En script som laver en Routeros ip4v whitelist udfra fra Microsoft's xml
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$o365Ips = "https://support.content.office.net/en-us/static/O365IPAddresses.xml"
$output = "$PSScriptRoot\O365IPAddresses.xml"
$RosFirewallAddresslist = "/ip firewall address-list"
$RosAddList = "add list=Whitelist_O365 address="
$RosComment = " comment=O365_"
$RosScriptOutput = "c:\temp\o365Ros.rsc"
$RosFirewallAddresslist | out-file $RosScriptOutput -Encoding unicode -Force
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($o365Ips, $output)
[xml]$o365Data = Get-Content $output
$o365 = @()
foreach($product in $o365Data.products.product)
{
write-host $product.name
foreach ($address in $product.addresslist)
{
if ($address.type -eq "IPv4")
{
if ($address.address)
{
$ourObject = New-Object -TypeName psobject
$ourObject | Add-Member -MemberType NoteProperty -Name Product -Value $product.name
$ourObject | Add-Member -MemberType NoteProperty -Name AddressesType -Value $address.type
$ourObject | Add-Member -MemberType NoteProperty -Name IPaddresses -Value $address.address
}
}
elseif($address.type -eq "IPv6")
{
# Write-host $address.address
}
elseif($address.type -eq "URL")
{
# Write-host $address.address
}
}
$o365 += $ourObject
$ourObject = $null
}
$o365
$o365 | foreach { $Prod = $_.Product ; $ips = $_.IPaddresses ; $Prod + " : " + $ips.Count ; `
foreach ($ip in $ips){ $RosAddList + $ip + $RosComment + $Prod | out-file $RosScriptOutput -Encoding unicode -Append }; `
` }
#Write-host "test "
get-content $RosScriptOutput
En powershell script som bygger en blocklist udfra nogle at de Data som Sans stiller til rådighed.
## makes powershell use TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$blacklist = "https://isc.sans.edu/api/threatlist/shodan?json"
$Webdata = Invoke-WebRequest $blacklist -UserAgent "This email address is being protected from spambots. You need JavaScript enabled to view it.]"
$data = $Webdata | ConvertFrom-Json
#$data.ipv4.Count
#Start-Sleep -Seconds 100
$RosFirewallAddresslist = "/ip firewall address-list"
$RosAddList = "add list=blacklist address="
$RosComment = " comment=Sans_shodan"
$RosScriptOutput = "c:\temp\Sans_shodan.rsc"
$RosFirewallAddresslist | out-file $RosScriptOutput -Encoding unicode -Force
## https://chrisjwarwick.wordpress.com/2012/09/16/more-regular-expressions-regex-for-ip-v4-addresses/
Function ExtractValidIPAddress($String){
$IPregex=‘(?<Address>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))’
If ($String -Match $IPregex) {$Matches.Address}
}
foreach( $line in $data.ipv4 )
{
if ($line -and (ExtractValidIPAddress($line) )) {
$RosAddList + $line + $RosComment | out-file $RosScriptOutput -Encoding unicode -Append
}
}
#Get-Content $RosScriptOutput
Lidt powershell som danner en RSC file til mikrotik enheder, der kan bruges til blocklists
## makes powershell use TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$blacklist = "http://malc0de.com/bl/IP_Blacklist.txt"
$data = Invoke-WebRequest $blacklist
$RosFirewallAddresslist = "/ip firewall address-list"
$RosAddList = "add list=blacklist address="
$RosComment = " comment=Malcode"
$RosScriptOutput = "c:\temp\Malcode.rsc"
$RosFirewallAddresslist | out-file $RosScriptOutput -Encoding unicode -Force
## https://chrisjwarwick.wordpress.com/2012/09/16/more-regular-expressions-regex-for-ip-v4-addresses/
Function ExtractValidIPAddress($String){
$IPregex=‘(?<Address>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))’
If ($String -Match $IPregex) {$Matches.Address}
}
foreach( $line in $data.RawContent.Split("") )
{
if ($line -and (ExtractValidIPAddress($line) )) {
$RosAddList + $line + $RosComment | out-file $RosScriptOutput -Encoding unicode -Append
}
}
#Get-Content $RosScriptOutput
Et Powershell script som danner en RSC output file til brug på mikrotik enheder.
## makes powershell use TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$blacklist = "https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt"
$data = Invoke-WebRequest $blacklist
$RosFirewallAddresslist = "/ip firewall address-list"
$RosAddList = "add list=blacklist address="
$RosComment = " comment=RansomwareTracker"
$RosScriptOutput = "c:\temp\RansomwareTracker.rsc"
$RosFirewallAddresslist | out-file $RosScriptOutput -Encoding unicode -Force
## https://chrisjwarwick.wordpress.com/2012/09/16/more-regular-expressions-regex-for-ip-v4-addresses/
Function ExtractValidIPAddress($String){
$IPregex=‘(?<Address>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))’
If ($String -Match $IPregex) {$Matches.Address}
}
foreach( $line in $data.RawContent.Split("") )
{
if ($line -and (ExtractValidIPAddress($line) )) {
$RosAddList + $line + $RosComment | out-file $RosScriptOutput -Encoding unicode -Append
}
}
#Get-Content $RosScriptOutput
Et Lille powershell script som danner en mikrotik / routeros RSC script file, der kan bruges til at opdateret en addresse liste.
## senderbase.org / talsos
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$blacklist = "https://talosintelligence.com/documents/ip-blacklist"
$data = Invoke-WebRequest $blacklist
$RosFirewallAddresslist = "/ip firewall address-list"
$RosAddList = "add list=blacklist address="
$RosComment = " comment=Talos"
$RosScriptOutput = "c:\temp\Talos.rsc"
$RosFirewallAddresslist | out-file $RosScriptOutput -Encoding unicode -Force
## https://chrisjwarwick.wordpress.com/2012/09/16/more-regular-expressions-regex-for-ip-v4-addresses/
Function ExtractValidIPAddress($String){
$IPregex=‘(?<Address>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))’
If ($String -Match $IPregex) {$Matches.Address}
}
foreach( $line in $data.RawContent.Split("") )
{
if ($line -and (ExtractValidIPAddress($line) )) {
$RosAddList + $line + $RosComment | out-file $RosScriptOutput -Encoding unicode -Append
}
}
#Get-Content $RosScriptOutput
Page 1 of 3