Light

jojiiofficial / scanbanserver Goto Github PK

View Code? Open in Web Editor NEW

4.0 2.0 1.0 8.96 MB

The server for the triplink-system to collect hackers and webscanner across the internet

Home Page: https://www.triplink.tech/

License: GNU Affero General Public License v3.0

Go 98.94% Dockerfile 1.06%

triplink security security-automation blocking ipsec database filter

scanbanserver's Introduction

ScanBanServer

This is a REST-API server for the tripwire system. If you own multiple server on the internet which get scanned all over the time, this is the perfect ip-banning-network for you. It is created to log portscans and "report" them to your REST server(this repository on one of your server). If you want to block those scanner you can automatically generate IP-blocklists based on a filter to protect your machines against internet scanner like shodan.io

What!? I need an example!

Lets explain this repo with a short example:
Lets assume you have 5 server but you don't want known-portscanner to scan all your ports and services and publish the data on their websites, you can install tripwire and tripwire reporter on all of your server and configure them to report all IPs which tried to connect to port x (with tripwire you can also use ports which are already bound to a diffirent service). Then you can configue that tripwire fetches all IPs from your ScanBanServer which were for example reported at least two times. So if machine 1 and 2 were scanned by ip x.x.x.x then machine 3,4 and 5 will block the ip x.x.x.x (Of course you can create a filter matching your imagination)

Install

Install go1.13
Setup a mysql server (you can also use an existing mysql server)
Create a new database
Import the database.sql from this repo
Build the server binary wih go get and go build -o scanban
Run ./scanban install
Fill the config.json with the database credentials (you can leave "keyfile" and "certfile" empty if you don't need TLS)
- If you want to fetch some third party data you can set the "ipdataAPIkey" with an API key from ipdata.co
Run ./scanban install again to automatically cerate a systemd service
- Alternatively you can use ./scanban run to run the server without a service
Done!

User permissions

The permission system is like filepermissions in unix:
1 - fetch IPs
2 - push IPs
4 - view reports
For example 7 = allow everything or 3 = allow Fetch & Push

Dynamic IP

If your server has a dynamic IP address, you can create a dyn.ip file and let a cronjob update this file with your external ip. This prevents the server reporting itself after ip change. If the file is avaliable and contains a valid IP address, it will be used instead of the external ip.

scanbanserver's People

Stargazers

Watchers

Forkers

nestorwheelock

scanbanserver's Issues

Add Threatsafety for sql functions

Test new InsertReport function

Queries.go:158

Handle dynamic ips

Create list with dyn ip ranges if IP is in this range set a flag in blockedIp list to autoremove them after a specified amount of time

Add ignored IPlist

Don't ban reserved addresses: RFC 5735

Add update/block tor IPs

Update README.md -> dyn dns

Handle insert reasons

Improve filter performance for searching in ports

Save ports assigned to count and IP in specific table to increase filter performance

Update reason on repeated host report

If a host gets reported again from a user and the reason is higher, the reason should be updated

Update user reportCount on report

Add TLS

Add arg parser

Add "isHacker" to reportnew

Merge table "IPreason" with "Reporter"

add better logging

Apply filter on fetches

IP whitelist

Fetch ipinfo for incoming IPs

https://ipinfo.io/

Add known scanner table

Use a table to store known domains/hostnames. If an IP has this hostname it should be validated automatically

Add multiple filter-processor threads

Move tasks to goroutines which don't need to run in foreground

Update report count
insertIP

Create installer for systemd

Cache filterSQL

Log reports/fetches

Return a JSON on report success

Add optional field for custom note

fix retrieving external IP

Read/Write permissions

Specify if a token is allowed to report (write) and/or read info/fetch (read)

Don't add filter if server is unreachable

Update note if null

Add abostrophes to IN and NOT IN filter operators if destination is a string

IN(shodan.io,censys.io) -> IN('shodan.io','censys.io')

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.