wdes/security
1
0
Fork 0
Code Actions Packages Releases Activity

Implement shadowserver.org

Browse Source
This commit is contained in:
William Desportes
2024-10-10 10:30:01 +02:00
parent 1783fe5c93
commit 8acf084467
4 changed files with 16 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
.gitea/workflows/build-lists.yml
View File

@ -11,79 +11,6 @@ on:
- cron: "30 0 */5 * *"
jobs:
build-scanners-list:
name: Build scanners list
environment:
name: sudo-bot
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
type: ["stretchoid", "binaryedge"]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Cache cargo binaries
uses: actions/cache@v4
id: cache-dns-ptr-resolver
with:
path: ~/.cargo/bin/dns-ptr-resolver
key: ${{ runner.os }}-cargo-bin-dns-ptr-resolver-1.1.0
- name: Set up toolchain
if: steps.cache-dns-ptr-resolver.outputs.cache-hit != 'true'
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: 1.67
override: true
- name: Install dns-ptr-resolver
if: steps.cache-dns-ptr-resolver.outputs.cache-hit != 'true'
run: cargo install dns-ptr-resolver@1.1.0
- name: Build the ${{ matrix.type }} list
run: ./make-${{ matrix.type }}.sh
- name: Post the summary
run: |
git add -A
printf '### Diff\n```diff\n%s\n```\n' "$(git diff --staged)" >> $GITHUB_STEP_SUMMARY
- name: Extract secrets
run: |
printf '%s' "${{ secrets.GH_APP_JWT_PRIV_PEM_CONTENTS }}" > ${HOME}/.secret_jwt.pem
printf '%s' "${{ secrets.GPG_PRIVATE_KEY }}" > ${HOME}/.private-key.asc
- uses: actions/setup-node@v4
with:
node-version: 18
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- name: yarn cache
uses: actions/cache@v4
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install sudo-bot
run: yarn global add sudo-bot
- name: Run sudo-bot
run: |
sudo-bot --verbose \
--jwt-file="${HOME}/.secret_jwt.pem" \
--gh-app-id='17453' \
--installation-id="${{ secrets.INSTALLATION_ID }}" \
--repository-slug='wdes/security' \
--target-branch='main' \
--assign='williamdes' \
--commit-author-email='sudo-bot@wdes.fr' \
--commit-author-name='Sudo Bot' \
--gpg-private-key-file="${HOME}/.private-key.asc" \
--template="$GITHUB_WORKSPACE/.github/sudo-bot-template.js" \
--gpg-private-key-passphrase="${{ secrets.GPG_PASSPHRASE }}"
- name: Purge secrets
if: always()
run: |
rm -v ${HOME}/.secret_jwt.pem
rm -v ${HOME}/.private-key.asc
build-aws-cloudfront:
runs-on: ubuntu-latest
steps:

1
README.md
View File

@ -6,6 +6,7 @@
- `https://security.wdes.eu/scanners/stretchoid.txt` (List of all known stretchoid IPs)
- `https://security.wdes.eu/scanners/binaryedge.txt` (List of all known binaryedge IPs)
- `https://security.wdes.eu/scanners/shadowserver.txt` (List of all known shadowserver IPs)
- `https://security.wdes.eu/scanners/censys.txt` (List of all IPs declared by censys scanner on their [FAQ](https://support.censys.io/hc/en-us/articles/360043177092-Opt-Out-of-Data-Collection)
- `https://security.wdes.eu/scanners/internet-measurement.com.txt` (List of all IPs declared by internet-measurement.com on [their website](https://internet-measurement.com/#ips))

8
snow-scanner/src/main.rs
View File

@ -118,8 +118,10 @@ impl FromParam<'_> for Scanners {
match param {
"stretchoid" => Ok(Scanners::Stretchoid),
"binaryedge" => Ok(Scanners::Binaryedge),
"shadowserver" => Ok(Scanners::Shadowserver),
"stretchoid.txt" => Ok(Scanners::Stretchoid),
"binaryedge.txt" => Ok(Scanners::Binaryedge),
"shadowserver.txt" => Ok(Scanners::Shadowserver),
"censys.txt" => Ok(Scanners::Censys),
"internet-measurement.com.txt" => Ok(Scanners::InternetMeasurement),
v => Err(format!("Unknown value: {v}")),
@ -137,8 +139,10 @@ impl<'de> Deserialize<'de> for Scanners {
match k {
"stretchoid" => Ok(Scanners::Stretchoid),
"binaryedge" => Ok(Scanners::Binaryedge),
"shadowserver" => Ok(Scanners::Shadowserver),
"stretchoid.txt" => Ok(Scanners::Stretchoid),
"binaryedge.txt" => Ok(Scanners::Binaryedge),
"shadowserver.txt" => Ok(Scanners::Shadowserver),
"censys.txt" => Ok(Scanners::Censys),
"internet-measurement.com.txt" => Ok(Scanners::InternetMeasurement),
v => Err(serde::de::Error::custom(format!(
@ -159,6 +163,7 @@ impl fmt::Display for Scanners {
Self::Binaryedge => "binaryedge",
Self::Censys => "censys",
Self::InternetMeasurement => "internet-measurement.com",
Self::Shadowserver => "shadowserver.txt",
}
)
}
@ -171,6 +176,7 @@ impl serialize::ToSql<Text, Mysql> for Scanners {
Self::Binaryedge => out.write_all(b"binaryedge")?,
Self::Censys => out.write_all(b"censys")?,
Self::InternetMeasurement => out.write_all(b"internet-measurement.com")?,
Self::Shadowserver => out.write_all(b"shadowserver.txt")?,
};
Ok(IsNull::No)
@ -441,7 +447,7 @@ async fn handle_list_scanners(
path.push(static_data_dir);
path.push("scanners");
path.push(match scanner_name {
Scanners::Stretchoid | Scanners::Binaryedge => panic!("This should not happen"),
Scanners::Stretchoid | Scanners::Binaryedge | Scanners::Shadowserver => panic!("This should not happen"),
Scanners::Censys => "censys.txt".to_string(),
Scanners::InternetMeasurement => "internet-measurement.com.txt".to_string(),
});

8
snow-scanner/src/worker/detection.rs
View File

@ -14,6 +14,7 @@ use crate::worker::ip_addr::is_global_hardcoded;
pub enum Scanners {
Stretchoid,
Binaryedge,
Shadowserver,
Censys,
InternetMeasurement,
}
@ -66,6 +67,13 @@ pub fn detect_scanner_from_name(name: &Name) -> Result<Option<Scanners>, ()> {
{
Ok(Some(Scanners::Stretchoid))
}
ref name
if name
.trim_to(2)
.eq_case(&Name::from_str("shadowserver.org.").expect("Should parse")) =>
{
Ok(Some(Scanners::Shadowserver))
}
&_ => Ok(None),
}
}