massclude- masscan exclude generator |
| git clone git://git.acid.vegas/massclude.git |
| Log | Files | Refs | Archive | README | LICENSE |
massclude.py (6858B)
1 #!/usr/bin/env python3 2 # Massclude - developed by acidvegas in python (https://git.acid.vegas/massclude) 3 4 import argparse 5 import ipaddress 6 import json 7 import time 8 import urllib.request 9 10 def get_bogons(version): 11 '''Returns a list of bogon IP addresses from Team Cymru.''' 12 url = f'https://team-cymru.org/Services/Bogons/fullbogons-ipv{version}.txt' 13 return urllib.request.urlopen(url).read().decode().split('\n')[2:] 14 15 def determine_latest_db(): 16 '''Determine the latest IXP database.''' 17 data = urllib.request.urlopen('https://publicdata.caida.org/datasets/ixps/').read().decode() 18 latest = time.strftime('%Y%m') 19 if f'_{latest}.jsonl' in data: 20 return latest 21 else: # TODO: This is a mess, clean it up 22 latest = str(int(latest)-1) 23 if f'_{latest}.jsonl' in data: 24 return latest 25 else: 26 latest = str(int(latest)-1) 27 if f'_{latest}.jsonl' in data: 28 return latest 29 else: 30 return None 31 32 def get_ixps(version): 33 '''Returns a list of IXP IP addresses from CAIDA.''' 34 if (latest := determine_latest_db()): 35 try: 36 data = urllib.request.urlopen(f'https://publicdata.caida.org/datasets/ixps/ixs_{latest}.jsonl').read().decode() 37 except: 38 latest = str(int(time.strftime('%Y%m'))-1) 39 data = urllib.request.urlopen(f'https://publicdata.caida.org/datasets/ixps/ixs_{latest}.jsonl').read().decode() 40 decoder = json.JSONDecoder() 41 objects = [] 42 for line in data.split('\n'): 43 if len(line) > 0 and line[0][0] != "#": 44 objects.append(decoder.decode(line)) 45 json_data = json.loads(json.dumps(objects)) 46 return [ip for item in json_data if item['prefixes']['ipv'+version] for ip in item['prefixes']['ipv'+version]] 47 48 def generate_list(): 49 return { 50 'bogons' : { 51 '4': sorted(get_bogons('4')), 52 '6': sorted(get_bogons('6')) 53 }, 54 'dns_root_servers' : { 55 '4': [ 56 '198.41.0.4', # a.root-servers.net Verisign, Inc. 57 '199.9.14.201', # b.root-servers.net University of Southern California, Information Sciences Institute 58 '192.33.4.12', # c.root-servers.net Cogent Communications 59 '199.7.91.13', # d.root-servers.net University of Maryland 60 '192.203.230.10', # e.root-servers.net NASA (Ames Research Center) 61 '192.5.5.241', # f.root-servers.net Internet Systems Consortium, Inc. 62 '192.112.36.4', # g.root-servers.net US Department of Defense (NIC) 63 '198.97.190.53', # h.root-servers.net US Army (Research Lab) 64 '192.36.148.17', # i.root-servers.net Netnod 65 '192.58.128.30', # j.root-servers.net Verisign, Inc. 66 '193.0.14.129', # k.root-servers.net RIPE NCC 67 '199.7.83.42', # l.root-servers.net ICANN 68 '202.12.27.33' # m.root-servers.net WIDE Project 69 ], 70 '6': [ 71 '2001:503:ba3e::2:30', # a.root-servers.net Verisign, Inc. 72 '2001:500:200::b', # b.root-servers.net University of Southern California, Information Sciences Institute 73 '2001:500:2::c', # c.root-servers.net Cogent Communications 74 '2001:500:2d::d', # d.root-servers.net University of Maryland 75 '2001:500:a8::e', # e.root-servers.net NASA (Ames Research Center) 76 '2001:500:2f::f', # f.root-servers.net Internet Systems Consortium, Inc. 77 '2001:500:12::d0d', # g.root-servers.net US Department of Defense (NIC) 78 '2001:500:1::53', # h.root-servers.net US Army (Research Lab) 79 '2001:7fe::53', # i.root-servers.net Netnod 80 '2001:503:c27::2:30', # j.root-servers.net Verisign, Inc. 81 '2001:7fd::1', # k.root-servers.net RIPE NCC 82 '2001:500:9f::42', # l.root-servers.net ICANN 83 '2001:dc3::35' # m.root-servers.net WIDE Project 84 85 ] 86 }, 87 'government': { 88 '4': [ 89 '6.0.0.0/8', # Army Information Systems Center 90 '7.0.0.0/8', # DoD Network Information Center 91 '11.0.0.0/8', # DoD Intel Information Systems 92 '21.0.0.0/8', # DDN-RVN 93 '22.0.0.0/8', # Defense Information Systems Agency 94 '26.0.0.0/8', # Defense Information Systems Agency 95 '28.0.0.0/8', # DSI-North 96 '29.0.0.0/8', # Defense Information Systems Agency 97 '30.0.0.0/8', # Defense Information Systems Agency 98 '33.0.0.0/8', # DLA Systems Automation Center 99 '55.0.0.0/8', # DoD Network Information Center 100 '205.0.0.0/8', # US-DOD 101 '214.0.0.0/8', # US-DOD 102 '215.0.0.0/8' # US-DOD 103 ] 104 }, 105 'ixps' : { 106 '4': sorted(get_ixps('4')), 107 '6': sorted(get_ixps('6')) 108 }, 109 'private' : { 110 '4': [ 111 '0.0.0.0/8', # "This" network 112 '10.0.0.0/8', # Private networks 113 '100.64.0.0/10', # Carrier-grade NAT - RFC 6598 114 '127.0.0.0/8', # Host loopback 115 '169.254.0.0/16', # Link local 116 '172.16.0.0/12', # Private networks 117 '192.0.0.0/24', # IETF Protocol Assignments 118 '192.0.0.0/29', # DS-Lite 119 '192.0.0.170/32', # NAT64 120 '192.0.0.171/32', # DNS64 121 '192.0.2.0/24', # Documentation (TEST-NET-1) 122 '192.88.99.0/24', # 6to4 Relay Anycast 123 '192.168.0.0/16', # Private networks 124 '198.18.0.0/15', # Benchmarking 125 '198.51.100.0/24', # Documentation (TEST-NET-2) 126 '203.0.113.0/24', # Documentation (TEST-NET-3) 127 '240.0.0.0/4', # Reserved 128 '255.255.255.255/32' # Limited Broadcast 129 ], 130 '6': [ 131 '::/128', # Unspecified address 132 '::1/128', # Loopback address 133 '::ffff:0:0/96', # IPv4 mapped addresses 134 '64:ff9b::/96', # IPv4/IPv6 translation 135 '100::/64', # Discard prefix 136 '2001::/32', # Teredo tunneling \ 137 '2001:10::/28', # ORCHIDv2 138 '2001:20::/28', # ORCHIDv2 139 '2001:2::/48', # Benchmarking 140 '2001:db8::/32', # Documentation 141 '2002::/16', # 6to4 142 'fc00::/7', # Unique local 143 'fe80::/10', # Link local 144 'ff00::/8' # Multicast 145 146 ] 147 }, 148 } 149 150 151 if __name__ == "__main__": 152 parser = argparse.ArgumentParser(description='Generate an exclude.conf file based on IP version.') 153 parser.add_argument('ip_version', choices=['4', '6'], help='IP version (either 4 or 6)') 154 args = parser.parse_args() 155 156 o_total = ipaddress.ip_network('0.0.0.0/0' if args.ip_version == '4' else '::/0').num_addresses 157 total = o_total 158 159 donotscan = generate_list() 160 161 with open(f'exclude{args.ip_version}.conf', 'w') as file: 162 for option in donotscan: 163 if args.ip_version in donotscan[option]: 164 file.write(f'\n# Excludes from {option}\n') 165 for ip in donotscan[option][args.ip_version]: 166 try: 167 r_total = ipaddress.ip_network(ip).num_addresses 168 file.write(ip+'\n') 169 total -= r_total 170 except: 171 file.write(f"# Invalid IP/range from {option}\n{ip}\n") 172 173 print(f'Total IP Addresses : {o_total:,}') 174 print(f'Total After Clean : {total:,}')