def process(file, dst, name: str, description: str):
warninglist = {
'name': name,
'version': get_version(),
'description': description,
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'type': 'cidr'
}
with open(get_abspath_source_file(file), 'r') as json_file:
ms_azure_ip_list = json.load(json_file)
values = []
for value in ms_azure_ip_list['values']:
values += value['properties']['addressPrefixes']
warninglist['list'] = consolidate_networks(values)
write_to_file(warninglist, dst)
def process(file, dst):
with open(get_abspath_source_file(file), 'r') as json_file:
amazon_aws_ip_list = json.load(json_file)
l = []
for prefix in amazon_aws_ip_list['prefixes']:
l.append(prefix['ip_prefix'])
for prefix in amazon_aws_ip_list['ipv6_prefixes']:
l.append(prefix['ipv6_prefix'])
warninglist = {
'name': 'List of known Amazon AWS IP address ranges',
'version': get_version(),
'description':
'Amazon AWS IP address ranges (https://ip-ranges.amazonaws.com/ip-ranges.json)',
'type': 'cidr',
'list': consolidate_networks(l),
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
}
write_to_file(warninglist, dst)
def process(url):
lurls, lips = get_lists(url)
# URLs of services
office365_urls_dst = 'microsoft-office365'
office365_urls_warninglist = {
'name': 'List of known Office 365 URLs',
'description': 'Office 365 URLs and IP address ranges',
'type': 'string',
'matching_attributes': ["domain", "domain|ip", "hostname"]
}
generate(lurls, office365_urls_dst, office365_urls_warninglist)
# IPs of services
office365_ips_dst = 'microsoft-office365-ip'
office365_ips_warninglist = {
'name': 'List of known Office 365 IP address ranges',
'description': 'Office 365 IP address ranges',
'type': 'cidr',
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
}
generate(consolidate_networks(lips), office365_ips_dst, office365_ips_warninglist)
networks = set()
asn_to_fetch = []
for asn in search_result["data"]["asns"]:
if is_akamai(asn):
asn_to_fetch.append(asn["asn"])
for prefix in search_result["data"]["ipv4_prefixes"]:
if is_akamai(prefix):
networks.add(prefix["prefix"])
for prefix in search_result["data"]["ipv6_prefixes"]:
if is_akamai(prefix):
networks.add(prefix["prefix"])
for asn in asn_to_fetch:
try:
networks.update(get_networks_for_asn(asn))
except Exception as e:
print(str(e))
warninglist = {
'name': 'List of known Akamai IP ranges',
'version': get_version(),
'description': 'Akamai IP ranges from BGP search',
'type': 'cidr',
'list': consolidate_networks(networks),
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
}
write_to_file(warninglist, "akamai")
if __name__ == '__main__':
dns = Dns(create_resolver())
spf_ranges = []
p = multiprocessing.dummy.Pool(40)
for domain_ranges in p.map(lambda d: dns.get_ip_ranges_from_spf(d), domains):
spf_ranges.extend(domain_ranges)
warninglist = {
'name': "List of known SMTP sending IP ranges",
'version': get_version(),
'description': "List of IP ranges for known SMTP servers.",
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'type': 'cidr',
'list': consolidate_networks(spf_ranges),
}
write_to_file(warninglist, "smtp-sending-ips")
mx_ips = []
for domain_ranges in p.map(lambda d: dns.get_mx_ips_for_domain(d), domains):
mx_ips.extend(domain_ranges)
warninglist = {
'name': "List of known SMTP receiving IP addresses",
'version': get_version(),
'description': "List of IP addresses for known SMTP servers.",
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'type': 'cidr',
'list': map(str, mx_ips),
}
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from generator import get_version, write_to_file, Dns, consolidate_networks, create_resolver
if __name__ == '__main__':
spf = Dns(create_resolver())
warninglist = {
'name': "List of known Gmail sending IP ranges",
'version': get_version(),
'description':
"List of known Gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)",
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'type': 'cidr',
'list': consolidate_networks(spf.get_ip_ranges_from_spf("gmail.com")),
}
write_to_file(warninglist, "google-gmail-sending-ips")
lurls = []
lips = []
for service in service_list:
for url in service.get('urls', []):
if url.find(".*.") == -1:
lurls.append(url.replace('*.', '').replace('*-', '').replace('*', ''))
else:
lurls.append(url.rsplit('.*.',1)[1])
for ip in service.get('ips', []):
lips.append(ip)
return lurls, lips
if __name__ == '__main__':
# For more info see https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service?view=o365-worldwide
office365_url = 'https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7'
process(office365_url)
office365_url_china = 'https://endpoints.office.com/endpoints/China?ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7'
_, lips = get_lists(office365_url_china)
warninglist = {
'name': 'List of known Office 365 IP address ranges in China',
'description': 'Office 365 IP address ranges in China',
'type': 'cidr',
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"]
}
generate(consolidate_networks(lips), "microsoft-office365-cn", warninglist)