diff --git a/ddos-mitigator/superscript.sh b/ddos-mitigator/superscript.sh new file mode 100755 index 0000000..51eadb9 --- /dev/null +++ b/ddos-mitigator/superscript.sh @@ -0,0 +1,140 @@ +#!/bin/sh +MY_IP="94.199.214.20" + +file8="sorted-http-8.txt" +file16="sorted-http-16.txt" +file24="sorted-http-24.txt" +file32="sorted-http-32.txt" +banlist="banlist.txt" + +ext8=".0.0.0/8" +ext16=".0.0/16" +ext24=".0/24" +ext32="/32" + +red="\033[38;2;255;0;43m" +yellow="\033[38;2;255;204;0m" +green="\033[38;2;0;179;89m" +blue="\033[38;2;0;85;255m" +bold="\033[1m" +reset="\033[0m" + +trap 'sudo -k; popd; rm -r ${tmpdir}' EXIT + +tmpdir=$(mktemp -d) +pushd "${tmpdir}" +touch "${banlist}" + +netstat -nt | grep "${MY_IP}:443" | tr -s '[:blank:]' | cut -d' ' -f5 | cut -d: -f1 | sort > raw-http.txt + +uniq -c raw-http.txt | sort -rn > "${file32}" +cut -d. -f1-3 raw-http.txt | sort | uniq -c | sort -rn > "${file24}" +cut -d. -f1-2 raw-http.txt | sort | uniq -c | sort -rn > "${file16}" +cut -d. -f1 raw-http.txt | sort | uniq -c | sort -rn > "${file8}" + +nlines32=$(cat "${file32}" | wc -l) +nlines24=$(cat "${file24}" | wc -l) +nlines16=$(cat "${file16}" | wc -l) +nlines8=$(cat "${file8}" | wc -l) + +echo "We've got:" +echo "[1] 32bit: ${nlines32} entries" +echo "[2] 24bit: ${nlines24} entries" +echo "[3] 16bit: ${nlines16} entries" +echo "[4] 8bit: ${nlines8} entries" +read -p 'Which one do you want to work with (q=Quit) [1-4]? ' choice + +case "${choice}" in + "1" ) file="${file32}" ; ext="${ext32}" ; nlines="${nlines32}" ;; + "2" ) file="${file24}" ; ext="${ext24}" ; nlines="${nlines24}" ;; + "3" ) file="${file16}" ; ext="${ext16}" ; nlines="${nlines16}" ;; + "4" ) file="${file8}" ; ext="${ext8}" ; nlines="${nlines8}" ;; + "Q" | "q" ) echo 'Kthxbye.'; exit ;; + * ) echo "Invalid input: ${infile}. I'm out of here."; exit 1 ;; +esac + +echo "Processing ${file}." + +function setHilite() { + local count=$1 + case "${choice}" in + "1" ) + # /32 + if [ $count -ge 5 ] ; then + hilite="${red}" + elif [ $count -ge 3 ] ; then + hilite="${yellow}" + else + hilite="${green}" + fi + ;; + "2" ) + # /24 + if [ $count -ge 13 ] ; then + hilite="${red}" + elif [ $count -ge 7 ] ; then + hilite="${yellow}" + else + hilite="${green}" + fi + ;; + "3" ) + # /16 + if [ $count -ge 25 ] ; then + hilite="${red}" + elif [ $count -ge 13 ] ; then + hilite="${yellow}" + else + hilite="${green}" + fi + ;; + "4" ) + # /8 + if [ $count -ge 49 ] ; then + hilite="${red}" + elif [ $count -ge 21 ] ; then + hilite="${yellow}" + else + hilite="${green}" + fi + ;; + * ) + # ??? + hilite="" + ;; + esac +} + +function processFile () { + local file="${1}" + local line='' + local count=0 + local addr='' + local banaction='' + local nline=1 + while IFS= read -r -u3 line ; do + line="$(echo "${line}" | tr -s '[:blank:]')" + count="$(echo "${line}" | cut -d' ' -f2)" + addr="$(echo "${line}" | cut -d' ' -f3-)${ext}" + setHilite "${count}" + whois "${addr}" + echo -en "Address ${bold}$((nline++)) of ${nlines}${reset}: Found '${blue}${addr}${reset}' ${hilite}${count}${reset} times. Ban [y/N/q]? " + read banaction + case "${banaction}" in + "q" | "Q" ) echo "Aborting." ; return ;; + "y" | "Y" ) echo -e "Adding '${blue}${addr}${reset}' to banlist."; echo "${addr}" >> "${banlist}" ;; + "n" | "N" | * ) echo -e "Not banning '${blue}${addr}${reset}'." ;; + esac + done 3< "${file}" + echo "Processed all entries." +} + +processFile "${file}" + +echo "These are the addresses to be banned:" +cat "${banlist}" + +while read -r addr ; do + echo "Banning ${addr} ..." + sudo fail2ban-client set apache-badbots banip "${addr}" +done < "${banlist}"