b60:1000:149:154:157:239:1",
"2001:b60:1000:151:236:18:167:1",
"205.185.216.0/22",
"207.148.1.50/32",
"209.197.10.0/24",
"209.197.21.0/24",
"209.197.24.0/21",
"209.197.7.0/24",
"209.197.8.0/21",
"209.234.242.0/25",
"213.183.56.187/32",
"213.183.56.71/32",
"23.253.20.207/32",
"23.253.22.201/32",
"2407:1580:1100::/40",
"2407:1580:1200::/40",
"2407:1580:1300::/40",
"2407:1580:1400::/40",
"2407:1580:1500::/40",
"2407:1580:1600::/40",
"2407:1580:1700::/40",
"2604:6840:1100::/40",
"2604:6840:1200::/40",
"2604:6840:1300::/40",
"2604:6840:1400::/40",
"2604:6840:1500::/40",
"2604:6840:1600::/40",
"2604:6840:1700::/40",
"2604:6840:1800::/40",
"2604:6840:1900::/40",
"2604:6840:1C00:1100::/64",
"2604:6840:1E00::/40",
"2604:6840:f800::/40",
"2604:6840:f900::/40",
"2604:6840:fa00::/40",
"2604:6840:fb00::/40",
"2604:6840:fc00::/40",
"2606:CE80:6100:1::/64",
"2606:CE80:6200:1::/64",
"2606:CE80:6300:1::/64",
"2606:CE80:6400:1::/64",
"2606:CE80:6500:1::/64",
"2606:CE80:6600:1::/64",
"2606:CE80:6700:2::/64",
"2606:CE80:6900:1::/64",
"2A0A:E200:1100::/40",
"2A0A:E200:1300::/40",
"2A0A:E200:1400::/40",
"2A0A:E200:1600::/40",
"2A0A:E200:1700::/40",
"2A0A:E200:1900:1100::/64",
"2A0A:E200:1A00::/40",
"2A0A:E200:1C00::/40",
"2a00:1768:1003:151:236:14:231:1",
"2a00:1768:1003:151:236:14:238:1",
"2a00:1a28:1251:46:246:126:136:1",
"2a00:1a28:1251:46:246:93:179:1",
"2a00:1a48:7805:113:be76:4eff:fe08:25fa",
"2a00:1a48:7805:113:be76:4eff:fe09:1f07",
"2a00:1d70:ed15:151:236:23:142:1",
"2a00:1d70:ed15:151:236:23:78:1",
"2a01:348:99:151:236:21:35:1",
"2a01:348:99:151:236:21:87:1",
"2a03:f80:354:151:236:24:35:1",
"2a03:f80:354:151:236:24:50:1",
"2a03:f80:49:149:154:159:21:1",
"2a03:f80:49:151:236:15:26:1",
"2a03:f80:56:37:235:52:196:1",
"2a03:f80:56:37:235:52:70:1",
"2a03:f80:7:213:183:56:187:1",
"2a03:f80:7:213:183:56:71:1",
"2a03:f80:852:151:236:20:95:1",
"2a03:f80:852:158:255:208:86:1",
"2a07:4580:b0d:82::793a",
"2a07:4580:b0d:f::6324",
"2a0a:e200:1100:1600::/56",
"2a0a:e200:1900:1100::",
"2a0a:e200:1a00:1100::/56",
"2a0a:e200:1b00:1100::/56",
"34.201.233.220/32",
"34.203.52.30/32",
"34.249.164.113/32",
"34.85.22.40/32",
"34.87.56.240/32",
"34.90.24.209/32",
"35.186.155.99/32",
"35.198.12.22/32",
"35.198.52.85/32",
"35.200.117.161/32",
"35.201.16.129/32",
"35.204.22.69/32",
"35.242.210.32/32",
"35.242.213.204/32",
"35.244.107.67/32",
"35.245.0.188/32",
"35.245.111.92/32",
"37.235.52.196/32",
"37.235.52.70/32",
"45.252.191.10/32",
"45.32.129.60/32",
"45.32.179.191/32",
"45.32.183.237/32",
"45.32.225.132/32",
"45.32.45.117/32",
"45.32.52.15/32",
"45.32.69.31/32",
"45.32.94.5/32",
"45.63.90.144/32",
"46.246.126.136/32",
"46.246.93.179/32",
"47.97.251.164/32",
"52.52.23.91/32",
"52.53.106.71/32",
"54.76.234.169/32",
"63.209.33.45/32",
"69.16.133.0/24",
"69.16.176.0/20",
"69.197.10.0/24",
"69.197.11.0/24",
"69.197.12.0/24",
"69.197.8.0/24",
"69.197.9.0/24",
"74.209.134.0/24",
"78.142.19.197/32",
"81.171.105.0/24",
"81.171.106.64/26",
"81.171.112.0/24",
"81.171.60.0/24",
"81.171.61.0/24",
"81.171.68.64/26",
"84.54.49.15/32",
"94.46.144.0/20",
"95.138.170.88/32",
"95.138.175.4/32",
"A0A:E200:1200::/40"
],
"matching_attributes": [
"ip-dst",
"ip-src",
@ -8,5 +228,5 @@
],
"name": "List of known Stackpath CDN IP ranges",
"type": "cidr",
"version": 20210604
"version": 20210610
}

3
schema.json
View File

@ -29,8 +29,7 @@
"substring",
"hostname",
"cidr",
"regex",
"wildmask"
"regex"
],
"type": "string"
},

23
tools/generate-google-gcp.py Normal file
View File

@ -0,0 +1,23 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import json
from generator import download, get_version, write_to_file
if __name__ == '__main__':
cloud = download("https://www.gstatic.com/ipranges/cloud.json")
parsed = json.loads(cloud.text)
ranges = [p["ipv4Prefix"] if "ipv4Prefix" in p else p["ipv6Prefix"] for p in parsed["prefixes"]]
warninglist = {
'name': "List of known GCP (Google Cloud Platform) IP address ranges",
'version': get_version(),
'description': "GCP (Google Cloud Platform) IP address ranges (https://www.gstatic.com/ipranges/cloud.json)",
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'type': 'cidr',
'list': ranges,
}
write_to_file(warninglist, "google-gcp")

48
tools/generate-google-gmail-sending-ips.py Normal file
View File

@ -0,0 +1,48 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from ipaddress import ip_network, IPv4Network, IPv6Network
from dns.resolver import Resolver
from typing import List, Union
from generator import get_version, write_to_file
class Spf:
def _parse_spf(self, spf: str) -> dict:
output = {"include": [], "ranges": []}
for part in spf.split(" "):
if part.startswith("include:"):
output["include"].append(part.split(":", 1)[1])
elif part.startswith("ip4:") or part.startswith("ip6:"):
output["ranges"].append(ip_network(part.split(":", 1)[1]))
return output
def _query_spf(self, resolver: Resolver, domain: str) -> List[Union[IPv4Network, IPv6Network]]:
ranges = []
for rdata in resolver.query(domain, "TXT"):
parsed = self._parse_spf(rdata.to_text())
ranges += parsed["ranges"]
for include in parsed["include"]:
ranges += self._query_spf(resolver, include)
return ranges
def get_list(self, domain: str) -> List[Union[IPv4Network, IPv6Network]]:
resolver = Resolver()
return self._query_spf(resolver, domain)
if __name__ == '__main__':
spf = Spf()
print()
warninglist = {
'name': "List of known Gmail sending IP ranges",
'version': get_version(),
'description': "List of known Gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)",
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'type': 'cidr',
'list': [str(range) for range in spf.get_list("_spf.google.com")],
}
write_to_file(warninglist, "google-gmail-sending-ips")

53
tools/generate-microsoft-azure.py
View File

@ -15,13 +15,11 @@ def get_json_url(page):
return retry_links[0].get('href')
def process(file, dst):
def process(file, dst, name: str, description: str):
warninglist = {
'name': 'List of known Microsoft Azure Datacenter IP Ranges',
'name': name,
'version': get_version(),
'description': 'Microsoft Azure Datacenter IP Ranges',
'list': [],
'description': description,
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'type': 'cidr'
}
@ -29,17 +27,48 @@ def process(file, dst):
with open(get_abspath_source_file(file), 'r') as json_file:
ms_azure_ip_list = json.load(json_file)
values = []
for value in ms_azure_ip_list['values']:
warninglist['list'] += value['properties']['addressPrefixes']
values += value['properties']['addressPrefixes']
warninglist['list'] = values
write_to_file(warninglist, dst)
if __name__ == '__main__':
ms_azure_url = 'https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519'
ms_azure_file = 'ms-azure.json'
ms_azure_dst = 'microsoft-azure'
TYPES = [
{
"name": "List of known Microsoft Azure Datacenter IP Ranges",
"description": "Microsoft Azure Datacenter IP Ranges",
"url": "https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519",
"file": "ms-azure.json",
"destination_folder": "microsoft-azure",
},
{
"name": "List of known Microsoft Azure US Government Cloud Datacenter IP Ranges",
"description": "Microsoft Azure US Government Cloud Datacenter IP Ranges",
"url": "https://www.microsoft.com/en-us/download/confirmation.aspx?id=57063",
"file": "ms-azure-us-gov.json",
"destination_folder": "microsoft-azure-us-gov",
},
{
"name": "List of known Microsoft Azure Germany Datacenter IP Ranges",
"description": "Microsoft Azure Germany Datacenter IP Ranges",
"url": "https://www.microsoft.com/en-us/download/confirmation.aspx?id=57064",
"file": "ms-azure-germany.json",
"destination_folder": "microsoft-azure-germany",
},
{
"name": "List of known Microsoft Azure China Datacenter IP Ranges",
"description": "Microsoft Azure China Datacenter IP Ranges",
"url": "https://www.microsoft.com/en-us/download/confirmation.aspx?id=57062",
"file": "ms-azure-china.json",
"destination_folder": "microsoft-azure-china",
}
]
ms_azure_json_url = get_json_url(download(ms_azure_url))
download_to_file(ms_azure_json_url, ms_azure_file)
process(ms_azure_file, ms_azure_dst)
for type in TYPES:
ms_azure_json_url = get_json_url(download(type["url"]))
download_to_file(ms_azure_json_url, type["file"])
process(type["file"], type["destination_folder"], type["name"], type["description"])

4
tools/generate-publicdns.py
View File

@ -26,7 +26,7 @@ def process(file):
publicdns_ipv4_warninglist = {
'description': 'Event contains one or more public IPv4 DNS resolvers as attribute with an IDS flag set',
'name': 'List of known IPv4 public DNS resolvers',
'type': 'string',
'type': 'cidr',
'matching_attributes': ['ip-src', 'ip-dst', 'domain|ip']
}
generate(lipv4, publicdns_ipv4_warninglist, publicdns_ipv4_dst)
@ -36,7 +36,7 @@ def process(file):
publicdns_ipv6_warninglist = {
'description': 'Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set',
'name': 'List of known IPv6 public DNS resolvers',
'type': 'string',
'type': 'cidr',
'matching_attributes': ['ip-src', 'ip-dst', 'domain|ip']
}
generate(lipv6, publicdns_ipv6_warninglist, publicdns_ipv6_dst)

27
tools/generate-second-level-tlds.py Executable file
View File

@ -0,0 +1,27 @@
#!/usr/bin/env python3
from generator import download, get_version, write_to_file
if __name__ == '__main__':
source_url = 'https://publicsuffix.org/list/public_suffix_list.dat'
destination_folder = 'second-level-tlds'
data = download(source_url).text
lines = data.split("\n")
# Filter out comments
domains = [line.strip() for line in lines if len(line) != 0 and not line.startswith('//')]
# Convert IDN domain to xn-- format
domains = [domain.encode('idna').decode('utf-8') for domain in domains]
# Filter out invalid domains
domains = [domain.lstrip('*.') for domain in domains if not domain.startswith('!')]
warninglist = {
'name': 'Second level TLDs as known by Mozilla Foundation',
'description': 'Event contains one or more second level TLDs as attribute with an IDS flag set.',
'matching_attributes': ['hostname', 'domain', 'domain|ip'],
'type': 'string',
'version': get_version(),
'list': domains,
}
write_to_file(warninglist, destination_folder)

2
tools/generate_moz-top500.py
View File

@ -10,7 +10,7 @@ from generator import download_to_file, get_version, write_to_file, get_abspath_
def process(files, dst):
warninglist = {
'description': "Event contains one or more entries from the top 500 of the most used domains (Mozilla).",
'description': "Event contains one or more entries from the top 500 of the most used domains from Moz.",
'version': get_version(),
'name': "Top 500 domains and pages from https://moz.com/top500",
'type': 'string',

2
tools/generate_mozilla_certificates.py
View File

@ -53,4 +53,4 @@ if __name__ == '__main__':
process(Included_CA_file, Included_CA_dst, 'trusted CA certificates')
download_to_file(CA_known_intermediate_url, CA_known_intermediate_file)
process(CA_known_intermediate_file, CA_known_intermediate_dst,
'known intermedicate of trusted certificates')
'known intermediate of trusted certificates')

2
tools/generator.py
View File

@ -132,7 +132,7 @@ def write_to_file(warninglist, dst):
get_abspath_list_file(dst)))
except Exception as exc:
logging.error(
'{} General exception occured: {}.'.format(caller, str(exc)))
'{} General exception occurred: {}.'.format(caller, str(exc)))
def main():