Skip to content

Commit

Permalink
Beta - release
Browse files Browse the repository at this point in the history
  • Loading branch information
@RChutchev
RChutchev committed Feb 24, 2022
1 parent 2ba16e1 commit 95a8b4e
Show file tree
Hide file tree
Showing 3 changed files with 76 additions and 9 deletions.
7 changes: 7 additions & 0 deletions block_attackers_IP.bat
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
cd C:\ps\
main.exe
timeout 5
cd C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\
smc.exe -exportadvrule C:\ps\rules.xml
timeout 5
smc.exe -importadvrule C:\ps\rules_to_SEP.xml
63 changes: 55 additions & 8 deletions main.py
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,19 @@
# Copyright - Roman Chutchev (RChutchev.ru) a.k.a. RChutchev
# Beta version
# version 1.0 Beta - Release
# INFO: settings.ini file REQUIRED in folder with .py or .exe
import configparser
import os
import re
import sys
import pyautogui
import xml.etree.cElementTree as xmlET


def check_file_exist(path, file_name):
# First: path - is path to folder
# Second: file_name - is name of file in path folder
# Return bool
# True if file exist, False if file is not found.
if path and file_name is not None:
f_name = str(path) + '\\' + str(file_name)
f_result = os.path.isfile(f_name)
Expand All @@ -28,6 +34,7 @@ def check_file_exist(path, file_name):
config.read(config_path)
config.sections()
except configparser.NoSectionError as e:
# TODO: Check - may not work
pyautogui.alert(text="Configuration (settings.ini) file error! \n No SEP section.", title="Error!")
sys.exit(1)

Expand All @@ -47,13 +54,31 @@ def check_file_exist(path, file_name):
fallback=r'C:\\PS\\')
NAME_OF_IPs_LIST = config.get('SEP', 'NAME_OF_IPs_LIST',
fallback=r'iptoblock.txt')
IPsListDelimiter = config.get('SEP', 'IPsListDelimiter',
fallback="\n")
COUNT_TO_BLOCK = config.get('SEP', 'COUNT_TO_BLOCK',
fallback="2")
NAME_OF_SEP_RULE = config.get('SEP', 'NAME_OF_SEP_RULE',
fallback="THIS RULE WILL BE UPDATED AUTOMATICALLY")
NAME_XML_FROM_SEP = config.get('SEP', 'NAME_XML_FROM_SEP',
fallback=r'rules.xml')
NAME_XML_FOR_SEP = config.get('SEP', 'NAME_XML_FOR_SEP',
fallback=r'IPs_to_SEP.xml')

DEBUG = False
if config.get('SEP', 'DEBUG', fallback=False):
DEBUG_ENABLED = config.get('SEP', 'DEBUG', fallback=False)
print(DEBUG_ENABLED)
if DEBUG_ENABLED == 'True':
DEBUG = True
DO_NOT_WRITE_LIST = False
if config.get('SEP', 'DO_NOT_WRITE_LIST_OF_IPs', fallback=False):
DO_NOT_WRITE_LIST_OF_IPs = config.get('SEP', 'DO_NOT_WRITE_LIST_OF_IPs', fallback=False)
if DO_NOT_WRITE_LIST_OF_IPs == 'True':
DO_NOT_WRITE_LIST = True

if not check_file_exist(PATH_TO_FILE_WITH_IPs, NAME_XML_FROM_SEP):
pyautogui.alert(text="No SEP exported rules found.", title="Error!")
sys.exit(1)

if check_file_exist(sep_path, log_name):
if DEBUG:
Expand All @@ -63,6 +88,7 @@ def check_file_exist(path, file_name):
lines = log.readlines()
lst = []
lst_clear = []
two_or_more = []
for line in lines:
# print("Line{}: {}".format(count, line.strip()))
pattern = re.compile(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})')
Expand All @@ -72,14 +98,35 @@ def check_file_exist(path, file_name):
if not result[1].startswith(LOCAL_IP_MASK): # Exclude LOCAL IP ex. 192.168.***.***
if not any(ip in result[1] for ip in Ex_IPs): # Exclude from Settings.ini
lst.append(result[1]) # Append to list - Result with duplicates
lst_clear = list(dict.fromkeys(lst)) # Final result list w/o duplicates
lst_clear = list(dict.fromkeys(lst)) # Final result list w/o duplicates

for ip_for_ban in lst:
if lst.count(ip_for_ban) >= int(COUNT_TO_BLOCK):
two_or_more.append(ip_for_ban)

lst_clear_to_ban = list(dict.fromkeys(two_or_more))
# USE lst_clear_to_ban IPs to add to SEP for permanent block
# Read XML file here
tree = xmlET.parse(PATH_TO_FILE_WITH_IPs + NAME_XML_FROM_SEP)
AdvancedRule = tree.find(f"AdvancedRule[@Description='{NAME_OF_SEP_RULE}']")
to_add = {}
for ip in lst_clear_to_ban:
to_add["Start"] = ip
to_add["End"] = ip
HostGroup = AdvancedRule.find('HostGroup')
Rule = HostGroup.find(f"IpRange[@Start='{ip}']")
if Rule is None:
IPRange = xmlET.SubElement(HostGroup, 'IpRange', attrib=to_add)
# Write to XML file here
tree.write(PATH_TO_FILE_WITH_IPs + NAME_XML_FOR_SEP)

# Write to file here
# Write to text file here
if len(lst_clear) != 0:
ips_file = open(PATH_TO_FILE_WITH_IPs + NAME_OF_IPs_LIST, 'w+')
for bad_ip in lst_clear:
ips_file.write(bad_ip + '\n')
ips_file.close()
if not DO_NOT_WRITE_LIST:
ips_file = open(PATH_TO_FILE_WITH_IPs + NAME_OF_IPs_LIST, 'w+')
for bad_ip in lst_clear:
ips_file.write(bad_ip + IPsListDelimiter)
ips_file.close()
if DEBUG:
pyautogui.alert(text="Found: " + str(len(lst_clear)) + ' IPs', title="INFO")
pyautogui.alert(text="File saved!", title="INFO")
Expand Down
15 changes: 14 additions & 1 deletion settings.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,19 @@ ExLOCAL_IPs_MASK = 192.168.
EXCLUDED_IP = 8.8.8.8, 8.8.4.4
# Where to save result file
PATH_TO_FILE_WITH_IPs = C:\ps\
# If you wat to DISABLE log file == True
DO_NOT_WRITE_LIST_OF_IPs = False
# Delimiter for IPs in file, default is - new line
# IPsListDelimiter = ,
# How often IPs in log file to add in SEP Rule list
COUNT_TO_BLOCK = 5
# Name of result file
NAME_OF_IPs_LIST = iptoblock.txt
DEBUG = True
# Create rule in SEP Firewall, name of rule here
NAME_OF_SEP_RULE = THIS RULE WILL BE UPDATED AUTOMATICALLY
# Name of exported rules file here
NAME_XML_FROM_SEP = rules.xml
# Name of new rules file to add in SEP
NAME_XML_FOR_SEP = rules_to_SEP.xml
# FOR INTERNAL USE!! DO NOT ADD to schedule with DEBUG = TRUE. ONLY FOR DEBUG
DEBUG = False

0 comments on commit 95a8b4e

Please sign in to comment.