Add abuseipdb lookup to link, fix differences in version running in prod
This commit is contained in:
parent
05eeab7c9c
commit
66df6e56e2
3 changed files with 30 additions and 25 deletions
|
@ -72,16 +72,17 @@ args = parser.parse_args()
|
|||
if args.config:
|
||||
with open(args.config) as f:
|
||||
config = yaml.safe_load(f)
|
||||
SERVER_ADDRESS = (config["host"], config["port"])
|
||||
SERVER_ADDRESS = (config["hostname"], config["port"])
|
||||
MATRIX_URL = config["matrix"]["url"]
|
||||
MATRIX_ID = config["matrix"]["id"]
|
||||
MATRIX_PW = config["matrix"]["pw"]
|
||||
API_KEYS = config["api_keys"].keys()
|
||||
ROOM_KEYS = config["api_keys"]
|
||||
API_KEYS = config["api_keys"]
|
||||
LOG_FILE = config["log"]
|
||||
VERBOSE = get_numeric_log_level(config["log"]["level"])
|
||||
else:
|
||||
SERVER_ADDRESS = (args.host, args.port)
|
||||
MATRIX_URL = args.matrix_url
|
||||
LOG_FILE = args.log
|
||||
if not args.matrix_id:
|
||||
print("Missing matrix user-id. Use -i or --matrix-id or specify in config.yaml")
|
||||
sys.exit(1)
|
||||
|
|
|
@ -1,16 +1,29 @@
|
|||
import requests
|
||||
|
||||
def get_abuse_confidence(ip):
|
||||
""" get abuseipdb's confidence level on an ip passed in, and return that value"""
|
||||
base_url = "https://api.abuseipdb.com/api/v2/check"
|
||||
api_key = "<YOUR API KEY>
|
||||
headers = { 'Key': api_key, 'Accept': 'application/json' }
|
||||
data = { 'ipAddress': ip, 'maxAgeInDays': 90 }
|
||||
r = requests.get(base_url, headers=headers, json=data)
|
||||
return r.json()['data']['abuseConfidenceScore']
|
||||
|
||||
def formatter(data, headers):
|
||||
"""format a message sent with crowdsec http endpoints"""
|
||||
""" format a message sent with crowdsec http endpoints"""
|
||||
data_out = ""
|
||||
for row in data["body"]:
|
||||
if "crowdsecurity" in row["scenario"]:
|
||||
source, scenario, *_ = row["scenario"].split("/")
|
||||
row[
|
||||
"scenario"
|
||||
] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
|
||||
data_out += (
|
||||
f"{row['host']} has been banned {row['duration']} due to {row['scenario']}\n\n"
|
||||
f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})|"
|
||||
f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
|
||||
)
|
||||
ip = row['host']
|
||||
duration = row['duration']
|
||||
confidence = get_abuse_confidence(ip)
|
||||
if "crowdsecurity" in row['scenario']:
|
||||
source, scenario, *_ = row['scenario'].split('/')
|
||||
row['scenario'] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
|
||||
data_out += (
|
||||
f"{ip} has been banned {duration} due to {row['scenario']}\n\n"
|
||||
f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) | "
|
||||
f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
|
||||
)
|
||||
data["body"] = data_out
|
||||
return data
|
||||
|
||||
|
|
|
@ -37,22 +37,14 @@ async def matrix_webhook(request):
|
|||
|
||||
if "formatter" in request.rel_url.query:
|
||||
try:
|
||||
format_type = request.rel_url.query["formatter"]
|
||||
plugin = importlib.import_module(
|
||||
f"matrix_webhook.formatters.{format_type}", "formatter"
|
||||
)
|
||||
format = request.rel_url.query["formatter"]
|
||||
plugin = importlib.import_module(f"matrix_webhook.formatters.{format}", "formatter")
|
||||
data = plugin.formatter(data, request.headers)
|
||||
except ModuleNotFoundError:
|
||||
return utils.create_json_response(
|
||||
HTTPStatus.BAD_REQUEST, "Unknown formatter"
|
||||
)
|
||||
|
||||
if (
|
||||
"room_id" not in request.rel_url.query
|
||||
and "room_id" not in data
|
||||
and conf.ROOM_KEYS[f'{data["key"]}']
|
||||
):
|
||||
data["room_id"] = conf.ROOM_KEYS[f'{data["key"]}']
|
||||
if "room_id" in request.rel_url.query and "room_id" not in data:
|
||||
data["room_id"] = request.rel_url.query["room_id"]
|
||||
if "room_id" not in data:
|
||||
|
@ -96,5 +88,4 @@ async def matrix_webhook(request):
|
|||
"format": "org.matrix.custom.html",
|
||||
"formatted_body": formatted_body,
|
||||
}
|
||||
print(conf.ROOM_KEYS)
|
||||
return await utils.send_room_message(data["room_id"], content)
|
||||
|
|
Loading…
Reference in a new issue