Added conf files, will be making this LIVE soon

2024-11-24 00:46:50 +00:00 · 2023-08-23 20:14:50 -04:00 · 2023-08-23 20:14:50 -04:00 · 0d16ff8599
commit 0d16ff8599
parent e971e6a146
5 changed files with 143931 additions and 79 deletions
--- a/15
+++ b/15
@ -0,0 +1,15 @@
 ISC License
 Copyright (c) 2023, acidvegas <acid.vegas@acid.vegas>
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.
 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--- a/README.md
+++ b/README.md
@ -0,0 +1,12 @@
 # massclude
 ## Information
 This is a simple script that will generate an exclude.conf file for masscan that contains a set of IP ranges that are pointless to scan. These include a private & reserved IP ranges, bogon IP ranges, and IP ranges that belong to root DNS servers, internet exchange points, & government agencies. This removes almost 1.5 billion ip addresses from the scan, thus making it much faster and raising less suspicion.
 ## Live Repository Updates
 This repository is hosted on a VPS that updates every 6 hours with the latest IP ranges to exclude.
 ___
 ###### Mirrors
 [acid.vegas](https://git.acid.vegas/massclude) • [GitHub](https://github.com/acidvegas/massclude) • [GitLab](https://gitlab.com/acidvegas/massclude) • [SuperNETs](https://git.supernets.org/acidvegas/massclude)
--- a/exclude4.conf
+++ b/exclude4.conf
--- a/exclude6.conf
+++ b/exclude6.conf
--- a/massclude.py
+++ b/massclude.py
@ -1,16 +1,19 @@
 #!/usr/bin/env python3
 # Massclude - developed by acidvegas in python (https://git.acid.vegas/massclude)
 import argparse
 import ipaddress
 import json
 import sys
 import time
 import urllib.request
 def get_bogons(version):
-	return urllib.request.urlopen(f'https://team-cymru.org/Services/Bogons/fullbogons-ipv{version}.txt').read().decode().split('\n')[2:]
+    '''Returns a list of bogon IP addresses from Team Cymru.'''
    url = f'https://team-cymru.org/Services/Bogons/fullbogons-ipv{version}.txt'
    return urllib.request.urlopen(url).read().decode().split('\n')[2:]
 def get_ixps(version):
 	'''Returns a list of IXP IP addresses from CAIDA.'''
 	latest = time.strftime('%Y%m')
 	try:
 		data = urllib.request.urlopen(f'https://publicdata.caida.org/datasets/ixps/ixs_{latest}.jsonl').read().decode()
@ -25,83 +28,91 @@ def get_ixps(version):
 	json_data = json.loads(json.dumps(objects))
 	return [ip for item in json_data if item['prefixes']['ipv'+version] for ip in item['prefixes']['ipv'+version]]
-donotscan = {
+def generate_list():
-	'bogons' : {
+	return {
-		'4': get_bogons('4'),
+		'bogons' : {
-		'6': get_bogons('6')
+			'4': sorted(get_bogons('4')),
-	},
+			'6': sorted(get_bogons('6'))
-	'dns_root_servers' : {
+		},
-		'4': [
+		'dns_root_servers' : {
-			'198.41.0.4',     # a.root-servers.net Verisign, Inc.
+			'4': [
-			'199.9.14.201',   # b.root-servers.net University of Southern California, Information Sciences Institute
+				'198.41.0.4',     # a.root-servers.net Verisign, Inc.
-			'192.33.4.12',    # c.root-servers.net Cogent Communications
+				'199.9.14.201',   # b.root-servers.net University of Southern California, Information Sciences Institute
-			'199.7.91.13',    # d.root-servers.net University of Maryland
+				'192.33.4.12',    # c.root-servers.net Cogent Communications
-			'192.203.230.10', # e.root-servers.net NASA (Ames Research Center)
+				'199.7.91.13',    # d.root-servers.net University of Maryland
-			'192.5.5.241',    # f.root-servers.net Internet Systems Consortium, Inc.
+				'192.203.230.10', # e.root-servers.net NASA (Ames Research Center)
-			'192.112.36.4',   # g.root-servers.net US Department of Defense (NIC)
+				'192.5.5.241',    # f.root-servers.net Internet Systems Consortium, Inc.
-			'198.97.190.53',  # h.root-servers.net US Army (Research Lab)
+				'192.112.36.4',   # g.root-servers.net US Department of Defense (NIC)
-			'192.36.148.17',  # i.root-servers.net Netnod
+				'198.97.190.53',  # h.root-servers.net US Army (Research Lab)
-			'192.58.128.30',  # j.root-servers.net Verisign, Inc.
+				'192.36.148.17',  # i.root-servers.net Netnod
-			'193.0.14.129',   # k.root-servers.net RIPE NCC
+				'192.58.128.30',  # j.root-servers.net Verisign, Inc.
-			'199.7.83.42',    # l.root-servers.net ICANN
+				'193.0.14.129',   # k.root-servers.net RIPE NCC
-			'202.12.27.33'    # m.root-servers.net WIDE Project
+				'199.7.83.42',    # l.root-servers.net ICANN
-		],
+				'202.12.27.33'    # m.root-servers.net WIDE Project
-		'6': [
+			],
-			'2001:503:ba3e::2:30', # a.root-servers.net Verisign, Inc.
+			'6': [
-			'2001:500:200::b',     # b.root-servers.net University of Southern California, Information Sciences Institute
+				'2001:503:ba3e::2:30', # a.root-servers.net Verisign, Inc.
-			'2001:500:2::c',       # c.root-servers.net Cogent Communications
+				'2001:500:200::b',     # b.root-servers.net University of Southern California, Information Sciences Institute
-			'2001:500:2d::d',      # d.root-servers.net University of Maryland
+				'2001:500:2::c',       # c.root-servers.net Cogent Communications
-			'2001:500:a8::e',      # e.root-servers.net NASA (Ames Research Center)
+				'2001:500:2d::d',      # d.root-servers.net University of Maryland
-			'2001:500:2f::f',      # f.root-servers.net Internet Systems Consortium, Inc.
+				'2001:500:a8::e',      # e.root-servers.net NASA (Ames Research Center)
-			'2001:500:12::d0d',    # g.root-servers.net US Department of Defense (NIC)
+				'2001:500:2f::f',      # f.root-servers.net Internet Systems Consortium, Inc.
-			'2001:500:1::53',      # h.root-servers.net US Army (Research Lab)
+				'2001:500:12::d0d',    # g.root-servers.net US Department of Defense (NIC)
-			'2001:7fe::53',        # i.root-servers.net Netnod
+				'2001:500:1::53',      # h.root-servers.net US Army (Research Lab)
-			'2001:503:c27::2:30',  # j.root-servers.net Verisign, Inc.
+				'2001:7fe::53',        # i.root-servers.net Netnod
-			'2001:7fd::1',         # k.root-servers.net RIPE NCC
+				'2001:503:c27::2:30',  # j.root-servers.net Verisign, Inc.
-			'2001:500:9f::42',     # l.root-servers.net ICANN
+				'2001:7fd::1',         # k.root-servers.net RIPE NCC
-			'2001:dc3::35'         # m.root-servers.net WIDE Project
+				'2001:500:9f::42',     # l.root-servers.net ICANN
 				'2001:dc3::35'         # m.root-servers.net WIDE Project
-		]
+			]
-	},
+		},
-	'government': {
+		'government': {
-		'4': [
+			'4': [
-		'6.0.0.0/8',   # Army Information Systems Center
+			'6.0.0.0/8',   # Army Information Systems Center
-		'7.0.0.0/8',   # DoD Network Information Center
+			'7.0.0.0/8',   # DoD Network Information Center
-		'11.0.0.0/8',  # DoD Intel Information Systems
+			'11.0.0.0/8',  # DoD Intel Information Systems
-		'21.0.0.0/8',  # DDN-RVN
+			'21.0.0.0/8',  # DDN-RVN
-		'22.0.0.0/8',  # Defense Information Systems Agency
+			'22.0.0.0/8',  # Defense Information Systems Agency
-		'26.0.0.0/8',  # Defense Information Systems Agency
+			'26.0.0.0/8',  # Defense Information Systems Agency
-		'28.0.0.0/8',  # DSI-North
+			'28.0.0.0/8',  # DSI-North
-		'29.0.0.0/8',  # Defense Information Systems Agency
+			'29.0.0.0/8',  # Defense Information Systems Agency
-		'30.0.0.0/8',  # Defense Information Systems Agency
+			'30.0.0.0/8',  # Defense Information Systems Agency
-		'33.0.0.0/8',  # DLA Systems Automation Center
+			'33.0.0.0/8',  # DLA Systems Automation Center
-		'55.0.0.0/8',  # DoD Network Information Center
+			'55.0.0.0/8',  # DoD Network Information Center
-		'205.0.0.0/8', # US-DOD
+			'205.0.0.0/8', # US-DOD
-		'214.0.0.0/8', # US-DOD
+			'214.0.0.0/8', # US-DOD
-		'215.0.0.0/8'  # US-DOD
+			'215.0.0.0/8'  # US-DOD
-		]
+			]
-	},
+		},
-	'ixps' : {
+		'ixps' : {
-		'4': get_ixps('4'),
+			'4': sorted(get_ixps('4')),
-		'6': get_ixps('6')
+			'6': sorted(get_ixps('6'))
 		}
 	}
 }
-ip_version = sys.argv[1]
+
-if ip_version == '4':
+if __name__ == "__main__":
-	o_total = ipaddress.IPv4Network('0.0.0.0/0').num_addresses
+    parser = argparse.ArgumentParser(description='Generate an exclude.conf file based on IP version.')
-	total   = o_total
+    parser.add_argument('ip_version', choices=['4', '6'], help='IP version (either 4 or 6)')
-elif ip_version == '6':
+    args = parser.parse_args()
-	o_total = ipaddress.IPv6Network('::/0').num_addresses
+
-	total  = o_total
+    o_total = ipaddress.ip_network('0.0.0.0/0' if args.ip_version == '4' else '::/0').num_addresses
-for option in donotscan:
+    total = o_total
-	if sys.argv[1] in donotscan[option]:
+
-		for ip in donotscan[option][ip_version]:
+    donotscan = generate_list()
-			try:
+
-				r_total = ipaddress.ip_network(ip).num_addresses
+    with open(f'exclude{args.ip_version}.conf', 'w') as file:
-				print(f'Excluding {ip} ({r_total:,} IPs) from {option}')
+        for option in donotscan:
-				total -= r_total
+            if args.ip_version in donotscan[option]:
-			except:
+                file.write(f'\n# Excludes from {option}\n')
-				print(ip)
+                for ip in donotscan[option][args.ip_version]:
-print(f'Total IP Addresses : {o_total:,}')
+                    try:
-print(f'Total After Clean  : {total:,}')
+                        r_total = ipaddress.ip_network(ip).num_addresses
                        file.write(ip+'\n')
                        total -= r_total
                    except:
                        file.write(f"# Invalid IP/range from {option}\n{ip}\n")
    print(f'Total IP Addresses : {o_total:,}')
    print(f'Total After Clean  : {total:,}')