MISP
/
misp-warninglists
mirror of https://github.com/MISP/misp-warninglists
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #270 from Wachizungu/add-ip-port-to-cidr 

chg: Add ip-src|dst and ip-dst|port as matching attr types to cidr lists
main
Alexandre Dulaunoy 2024-04-22 09:27:08 +02:00 committed by GitHub
parent fcbcf65795 e48c2539c2
commit fa799e235d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
50 changed files with 155 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lists/akamai/list.json
View File

@ -273,9 +273,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Akamai IP ranges",
"type": "cidr",
"version": 20210613
"version": 20240422
}

6
lists/amazon-aws/list.json
View File

@ -2669,9 +2669,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Amazon AWS IP address ranges",
"type": "cidr",
"version": 20240418
"version": 20240422
}

6
lists/apple/list.json
View File

@ -6,9 +6,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Apple IP ranges",
"type": "cidr",
"version": 20210610
"version": 20240422
}

8
lists/cloudflare/list.json
View File

@ -25,11 +25,13 @@
"2c0f:f248::/32"
],
"matching_attributes": [
"ip-dst",
"ip-src",
"domain|ip"
"ip-dst",
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Cloudflare IP ranges",
"type": "cidr",
"version": 20240418
"version": 20240422
}

6
lists/crl-ip/list.json
View File

@ -260,9 +260,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "CRL and OCSP IP addresses",
"type": "cidr",
"version": 20240418
"version": 20240422
}

6
lists/fastly/list.json
View File

@ -24,9 +24,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Fastly IP address ranges",
"type": "cidr",
"version": 20201106
"version": 20240422
}

6
lists/google-gcp/list.json
View File

@ -304,9 +304,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known GCP (Google Cloud Platform) IP address ranges",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/google-gmail-sending-ips/list.json
View File

@ -32,9 +32,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Gmail sending IP ranges",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/googlebot/list.json
View File

@ -71,9 +71,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Googlebot IP ranges (https://developers.google.com/search/apis/ipranges/googlebot.json)",
"type": "cidr",
"version": 20240405
"version": 20240402
}

6
lists/microsoft-azure-china/list.json
View File

@ -205,9 +205,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Microsoft Azure China Datacenter IP Ranges",
"type": "cidr",
"version": 20240418
"version": 20240422
}

6
lists/microsoft-azure-germany/list.json
View File

@ -41,9 +41,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Microsoft Azure Germany Datacenter IP Ranges",
"type": "cidr",
"version": 20240418
"version": 20240422
}

6
lists/microsoft-azure-us-gov/list.json
View File

@ -181,9 +181,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Microsoft Azure US Government Cloud Datacenter IP Ranges",
"type": "cidr",
"version": 20240418
"version": 20240422
}

6
lists/microsoft-azure/list.json
View File

@ -2416,9 +2416,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Microsoft Azure Datacenter IP Ranges",
"type": "cidr",
"version": 20240418
"version": 20240422
}

6
lists/microsoft-office365-cn/list.json
View File

@ -78,9 +78,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Office 365 IP address ranges in China",
"type": "cidr",
"version": 20240418
"version": 20240422
}

6
lists/microsoft-office365-ip/list.json
View File

@ -89,9 +89,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Office 365 IP address ranges",
"type": "cidr",
"version": 20240418
"version": 20240422
}

6
lists/multicast/list.json
View File

@ -21,9 +21,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of RFC 5771 multicast CIDR blocks",
"type": "cidr",
"version": 3
"version": 4
}

6
lists/openai-gptbot/list.json
View File

@ -7,9 +7,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known IP address ranges for OpenAI GPT crawler bot",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/ovh-cluster/list.json
View File

@ -436,9 +436,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Ovh Cluster IP",
"type": "cidr",
"version": 20180222
"version": 20240422
}

8
lists/parking-domain/list.json
View File

@ -105,11 +105,13 @@
"99.83.154.118/32"
],
"matching_attributes": [
"domain|ip",
"ip-src",
"ip-dst",
"ip-src"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "Parking domains",
"type": "cidr",
"version": 20221024
"version": 20240422
}

6
lists/public-dns-v4/list.json
View File

@ -62745,9 +62745,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known IPv4 public DNS resolvers",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/public-dns-v6/list.json
View File

@ -267,9 +267,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known IPv6 public DNS resolvers",
"type": "cidr",
"version": 20240405
"version": 20240422
}

7
lists/sinkholes/list.json
View File

@ -111,9 +111,12 @@
],
"matching_attributes": [
"ip-src",
"ip-dst"
"ip-dst",
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known sinkholes",
"type": "cidr",
"version": 1
"version": 2
}

6
lists/smtp-receiving-ips/list.json
View File

@ -261,9 +261,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known SMTP receiving IP addresses",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/smtp-sending-ips/list.json
View File

@ -926,9 +926,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known SMTP sending IP ranges",
"type": "cidr",
"version": 20240405
"version": 20240422
}

8
lists/stackpath/list.json
View File

@ -250,11 +250,13 @@
"98.190.94.128/25"
],
"matching_attributes": [
"ip-dst",
"ip-src",
"domain|ip"
"ip-dst",
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Stackpath CDN IP ranges",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/tenable-cloud-ipv4/list.json
View File

@ -44,9 +44,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Tenable Cloud Sensors IPv4",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/tenable-cloud-ipv6/list.json
View File

@ -22,9 +22,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Tenable Cloud Sensors IPv6",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/umbrella-blockpage-v4/list.json
View File

@ -11,9 +11,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "cisco-umbrella-blockpage-ipv4",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/umbrella-blockpage-v6/list.json
View File

@ -11,9 +11,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "cisco-umbrella-blockpage-ipv6",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/vpn-ipv4/list.json
View File

@ -24048,9 +24048,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "Specialized list of vpn-ipv4 addresses belonging to common VPN providers and datacenters",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/vpn-ipv6/list.json
View File

@ -1255,9 +1255,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "Specialized list of IPv6 addresses belonging to common VPN providers and datacenters",
"type": "cidr",
"version": 20220324
"version": 20240422
}

6
lists/wikimedia/list.json
View File

@ -67,9 +67,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Wikimedia address ranges",
"type": "cidr",
"version": 20240405
"version": 20240422
}

6
lists/zscaler/list.json
View File

@ -71,9 +71,11 @@
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
"domain|ip",
"ip-src|port",
"ip-dst|port"
],
"name": "List of known Zscaler IP address ranges",
"type": "cidr",
"version": 20230810
"version": 20240422
}

2
tools/generate-akamai.py
View File

@ -72,7 +72,7 @@ if __name__ == '__main__':
'description': 'Akamai IP ranges from BGP search',
'type': 'cidr',
'list': consolidate_networks(networks),
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
write_to_file(warninglist, "akamai")

2
tools/generate-amazon-aws.py
View File

@ -23,7 +23,7 @@ def process(file, dst):
'description': 'Amazon AWS IP address ranges (https://ip-ranges.amazonaws.com/ip-ranges.json)',
'type': 'cidr',
'list': consolidate_networks(l),
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
write_to_file(warninglist, dst)

2
tools/generate-check-host-net.py
View File

@ -20,7 +20,7 @@ def process(file, dst):
'description': 'check-host IP addresses (https://check-host.net/nodes/ips)',
'type': 'cidr',
'list': consolidate_networks(l),
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
write_to_file(warninglist, dst)

2
tools/generate-cloudflare.py
View File

@ -11,7 +11,7 @@ def process(files, dst):
'description': "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)",
'type': "cidr",
'list': [],
'matching_attributes': ["ip-dst", "ip-src", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
for file in files:

2
tools/generate-crl-ip-domains.py
View File

@ -99,7 +99,7 @@ def process(file):
'version': get_version(),
'description': 'IP addresses that belongs to CRL or OCSP',
'list': get_ips_from_domains(crl_ocsp_domains),
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"],
'type': 'cidr',
}
write_to_file(warninglist, "crl-ip")

2
tools/generate-google-bot.py
View File

@ -15,7 +15,7 @@ if __name__ == '__main__':
'name': 'List of known Googlebot IP ranges (https://developers.google.com/search/apis/ipranges/googlebot.json)',
'version': get_version(),
'description': "Google Bot IP address ranges (https://developers.google.com/search/apis/ipranges/googlebot.json)",
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"],
'type': 'cidr',
'list': consolidate_networks(ranges),
}

2
tools/generate-google-gcp.py
View File

@ -15,7 +15,7 @@ if __name__ == '__main__':
'name': "List of known GCP (Google Cloud Platform) IP address ranges",
'version': get_version(),
'description': "GCP (Google Cloud Platform) IP address ranges (https://www.gstatic.com/ipranges/cloud.json)",
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"],
'type': 'cidr',
'list': consolidate_networks(ranges),
}

2
tools/generate-google-gmail-sending-ips.py
View File

@ -9,7 +9,7 @@ if __name__ == '__main__':
'name': "List of known Gmail sending IP ranges",
'version': get_version(),
'description': "List of known Gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)",
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"],
'type': 'cidr',
'list': consolidate_networks(spf.get_ip_ranges_from_spf("gmail.com")),
}

2
tools/generate-gptbot.py
View File

@ -19,7 +19,7 @@ def process(file, dst):
'description': 'OpenAI gptbot crawler (https://openai.com/gptbot-ranges.txt)',
'type': 'cidr',
'list': consolidate_networks(l),
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
write_to_file(warninglist, dst)

2
tools/generate-microsoft-azure.py
View File

@ -20,7 +20,7 @@ def process(file, dst, name: str, description: str):
'name': name,
'version': get_version(),
'description': description,
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"],
'type': 'cidr'
}

4
tools/generate-office365.py
View File

@ -23,7 +23,7 @@ def process(url):
'name': 'List of known Office 365 IP address ranges',
'description': 'Office 365 IP address ranges',
'type': 'cidr',
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
generate(consolidate_networks(lips), office365_ips_dst, office365_ips_warninglist)
@ -65,6 +65,6 @@ if __name__ == '__main__':
'name': 'List of known Office 365 IP address ranges in China',
'description': 'Office 365 IP address ranges in China',
'type': 'cidr',
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
generate(consolidate_networks(lips), "microsoft-office365-cn", warninglist)

4
tools/generate-smtp.py
View File

@ -79,7 +79,7 @@ if __name__ == '__main__':
'name': "List of known SMTP sending IP ranges",
'version': get_version(),
'description': "List of IP ranges for known SMTP servers.",
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"],
'type': 'cidr',
'list': consolidate_networks(spf_ranges),
}
@ -93,7 +93,7 @@ if __name__ == '__main__':
'name': "List of known SMTP receiving IP addresses",
'version': get_version(),
'description': "List of IP addresses for known SMTP servers.",
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"],
'type': 'cidr',
'list': map(str, mx_ips),
}

2
tools/generate-stackpath.py
View File

@ -74,7 +74,7 @@ def process(files, dst):
'description': "List of known Stackpath (Highwinds) CDN IP ranges (https://support.stackpath.com/hc/en-us/articles/360001091666-Whitelist-CDN-WAF-IP-Blocks)",
'type': "cidr",
'list': [],
'matching_attributes': ["ip-dst", "ip-src", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
for file in files:

2
tools/generate-tenable.py
View File

@ -10,7 +10,7 @@ def process(file, dst, name: str, description: str, prefixlist: str, prefixitem:
'name': name,
'version': get_version(),
'description': description,
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"],
'type': 'cidr'
}

2
tools/generate-vpn.py
View File

@ -11,7 +11,7 @@ def process(url, dst):
'description': 'Specialized list of {} addresses belonging to common VPN providers and datacenters'.format(dst),
'list': consolidate_networks(process_stream(url)),
'type': 'cidr',
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
write_to_file(warninglist, dst)

2
tools/generate-wikimedia.py
View File

@ -15,7 +15,7 @@ def process(url, dst):
'description': 'Wikimedia address ranges (http://noc.wikimedia.org/conf/reverse-proxy.php.txt)',
'type': 'cidr',
'list': [],
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
matched = re.findall(

2
tools/generate-zscaler.py
View File

@ -20,7 +20,7 @@ def process(file, dst):
'description': 'Zscaler IP address ranges (https://config.zscaler.com/api/zscaler.net/hubs/cidr/json/required)',
'type': 'cidr',
'list': consolidate_networks(l),
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"]
}
write_to_file(warninglist, dst)