-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathyorblacklister.js
75 lines (63 loc) · 2.23 KB
/
yorblacklister.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
("use strict");
const Cloudflare = require("./lib/Cloudflare.js");
const AddressPool = require("./lib/AddressPool.js");
const Redflag = require("./lib/Redflag.js");
const Investigator = require("./lib/Investigator.js");
const Config = require("./lib/Config.js");
async function run() {
// initialize
const conf = new Config();
const dectivePikachu = new Investigator(conf.settings().file_path);
const pool = new AddressPool();
const cf = new Cloudflare(conf);
// read in the log
const contentArray = await dectivePikachu.readFile();
// investigate pikachu.. investigate!
for (let line = 0; line < contentArray.length; line++) {
dectivePikachu.ipCountReset();
if (conf.settings().codes.includes(contentArray[line].split(" ")[8])) {
if (
!(await dectivePikachu.investigatedAddress(
contentArray[line].split(" ")[0]
))
) {
dectivePikachu.addInvestigated(contentArray[line].split(" ")[0]);
}
for (
let reversedLine = contentArray.length - 1;
reversedLine > 0;
reversedLine--
) {
if (
contentArray[line].split(" ")[0] ==
contentArray[reversedLine].split(" ")[0]
) {
dectivePikachu.ipFound();
}
}
// is enough for redflag ser?
if (dectivePikachu.ipCount() > conf.settings().limit) {
// that'll do pikachu... that'll do.
flagged = new Redflag({
ip_address: contentArray[line].split(" ")[0],
time: contentArray[line].replace("[", "").split(" ")[3],
method: contentArray[line].split(" ")[5],
query_path: contentArray[line].split(" ")[6],
code: contentArray[line].split(" ")[8],
body_bytes_sent: contentArray[line].split(" ")[9],
referrer: contentArray[line].split(" ")[10],
user_agent: await dectivePikachu.buildUserAgent(contentArray[line]),
});
pool.addFlag(flagged);
pool.add(
contentArray[line].split(" ")[0],
"Blacklisted for execessive probing."
);
}
}
}
const data = await pool.prepareForCloudflareUpdate();
// update the blacklist on cloudflare
cf.updateListItems(data).then((response) => console.log(response));
}
run();