[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing some generate scripts #159

Open
sustefil opened this issue Aug 17, 2020 · 4 comments
Open

Missing some generate scripts #159

sustefil opened this issue Aug 17, 2020 · 4 comments
Labels
create-generator-script enhancement

Comments

@sustefil
Copy link

Hi guys,

I wondered whether it would be possible to provide some more generate scripts to the repo.

For example the google-gmail-sending-ips list has a "date" version, so I assume you already have the generate script.

Thanks in advance.
@adulau
Copy link
Member
adulau commented Aug 17, 2020

Good question. I find that the way the get the records, it's use the SPF records (which a kind of recursive maze at Google).

adulau@dobbertin:~$ dig -t TXT _netblocks4.google.com +short
"v=spf1 ip4:74.114.24.0/21 ip4:136.112.0.0/12 ip4:172.217.224.0/19 ip4:208.81.188.0/22 ~all"
adulau@dobbertin:~$ dig -t TXT _netblocks.google.com +short
"v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all"
adulau@dobbertin:~$ dig -t TXT _netblocks2.google.com +short
"v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all"
adulau@dobbertin:~$ dig -t TXT _netblocks3.google.com +short
"v=spf1 ip4:172.217.0.0/19 ip4:172.217.32.0/20 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:172.253.56.0/21 ip4:172.253.112.0/20 ip4:108.177.96.0/19 ip4:35.191.0.0/16 ip4:130.211.0.0/22 ~all"

It seems to match the current warning list.

@sustefil
Copy link
Author
sustefil commented Aug 17, 2020
edited
Loading

Good :)

Another lists of this kind would be:

List of known Ovh Cluster IP
List of known Office 365 Attack Simulator used for phishing awareness campaigns
List of known Akamai IP ranges
LIST OF KNOWN GOOGLEBOT IP RANGES

Thanks

@adulau
Copy link
Member
adulau commented Aug 17, 2020

We might update the warning list for format to add the source url as providers tend to change those very often...

@sustefil
Copy link
Author

That would be nice, to provide the source for the warning lists (e.g. in description), I could create some of the generate scripts and contribute them to the repo :)

Some of the WL where the source (and the generate script) is missing:

LIST OF KNOWN BANK DOMAINS
LIST OF KNOWN GOOGLE DOMAINS
LIST OF KNOWN OFFICE 365 ATTACK SIMULATOR USED FOR PHISHING AWARENESS CAMPAIGNS
LIST OF KNOWN OFFICE 365 URLS AND IP ADDRESS RANGES
LIST OF KNOWN OFFICE 365 IP ADDRESS RANGES IN CHINA
LIST OF KNOWN SINKHOLES
LIST OF KNOWN AKAMAI IP RANGES
LIST OF KNOWN DOMAINS USED BY AUTOMATED MALWARE ANALYSIS SERVICES & SECURITY VENDORS
LIST OF KNOWN MICROSOFT DOMAINS
LIST OF KNOWN SECURITY PROVIDERS/VENDORS BLOG DOMAIN
LIST OF KNOWN URL SHORTENERS DOMAINS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
create-generator-script enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adulau @sustefil