Merge pull request #112 from elhoim/master

Three new warning lists
2019-07-24 18:07:18 +02:00 · 2019-07-24 18:07:18 +02:00 · f418427ae0
parent 7e240da00c 93efc3240f
commit f418427ae0
5 changed files with 144 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -15,12 +15,15 @@ are available in one of the list. The list can be globally enabled or disabled i
 - [lists/automated-malware-analysis](lists/automated-malware-analysis) - known domains used by automated malware analysis services
 - [lists/bank-website](lists/bank-website) - List of known banking website
 - [lists/cisco_top1000](lists/cisco_top1000) - Cisco (Umbrella) top 1000 websites
+- [lists/cloudflare](lists/cloudflare) - known IP ranges published by Cloudflare
 - [lists/common-ioc-false-positive](lists/common-ioc-false-positive) - common false-positives in IOCs
 - [lists/crl](lists/crl-ip-hostname) - Source IP addresses, hostname and url from CRL (certificate revocation list)
 - [lists/eicar.com](lists/eicar.com) - hashes for EICAR test virus
 - [lists/disposable-email](lists/disposable-email) - List of disposable email domains
 - [lists/empty-hashes](lists/empty-hashes) - hash values of empty files
 - [lists/google](lists/google) - known domains and hostnames from Google
+- [lists/googlebot](lists/googlebot) - known IP ranges for googlebot crawler
+- [lists/google-gmail-sending-ips](lists/google-gmail-sending-ips) - known IP ranges use by Google gmail mail sending
 - [lists/ipv6-linklocal](lists/ipv6-linklocal) - IPv6 link local prefix
 - [lists/microsoft](lists/microsoft) - known Microsoft domains
 - [lists/microsoft-azure](lists/microsoft-azure) - known Microsoft Azure Datacenter IP Ranges
--- a/lists/cloudflare/list.json
+++ b/lists/cloudflare/list.json
@ -0,0 +1,34 @@
+{
+  "list": [
+    "198.41.128.0/17",
+    "131.0.72.0/22",
+    "104.16.0.0/12",
+    "103.21.244.0/22",
+    "197.234.240.0/22",
+    "173.245.48.0/20",
+    "188.114.96.0/20",
+    "108.162.192.0/18",
+    "141.101.64.0/18",
+    "162.158.0.0/15",
+    "2400:cb00::/32",
+    "2803:f800::/32",
+    "103.22.200.0/22",
+    "2a06:98c0::/29",
+    "2c0f:f248::/32",
+    "2405:8100::/32",
+    "2405:b500::/32",
+    "190.93.240.0/20",
+    "2606:4700::/32",
+    "103.31.4.0/22",
+    "172.64.0.0/13"
+  ],
+  "type": "cidr",
+  "matching_attributes": [
+    "ip-dst",
+    "ip-src",
+    "domain|ip"
+  ],
+  "name": "List of known Cloudflare IP ranges",
+  "version": 20190724,
+  "description": "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)"
+}
--- a/lists/google-gmail-sending-ips/list.json
+++ b/lists/google-gmail-sending-ips/list.json
@ -0,0 +1,32 @@
+{
+  "list": [
+    "64.18.0.0/20",
+    "64.233.160.0/19",
+    "66.102.0.0/20",
+    "66.249.80.0/20",
+    "72.14.192.0/18",
+    "74.125.0.0/16",
+    "108.177.8.0/21",
+    "172.217.0.0/19 ",
+    "173.194.0.0/16",
+    "207.126.144.0/20",
+    "209.85.128.0/17",
+    "216.58.192.0/19",
+    "216.239.32.0/19",
+    "2001:4860:4000::/36",
+    "2404:6800:4000::/36",
+    "2607:f8b0:4000::/36",
+    "2800:3f0:4000::/36",
+    "2a00:1450:4000::/36",
+    "2c0f:fb50:4000::/36"
+  ],
+  "type": "cidr",
+  "matching_attributes": [
+    "ip-dst",
+    "ip-src",
+    "domain|ip"
+  ],
+  "name": "List of known gmail sending IP ranges",
+  "version": 20190724,
+  "description": "List of known gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en )"
+}
--- a/lists/googlebot/list.json
+++ b/lists/googlebot/list.json
@ -0,0 +1,42 @@
+{
+  "list": [
+    "64.68.90.0/24",
+    "64.233.173.193/32",
+    "64.233.173.194/31",
+    "64.233.173.196/30",
+    "64.233.173.200/29",
+    "64.233.173.208/28",
+    "64.233.173.224/27",
+    "66.249.64.1/32",
+    "66.249.64.2/31",
+    "66.249.64.4/30",
+    "66.249.64.8/29",
+    "66.249.64.16/28",
+    "66.249.64.32/27",
+    "66.249.64.64/26",
+    "66.249.64.128/25",
+    "66.249.65.0/24",
+    "66.249.66.0/23",
+    "66.249.68.0/22",
+    "66.249.72.0/21",
+    "216.239.33.96/27",
+    "216.239.33.128/25",
+    "216.239.34.0/23",
+    "216.239.36.0/22",
+    "216.239.40.0/21",
+    "216.239.48.0/21",
+    "216.239.56.0/23",
+    "216.239.58.0/24",
+    "216.239.59.0/25",
+    "216.239.59.128/32"
+  ],
+  "type": "cidr",
+  "matching_attributes": [
+    "ip-dst",
+    "ip-src",
+    "domain|ip"
+  ],
+  "name": "List of known Googlebot IP ranges",
+  "version": 20190724,
+  "description": "List of known Googlebot IP ranges (https://www.lifewire.com/what-is-the-ip-address-of-google-818153 )"
+}
--- a/tools/generate-cloudflare.py
+++ b/tools/generate-cloudflare.py
@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+
+import json
+import os
+import requests
+import datetime
+import io
+
+base_url="https://www.cloudflare.com/"
+uri_list=['ips-v4','ips-v6']
+dict=dict()
+dict['list']=list()
+def source_read_and_add(input_file):
+	output_list=list()
+
+	for line in input_file.splitlines():
+		output_list.append(line)
+	return output_list
+
+
+for uri in uri_list:
+	url = base_url + uri
+	r=requests.get(url)
+	dict['list'] += source_read_and_add(r.text)
+
+dict['type'] = "cidr"
+dict['matching_attributes']=["ip-dst","ip-src","domain|ip"]
+dict['name']="List of known Cloudflare IP ranges"
+dict['version']= int(datetime.date.today().strftime('%Y%m%d'))
+dict['description']="List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)"
+dict['list']=list(set(dict['list']))
+
+print(json.dumps(dict))