mirror of
git://git.acid.vegas/massclude.git
synced 2024-12-26 16:26:39 +00:00
Added conf files, will be making this LIVE soon
This commit is contained in:
parent
e971e6a146
commit
0d16ff8599
15
LICENSE
Normal file
15
LICENSE
Normal file
@ -0,0 +1,15 @@
|
||||
ISC License
|
||||
|
||||
Copyright (c) 2023, acidvegas <acid.vegas@acid.vegas>
|
||||
|
||||
Permission to use, copy, modify, and/or distribute this software for any
|
||||
purpose with or without fee is hereby granted, provided that the above
|
||||
copyright notice and this permission notice appear in all copies.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
12
README.md
Normal file
12
README.md
Normal file
@ -0,0 +1,12 @@
|
||||
# massclude
|
||||
|
||||
## Information
|
||||
This is a simple script that will generate an exclude.conf file for masscan that contains a set of IP ranges that are pointless to scan. These include a private & reserved IP ranges, bogon IP ranges, and IP ranges that belong to root DNS servers, internet exchange points, & government agencies. This removes almost 1.5 billion ip addresses from the scan, thus making it much faster and raising less suspicion.
|
||||
|
||||
## Live Repository Updates
|
||||
This repository is hosted on a VPS that updates every 6 hours with the latest IP ranges to exclude.
|
||||
|
||||
___
|
||||
|
||||
###### Mirrors
|
||||
[acid.vegas](https://git.acid.vegas/massclude) • [GitHub](https://github.com/acidvegas/massclude) • [GitLab](https://gitlab.com/acidvegas/massclude) • [SuperNETs](https://git.supernets.org/acidvegas/massclude)
|
2275
exclude4.conf
Normal file
2275
exclude4.conf
Normal file
File diff suppressed because it is too large
Load Diff
141539
exclude6.conf
Normal file
141539
exclude6.conf
Normal file
File diff suppressed because it is too large
Load Diff
169
massclude.py
169
massclude.py
@ -1,16 +1,19 @@
|
||||
#!/usr/bin/env python3
|
||||
# Massclude - developed by acidvegas in python (https://git.acid.vegas/massclude)
|
||||
|
||||
import argparse
|
||||
import ipaddress
|
||||
import json
|
||||
import sys
|
||||
import time
|
||||
import urllib.request
|
||||
|
||||
def get_bogons(version):
|
||||
return urllib.request.urlopen(f'https://team-cymru.org/Services/Bogons/fullbogons-ipv{version}.txt').read().decode().split('\n')[2:]
|
||||
'''Returns a list of bogon IP addresses from Team Cymru.'''
|
||||
url = f'https://team-cymru.org/Services/Bogons/fullbogons-ipv{version}.txt'
|
||||
return urllib.request.urlopen(url).read().decode().split('\n')[2:]
|
||||
|
||||
def get_ixps(version):
|
||||
'''Returns a list of IXP IP addresses from CAIDA.'''
|
||||
latest = time.strftime('%Y%m')
|
||||
try:
|
||||
data = urllib.request.urlopen(f'https://publicdata.caida.org/datasets/ixps/ixs_{latest}.jsonl').read().decode()
|
||||
@ -25,83 +28,91 @@ def get_ixps(version):
|
||||
json_data = json.loads(json.dumps(objects))
|
||||
return [ip for item in json_data if item['prefixes']['ipv'+version] for ip in item['prefixes']['ipv'+version]]
|
||||
|
||||
donotscan = {
|
||||
'bogons' : {
|
||||
'4': get_bogons('4'),
|
||||
'6': get_bogons('6')
|
||||
},
|
||||
'dns_root_servers' : {
|
||||
'4': [
|
||||
'198.41.0.4', # a.root-servers.net Verisign, Inc.
|
||||
'199.9.14.201', # b.root-servers.net University of Southern California, Information Sciences Institute
|
||||
'192.33.4.12', # c.root-servers.net Cogent Communications
|
||||
'199.7.91.13', # d.root-servers.net University of Maryland
|
||||
'192.203.230.10', # e.root-servers.net NASA (Ames Research Center)
|
||||
'192.5.5.241', # f.root-servers.net Internet Systems Consortium, Inc.
|
||||
'192.112.36.4', # g.root-servers.net US Department of Defense (NIC)
|
||||
'198.97.190.53', # h.root-servers.net US Army (Research Lab)
|
||||
'192.36.148.17', # i.root-servers.net Netnod
|
||||
'192.58.128.30', # j.root-servers.net Verisign, Inc.
|
||||
'193.0.14.129', # k.root-servers.net RIPE NCC
|
||||
'199.7.83.42', # l.root-servers.net ICANN
|
||||
'202.12.27.33' # m.root-servers.net WIDE Project
|
||||
],
|
||||
'6': [
|
||||
'2001:503:ba3e::2:30', # a.root-servers.net Verisign, Inc.
|
||||
'2001:500:200::b', # b.root-servers.net University of Southern California, Information Sciences Institute
|
||||
'2001:500:2::c', # c.root-servers.net Cogent Communications
|
||||
'2001:500:2d::d', # d.root-servers.net University of Maryland
|
||||
'2001:500:a8::e', # e.root-servers.net NASA (Ames Research Center)
|
||||
'2001:500:2f::f', # f.root-servers.net Internet Systems Consortium, Inc.
|
||||
'2001:500:12::d0d', # g.root-servers.net US Department of Defense (NIC)
|
||||
'2001:500:1::53', # h.root-servers.net US Army (Research Lab)
|
||||
'2001:7fe::53', # i.root-servers.net Netnod
|
||||
'2001:503:c27::2:30', # j.root-servers.net Verisign, Inc.
|
||||
'2001:7fd::1', # k.root-servers.net RIPE NCC
|
||||
'2001:500:9f::42', # l.root-servers.net ICANN
|
||||
'2001:dc3::35' # m.root-servers.net WIDE Project
|
||||
def generate_list():
|
||||
return {
|
||||
'bogons' : {
|
||||
'4': sorted(get_bogons('4')),
|
||||
'6': sorted(get_bogons('6'))
|
||||
},
|
||||
'dns_root_servers' : {
|
||||
'4': [
|
||||
'198.41.0.4', # a.root-servers.net Verisign, Inc.
|
||||
'199.9.14.201', # b.root-servers.net University of Southern California, Information Sciences Institute
|
||||
'192.33.4.12', # c.root-servers.net Cogent Communications
|
||||
'199.7.91.13', # d.root-servers.net University of Maryland
|
||||
'192.203.230.10', # e.root-servers.net NASA (Ames Research Center)
|
||||
'192.5.5.241', # f.root-servers.net Internet Systems Consortium, Inc.
|
||||
'192.112.36.4', # g.root-servers.net US Department of Defense (NIC)
|
||||
'198.97.190.53', # h.root-servers.net US Army (Research Lab)
|
||||
'192.36.148.17', # i.root-servers.net Netnod
|
||||
'192.58.128.30', # j.root-servers.net Verisign, Inc.
|
||||
'193.0.14.129', # k.root-servers.net RIPE NCC
|
||||
'199.7.83.42', # l.root-servers.net ICANN
|
||||
'202.12.27.33' # m.root-servers.net WIDE Project
|
||||
],
|
||||
'6': [
|
||||
'2001:503:ba3e::2:30', # a.root-servers.net Verisign, Inc.
|
||||
'2001:500:200::b', # b.root-servers.net University of Southern California, Information Sciences Institute
|
||||
'2001:500:2::c', # c.root-servers.net Cogent Communications
|
||||
'2001:500:2d::d', # d.root-servers.net University of Maryland
|
||||
'2001:500:a8::e', # e.root-servers.net NASA (Ames Research Center)
|
||||
'2001:500:2f::f', # f.root-servers.net Internet Systems Consortium, Inc.
|
||||
'2001:500:12::d0d', # g.root-servers.net US Department of Defense (NIC)
|
||||
'2001:500:1::53', # h.root-servers.net US Army (Research Lab)
|
||||
'2001:7fe::53', # i.root-servers.net Netnod
|
||||
'2001:503:c27::2:30', # j.root-servers.net Verisign, Inc.
|
||||
'2001:7fd::1', # k.root-servers.net RIPE NCC
|
||||
'2001:500:9f::42', # l.root-servers.net ICANN
|
||||
'2001:dc3::35' # m.root-servers.net WIDE Project
|
||||
|
||||
]
|
||||
},
|
||||
'government': {
|
||||
'4': [
|
||||
'6.0.0.0/8', # Army Information Systems Center
|
||||
'7.0.0.0/8', # DoD Network Information Center
|
||||
'11.0.0.0/8', # DoD Intel Information Systems
|
||||
'21.0.0.0/8', # DDN-RVN
|
||||
'22.0.0.0/8', # Defense Information Systems Agency
|
||||
'26.0.0.0/8', # Defense Information Systems Agency
|
||||
'28.0.0.0/8', # DSI-North
|
||||
'29.0.0.0/8', # Defense Information Systems Agency
|
||||
'30.0.0.0/8', # Defense Information Systems Agency
|
||||
'33.0.0.0/8', # DLA Systems Automation Center
|
||||
'55.0.0.0/8', # DoD Network Information Center
|
||||
'205.0.0.0/8', # US-DOD
|
||||
'214.0.0.0/8', # US-DOD
|
||||
'215.0.0.0/8' # US-DOD
|
||||
]
|
||||
},
|
||||
'ixps' : {
|
||||
'4': get_ixps('4'),
|
||||
'6': get_ixps('6')
|
||||
]
|
||||
},
|
||||
'government': {
|
||||
'4': [
|
||||
'6.0.0.0/8', # Army Information Systems Center
|
||||
'7.0.0.0/8', # DoD Network Information Center
|
||||
'11.0.0.0/8', # DoD Intel Information Systems
|
||||
'21.0.0.0/8', # DDN-RVN
|
||||
'22.0.0.0/8', # Defense Information Systems Agency
|
||||
'26.0.0.0/8', # Defense Information Systems Agency
|
||||
'28.0.0.0/8', # DSI-North
|
||||
'29.0.0.0/8', # Defense Information Systems Agency
|
||||
'30.0.0.0/8', # Defense Information Systems Agency
|
||||
'33.0.0.0/8', # DLA Systems Automation Center
|
||||
'55.0.0.0/8', # DoD Network Information Center
|
||||
'205.0.0.0/8', # US-DOD
|
||||
'214.0.0.0/8', # US-DOD
|
||||
'215.0.0.0/8' # US-DOD
|
||||
]
|
||||
},
|
||||
'ixps' : {
|
||||
'4': sorted(get_ixps('4')),
|
||||
'6': sorted(get_ixps('6'))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ip_version = sys.argv[1]
|
||||
if ip_version == '4':
|
||||
o_total = ipaddress.IPv4Network('0.0.0.0/0').num_addresses
|
||||
total = o_total
|
||||
elif ip_version == '6':
|
||||
o_total = ipaddress.IPv6Network('::/0').num_addresses
|
||||
total = o_total
|
||||
for option in donotscan:
|
||||
if sys.argv[1] in donotscan[option]:
|
||||
for ip in donotscan[option][ip_version]:
|
||||
try:
|
||||
r_total = ipaddress.ip_network(ip).num_addresses
|
||||
print(f'Excluding {ip} ({r_total:,} IPs) from {option}')
|
||||
total -= r_total
|
||||
except:
|
||||
print(ip)
|
||||
print(f'Total IP Addresses : {o_total:,}')
|
||||
print(f'Total After Clean : {total:,}')
|
||||
|
||||
if __name__ == "__main__":
|
||||
parser = argparse.ArgumentParser(description='Generate an exclude.conf file based on IP version.')
|
||||
parser.add_argument('ip_version', choices=['4', '6'], help='IP version (either 4 or 6)')
|
||||
args = parser.parse_args()
|
||||
|
||||
o_total = ipaddress.ip_network('0.0.0.0/0' if args.ip_version == '4' else '::/0').num_addresses
|
||||
total = o_total
|
||||
|
||||
donotscan = generate_list()
|
||||
|
||||
with open(f'exclude{args.ip_version}.conf', 'w') as file:
|
||||
for option in donotscan:
|
||||
if args.ip_version in donotscan[option]:
|
||||
file.write(f'\n# Excludes from {option}\n')
|
||||
for ip in donotscan[option][args.ip_version]:
|
||||
try:
|
||||
r_total = ipaddress.ip_network(ip).num_addresses
|
||||
file.write(ip+'\n')
|
||||
total -= r_total
|
||||
except:
|
||||
file.write(f"# Invalid IP/range from {option}\n{ip}\n")
|
||||
|
||||
print(f'Total IP Addresses : {o_total:,}')
|
||||
print(f'Total After Clean : {total:,}')
|
Loading…
Reference in New Issue
Block a user