Add abuseipdb lookup to link, fix differences in version running in prod
This commit is contained in:
parent
05eeab7c9c
commit
66df6e56e2
3 changed files with 30 additions and 25 deletions
|
|
@ -72,16 +72,17 @@ args = parser.parse_args()
|
||||||
if args.config:
|
if args.config:
|
||||||
with open(args.config) as f:
|
with open(args.config) as f:
|
||||||
config = yaml.safe_load(f)
|
config = yaml.safe_load(f)
|
||||||
SERVER_ADDRESS = (config["host"], config["port"])
|
SERVER_ADDRESS = (config["hostname"], config["port"])
|
||||||
MATRIX_URL = config["matrix"]["url"]
|
MATRIX_URL = config["matrix"]["url"]
|
||||||
MATRIX_ID = config["matrix"]["id"]
|
MATRIX_ID = config["matrix"]["id"]
|
||||||
MATRIX_PW = config["matrix"]["pw"]
|
MATRIX_PW = config["matrix"]["pw"]
|
||||||
API_KEYS = config["api_keys"].keys()
|
API_KEYS = config["api_keys"]
|
||||||
ROOM_KEYS = config["api_keys"]
|
LOG_FILE = config["log"]
|
||||||
VERBOSE = get_numeric_log_level(config["log"]["level"])
|
VERBOSE = get_numeric_log_level(config["log"]["level"])
|
||||||
else:
|
else:
|
||||||
SERVER_ADDRESS = (args.host, args.port)
|
SERVER_ADDRESS = (args.host, args.port)
|
||||||
MATRIX_URL = args.matrix_url
|
MATRIX_URL = args.matrix_url
|
||||||
|
LOG_FILE = args.log
|
||||||
if not args.matrix_id:
|
if not args.matrix_id:
|
||||||
print("Missing matrix user-id. Use -i or --matrix-id or specify in config.yaml")
|
print("Missing matrix user-id. Use -i or --matrix-id or specify in config.yaml")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,29 @@
|
||||||
|
import requests
|
||||||
|
|
||||||
|
def get_abuse_confidence(ip):
|
||||||
|
""" get abuseipdb's confidence level on an ip passed in, and return that value"""
|
||||||
|
base_url = "https://api.abuseipdb.com/api/v2/check"
|
||||||
|
api_key = "<YOUR API KEY>
|
||||||
|
headers = { 'Key': api_key, 'Accept': 'application/json' }
|
||||||
|
data = { 'ipAddress': ip, 'maxAgeInDays': 90 }
|
||||||
|
r = requests.get(base_url, headers=headers, json=data)
|
||||||
|
return r.json()['data']['abuseConfidenceScore']
|
||||||
|
|
||||||
def formatter(data, headers):
|
def formatter(data, headers):
|
||||||
"""format a message sent with crowdsec http endpoints"""
|
""" format a message sent with crowdsec http endpoints"""
|
||||||
data_out = ""
|
data_out = ""
|
||||||
for row in data["body"]:
|
for row in data["body"]:
|
||||||
if "crowdsecurity" in row["scenario"]:
|
ip = row['host']
|
||||||
source, scenario, *_ = row["scenario"].split("/")
|
duration = row['duration']
|
||||||
row[
|
confidence = get_abuse_confidence(ip)
|
||||||
"scenario"
|
if "crowdsecurity" in row['scenario']:
|
||||||
] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
|
source, scenario, *_ = row['scenario'].split('/')
|
||||||
data_out += (
|
row['scenario'] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
|
||||||
f"{row['host']} has been banned {row['duration']} due to {row['scenario']}\n\n"
|
data_out += (
|
||||||
f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})|"
|
f"{ip} has been banned {duration} due to {row['scenario']}\n\n"
|
||||||
f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
|
f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) | "
|
||||||
)
|
f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
|
||||||
|
)
|
||||||
data["body"] = data_out
|
data["body"] = data_out
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -37,22 +37,14 @@ async def matrix_webhook(request):
|
||||||
|
|
||||||
if "formatter" in request.rel_url.query:
|
if "formatter" in request.rel_url.query:
|
||||||
try:
|
try:
|
||||||
format_type = request.rel_url.query["formatter"]
|
format = request.rel_url.query["formatter"]
|
||||||
plugin = importlib.import_module(
|
plugin = importlib.import_module(f"matrix_webhook.formatters.{format}", "formatter")
|
||||||
f"matrix_webhook.formatters.{format_type}", "formatter"
|
|
||||||
)
|
|
||||||
data = plugin.formatter(data, request.headers)
|
data = plugin.formatter(data, request.headers)
|
||||||
except ModuleNotFoundError:
|
except ModuleNotFoundError:
|
||||||
return utils.create_json_response(
|
return utils.create_json_response(
|
||||||
HTTPStatus.BAD_REQUEST, "Unknown formatter"
|
HTTPStatus.BAD_REQUEST, "Unknown formatter"
|
||||||
)
|
)
|
||||||
|
|
||||||
if (
|
|
||||||
"room_id" not in request.rel_url.query
|
|
||||||
and "room_id" not in data
|
|
||||||
and conf.ROOM_KEYS[f'{data["key"]}']
|
|
||||||
):
|
|
||||||
data["room_id"] = conf.ROOM_KEYS[f'{data["key"]}']
|
|
||||||
if "room_id" in request.rel_url.query and "room_id" not in data:
|
if "room_id" in request.rel_url.query and "room_id" not in data:
|
||||||
data["room_id"] = request.rel_url.query["room_id"]
|
data["room_id"] = request.rel_url.query["room_id"]
|
||||||
if "room_id" not in data:
|
if "room_id" not in data:
|
||||||
|
|
@ -96,5 +88,4 @@ async def matrix_webhook(request):
|
||||||
"format": "org.matrix.custom.html",
|
"format": "org.matrix.custom.html",
|
||||||
"formatted_body": formatted_body,
|
"formatted_body": formatted_body,
|
||||||
}
|
}
|
||||||
print(conf.ROOM_KEYS)
|
|
||||||
return await utils.send_room_message(data["room_id"], content)
|
return await utils.send_room_message(data["room_id"], content)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue