From c9320d8ca921449ed4d5d624de670d1074b511d3 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 10 Jun 2021 16:25:13 +0200 Subject: [PATCH] new: [google-gmail-sending-ips] Add generator and update to latest version --- generate_all.sh | 1 + lists/google-gmail-sending-ips/list.json | 20 ++++++--- tools/generate-google-gmail-sending-ips.py | 48 ++++++++++++++++++++++ 3 files changed, 63 insertions(+), 6 deletions(-) create mode 100644 tools/generate-google-gmail-sending-ips.py diff --git a/generate_all.sh b/generate_all.sh index 836a945..5d83b6e 100755 --- a/generate_all.sh +++ b/generate_all.sh @@ -31,6 +31,7 @@ python3 generate-vpn.py python3 generate-wikimedia.py python3 genetate-second-level-tlds.py python3 generate-google-gcp.py +python3 generate-google-gmail-sending-ips.py popd ./jq_all_the_things.sh diff --git a/lists/google-gmail-sending-ips/list.json b/lists/google-gmail-sending-ips/list.json index af47d9a..98abe51 100644 --- a/lists/google-gmail-sending-ips/list.json +++ b/lists/google-gmail-sending-ips/list.json @@ -1,11 +1,18 @@ { - "description": "List of known gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)", + "description": "List of known Gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)", "list": [ "108.177.8.0/21", + "108.177.96.0/19", + "130.211.0.0/22", "172.217.0.0/19", + "172.217.128.0/19", + "172.217.160.0/20", + "172.217.192.0/19", + "172.217.32.0/20", + "172.253.112.0/20", + "172.253.56.0/21", "173.194.0.0/16", "2001:4860:4000::/36", - "207.126.144.0/20", "209.85.128.0/17", "216.239.32.0/19", "216.58.192.0/19", @@ -14,7 +21,8 @@ "2800:3f0:4000::/36", "2a00:1450:4000::/36", "2c0f:fb50:4000::/36", - "64.18.0.0/20", + "35.190.247.0/24", + "35.191.0.0/16", "64.233.160.0/19", "66.102.0.0/20", "66.249.80.0/20", @@ -22,11 +30,11 @@ "74.125.0.0/16" ], "matching_attributes": [ - "ip-dst", "ip-src", + "ip-dst", "domain|ip" ], - "name": "List of known gmail sending IP ranges", + "name": "List of known Gmail sending IP ranges", "type": "cidr", - "version": 20190809 + "version": 20210610 } diff --git a/tools/generate-google-gmail-sending-ips.py b/tools/generate-google-gmail-sending-ips.py new file mode 100644 index 0000000..46778d8 --- /dev/null +++ b/tools/generate-google-gmail-sending-ips.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +from ipaddress import ip_network, IPv4Network, IPv6Network +from dns.resolver import Resolver +from typing import List, Union +from generator import get_version, write_to_file + + +class Spf: + def _parse_spf(self, spf: str) -> dict: + output = {"include": [], "ranges": []} + for part in spf.split(" "): + if part.startswith("include:"): + output["include"].append(part.split(":", 1)[1]) + elif part.startswith("ip4:") or part.startswith("ip6:"): + output["ranges"].append(ip_network(part.split(":", 1)[1])) + return output + + def _query_spf(self, resolver: Resolver, domain: str) -> List[Union[IPv4Network, IPv6Network]]: + ranges = [] + for rdata in resolver.query(domain, "TXT"): + parsed = self._parse_spf(rdata.to_text()) + ranges += parsed["ranges"] + + for include in parsed["include"]: + ranges += self._query_spf(resolver, include) + + return ranges + + def get_list(self, domain: str) -> List[Union[IPv4Network, IPv6Network]]: + resolver = Resolver() + return self._query_spf(resolver, domain) + + +if __name__ == '__main__': + spf = Spf() + print() + + warninglist = { + 'name': "List of known Gmail sending IP ranges", + 'version': get_version(), + 'description': "List of known Gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)", + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"], + 'type': 'cidr', + 'list': [str(range) for range in spf.get_list("_spf.google.com")], + } + + write_to_file(warninglist, "google-gmail-sending-ips")