๐งฑ Blocklist โบ Generate #778
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # # | |
| # @usage https://github.com/ConfigServer-Software/service-blocklists | |
| # @type github workflow | |
| # @updated 09.28.25 | |
| # @usage generates a list of ipsets which can then be used within host files, config server firewall, and various other apps | |
| # | |
| # | |
| # @secrets secrets.SELF_TOKEN self github personal access token (fine-grained) | |
| # secrets.SELF_TOKEN_CL self github personal access token (classic) | |
| # secrets.NPM_TOKEN self npmjs access token | |
| # secrets.PYPI_API_TOKEN self Pypi API token (production site) - https://pypi.org/ | |
| # secrets.PYPI_API_TEST_TOKEN self Pypi API token (test site) - https://test.pypi.org/ | |
| # secrets.SELF_DOCKERHUB_TOKEN self Dockerhub token | |
| # secrets.CODECOV_TOKEN codecov upload token for nodejs projects | |
| # secrets.API_GEOLITE2_KEY maxmind API token | |
| # secrets.CF_ACCOUNT_ID cloudflare account id | |
| # secrets.CF_ACCOUNT_TOKEN cloudflare account token | |
| # secrets.ARTIFACTS_DOMAIN github artifacts domain name | |
| # secrets.ARTIFACTS_PORT github artifacts port | |
| # secrets.ARTIFACTS_GITHUB_SSH_PRIVATE_KEY github artifacts server ssh private key | |
| # secrets.ORG_TOKEN org github personal access token (fine-grained) | |
| # secrets.ORG_TOKEN_CL org github personal access token (classic) | |
| # secrets.ORG_DOCKERHUB_TOKEN org dockerhub secret | |
| # secrets.ORG_GITEA_TOKEN org gitea personal access token (classic) with package:write permission | |
| # secrets.BOT_GPG_KEY_ASC bot gpg private key (armored) | BEGIN PGP PRIVATE KEY BLOCK | |
| # secrets.BOT_GPG_KEY_B64 bot gpg private key (binary) converted to base64 | |
| # secrets.BOT_GPG_PASSPHRASE bot gpg private key passphrase | |
| # secrets.DISCORD_WEBHOOK_CHAN_GITHUB_RELEASES discord webhook to report release notifications from github to discord | |
| # secrets.DISCORD_WEBHOOK_CHAN_GITHUB_WORKFLOWS discord webhook to report workflow notifications from github to discord | |
| # secrets.DISCORD_WEBHOOK_CHAN_GITHUB_UPDATES discord webhook to report activity notifications from github to discord | |
| # | |
| # @local these workflows can be tested locally through the use of `act` | |
| # https://github.com/nektos/act | |
| # Extract act to folder | |
| # Add system env var with path to act.exe | |
| # Run the commands: | |
| # git pull https://github.com/username/repo | |
| # act -W .github/workflows/blocklist-generate.yml -P ubuntu-latest=catthehacker/ubuntu:full-22.04 | |
| # act -W .github/workflows/blocklist-generate.yml -s TOKEN_CL=XXXXXXXXXX --pull=false | |
| # | |
| # ๐ bl-master.sh generate master ipset | URLs: VARARG | |
| # ๐ bl-plain.sh generate ipset from online plain-text url / page | URLs: VARARG | |
| # ๐ bl-json.sh generate ipset from json formatted web url. requires url and jq query | URLs: SINGLE | |
| # ๐ bl-htmlip.sh generate ipset by fetching HTML in web url, pulls only ips with grep rule (cant be changed) | URLs: SINGLE | |
| # ๐ bl-html.sh generate ipset by fetching HTML in web url, does not run its own grep, must be specified in command | URLs: VARARG | |
| # ๐ bl-block.sh generate ipset by fetching locally specified file in /blocks/ repo folder | |
| # ๐ bl-format.sh generate ipset by from an existing list of IPs. does not generate ips itself. only validates a list provided | |
| # ๐ bl-spf.sh generate ipset by fetching _spf ips from domain | |
| # | |
| # local test requires the same structure as the github workflow | |
| # ๐ .github | |
| # ๐ blocks | |
| # ๐ bruteforce | |
| # ๐ 01.ipset | |
| # ๐ privacy | |
| # ๐ 01.ipset | |
| # ๐ scripts | |
| # ๐ bl-master.sh | |
| # ๐ bl-plain.sh | |
| # ๐ bl-json.sh | |
| # ๐ bl-htmlip.sh | |
| # ๐ bl-html.sh | |
| # ๐ bl-block.sh | |
| # ๐ bl-format.sh | |
| # ๐ bl-spf.sh | |
| # ๐ workflows | |
| # ๐ blocklist-generate.yml | |
| # # | |
| name: '๐งฑ Blocklist โบ Generate' | |
| run-name: '๐งฑ Blocklist โบ Generate' | |
| # # | |
| # triggers | |
| # # | |
| on: | |
| # # | |
| # Trigger โบ Workflow Dispatch | |
| # # | |
| workflow_dispatch: | |
| inputs: | |
| RUN_MODE: | |
| description: '๐งญ Run Mode' | |
| required: true | |
| default: core_only | |
| type: choice | |
| options: | |
| - core_only | |
| - daily_only | |
| - weekly_only | |
| - biweekly_only | |
| # # | |
| # Trigger โบ Cron Schedule | |
| # # | |
| schedule: | |
| # Every 4th hour of the day (00:00, 04:00, 08:00, 12:00, 16:00, 20:00) | |
| - cron: '0 */4 * * *' | |
| # Once per day (01:15 AM) | |
| - cron: '15 1 * * *' | |
| # Every week (00:00 on Sunday) | |
| - cron: '0 0 * * 0' | |
| # Biweekly at midnight (every 14 days) | |
| - cron: '0 0 */14 * *' | |
| # # | |
| # concurrency | |
| # # | |
| concurrency: | |
| group: blocklist-generate-${{ github.ref }} | |
| cancel-in-progress: false | |
| # # | |
| # environment variables | |
| # # | |
| env: | |
| ASSIGN_USER: Aetherinox | |
| BOT_NAME_1: BinaryServ | |
| BOT_NAME_DEPENDABOT: dependabot[bot] | |
| BOT_NAME_RENOVATE: renovate[bot] | |
| GPG_KEY_BASE64: ${{ secrets.ADMINSERV_GPG_KEY_B64 }} | |
| GPG_KEY_PASSPHRASE: ${{ secrets.ADMINSERV_GPG_PASSPHRASE }} | |
| # # | |
| # jobs | |
| # # | |
| jobs: | |
| # # | |
| # Job โบ Setup | |
| # # | |
| blocklist-setup: | |
| name: >- | |
| ๐ฆ Setup | |
| runs-on: ubuntu-latest | |
| # runs-on: apollo-x64 | |
| timeout-minutes: 120 | |
| steps: | |
| # # | |
| # Job โบ Checkout | |
| # # | |
| - name: >- | |
| โ๏ธ Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| # # | |
| # Job โบ Job Information | |
| # # | |
| - name: >- | |
| ๐ Load Job | |
| uses: qoomon/actions--context@v5 | |
| id: 'context' | |
| # # | |
| # Job โบ Start | |
| # # | |
| - name: >- | |
| โ Start | |
| run: | | |
| echo "โ" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo " Starting Job ${{ steps.context.outputs.job_name }}" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| YEAR="$(date +'%Y')" | |
| echo "YEAR=${YEAR}" >> $GITHUB_ENV | |
| NOW="$(date +'%m-%d-%Y %H:%M:%S')" # 02-25-2025 12:49:48 | |
| echo "NOW=${NOW}" >> $GITHUB_ENV | |
| NOW_SHORT="$(date +'%m-%d-%Y')" # 02-25-2025 | |
| echo "NOW_SHORT=${NOW_SHORT}" >> $GITHUB_ENV | |
| NOW_LONG="$(date +'%m-%d-%Y %H:%M')" # 02-25-2025 12:49 | |
| echo "NOW_LONG=${NOW_LONG}" >> $GITHUB_ENV | |
| NOW_DOCKER="$(date +'%Y%m%d')" # 20250225 | |
| echo "NOW_DOCKER=${NOW_DOCKER}" >> $GITHUB_ENV | |
| NOW_DOCKER_TS="$(date -u +'%FT%T.%3NZ')" # 2025-02-25T12:50:11.569Z | |
| echo "NOW_DOCKER_TS=${NOW_DOCKER_TS}" >> $GITHUB_ENV | |
| SHA1="$(git rev-parse HEAD)" # 71fad013cfce9116ec62779e4a7e627fe4c33627 | |
| echo "SHA1=${SHA1}" >> $GITHUB_ENV | |
| SHA1_GH="$(echo ${GITHUB_SHA})" # 71fad013cfce9116ec62779e4a7e627fe4c33627 | |
| echo "SHA1_GH=${SHA1_GH}" >> $GITHUB_ENV | |
| PKG_VER_1DIGIT="$(echo ${{ env.IMAGE_VERSION }} | cut -d '.' -f1-1)" # 15.52.35 > 15 | |
| echo "PKG_VER_1DIGIT=${PKG_VER_1DIGIT}" >> $GITHUB_ENV | |
| PKG_VER_2DIGIT="$(echo ${{ env.IMAGE_VERSION }} | cut -d '.' -f1-2)" # 15.52.35 > 15.52 | |
| echo "PKG_VER_2DIGIT=${PKG_VER_2DIGIT}" >> $GITHUB_ENV | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo "โ" | |
| echo "โ" | |
| sudo apt -qq update | |
| sudo apt -qq install tree | |
| echo "โ" | |
| echo "โ" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo "โ" | |
| echo "โ" | |
| echo " Runner .............. ${{ runner.name }}" | |
| echo " Workflow ............ ${{ github.workflow }} (#${{ github.workflow_ref }})" | |
| echo " Run Number .......... ${{ github.run_number }}" | |
| echo " Ref ................. ${{ github.ref }}" | |
| echo " Ref Name ............ ${{ github.ref_name }}" | |
| echo " Event Name .......... ${{ github.event_name }}" | |
| echo " Repo ................ ${{ github.repository }}" | |
| echo " Repo Owner .......... ${{ github.repository_owner }}" | |
| echo " Run ID .............. https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| echo " Triggered By ........ ${{ github.actor }}" | |
| echo " SHA 1 (GITHUB_SHA) .. ${GITHUB_SHA}" | |
| echo " SHA 2 (github.sha) .. ${{ github.sha }}" | |
| echo " SHA 3 (env.SHA1) .... ${SHA1}" | |
| echo " SHA 4 (env.SHA1_GH) . ${SHA1_GH}" | |
| echo " Workspace ........... ${{ github.workspace }}" | |
| echo " PWD ................. ${PWD}" | |
| echo " Job Name ............ ${{ steps.context.outputs.job_name }}" | |
| echo " Job ID .............. ${{ steps.context.outputs.job_id }}" | |
| echo " Job URL ............. ${{ steps.context.outputs.job_url }}" | |
| echo " Run ID .............. ${{ steps.context.outputs.run_id }}" | |
| echo " Run Attempt ......... ${{ steps.context.outputs.run_attempt }}" | |
| echo " Run Number .......... ${{ steps.context.outputs.run_number }}" | |
| echo " Run URL ............. ${{ steps.context.outputs.run_url }}" | |
| echo " Run Env ............. ${{ steps.context.outputs.environment }}" | |
| echo " Run Env URL ......... ${{ steps.context.outputs.environment_url }}" | |
| echo " Run Deployment ...... ${{ steps.context.outputs.deployment_id }}" | |
| echo " Run Deployment URL .. ${{ steps.context.outputs.deployment_url }}" | |
| echo " Run Deployment ...... ${{ steps.context.outputs.deployment_id }}" | |
| echo " Run Runner Name ..... ${{ steps.context.outputs.runner_name }}" | |
| echo " Run Runner ID ....... ${{ steps.context.outputs.runner_id }}" | |
| echo " Year ................ ${YEAR}" | |
| echo " Now ................. ${NOW}" | |
| echo " Now (Short) ......... ${NOW_SHORT}" | |
| echo " Now (Long) .......... ${NOW_LONG}" | |
| echo " Now (Docker) ........ ${NOW_DOCKER}" | |
| echo " Now (Docker TS) ..... ${NOW_DOCKER_TS}" | |
| echo "โ" | |
| echo "โ" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo "โ" | |
| echo "โ" | |
| tree -I node_modules -I .git -I ./ | |
| echo "โ" | |
| echo "โ" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo "โ" | |
| echo "โ" | |
| # # | |
| # Generate โบ Install Packages | |
| # # | |
| - name: "๐งฑ Install Packages" | |
| run: | | |
| sudo apt-get install -y ipcalc ed html2text whois uuid-runtime autoconf | |
| # # | |
| # Generate โบ Cache Packages | |
| # # | |
| - name: "๐งฑ Cache Packages" | |
| uses: awalsh128/cache-apt-pkgs-action@latest | |
| with: | |
| packages: ipcalc ed html2text whois uuid-runtime | |
| version: 1.0 | |
| # # | |
| # Job โบ Blocklist โบ Master | |
| # # | |
| blocklist-generate: | |
| name: >- | |
| ๐ Generate โบ Blocklist | |
| runs-on: ubuntu-latest | |
| # runs-on: apollo-x64 | |
| timeout-minutes: 120 | |
| needs: [ blocklist-setup ] | |
| outputs: | |
| artifact-name: ${{ steps.generate_artifact_zip.outputs.artifact-name }} | |
| artifact-path: ${{ steps.generate_artifact_zip.outputs.artifact-path }} | |
| steps: | |
| # # | |
| # Generate โบ Checkout | |
| # # | |
| - name: >- | |
| โ๏ธ Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| # # | |
| # Generate โบ Job Information | |
| # # | |
| - name: >- | |
| ๐ Load Job | |
| uses: qoomon/actions--context@v4 | |
| id: 'context' | |
| # # | |
| # Generate โบ Start | |
| # # | |
| - name: >- | |
| โ Start | |
| run: | | |
| echo "โ" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo " Starting Job ${{ steps.context.outputs.job_name }}" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| YEAR="$(date +'%Y')" | |
| echo "YEAR=${YEAR}" >> $GITHUB_ENV | |
| NOW="$(date +'%m-%d-%Y %H:%M:%S')" # 02-25-2025 12:49:48 | |
| echo "NOW=${NOW}" >> $GITHUB_ENV | |
| NOW_SHORT="$(date +'%m-%d-%Y')" # 02-25-2025 | |
| echo "NOW_SHORT=${NOW_SHORT}" >> $GITHUB_ENV | |
| NOW_LONG="$(date +'%m-%d-%Y %H:%M')" # 02-25-2025 12:49 | |
| echo "NOW_LONG=${NOW_LONG}" >> $GITHUB_ENV | |
| NOW_DOCKER="$(date +'%Y%m%d')" # 20250225 | |
| echo "NOW_DOCKER=${NOW_DOCKER}" >> $GITHUB_ENV | |
| NOW_DOCKER_TS="$(date -u +'%FT%T.%3NZ')" # 2025-02-25T12:50:11.569Z | |
| echo "NOW_DOCKER_TS=${NOW_DOCKER_TS}" >> $GITHUB_ENV | |
| SHA1="$(git rev-parse HEAD)" # 71fad013cfce9116ec62779e4a7e627fe4c33627 | |
| echo "SHA1=${SHA1}" >> $GITHUB_ENV | |
| SHA1_GH="$(echo ${GITHUB_SHA})" # 71fad013cfce9116ec62779e4a7e627fe4c33627 | |
| echo "SHA1_GH=${SHA1_GH}" >> $GITHUB_ENV | |
| PKG_VER_1DIGIT="$(echo ${{ env.IMAGE_VERSION }} | cut -d '.' -f1-1)" # 15.52.35 > 15 | |
| echo "PKG_VER_1DIGIT=${PKG_VER_1DIGIT}" >> $GITHUB_ENV | |
| PKG_VER_2DIGIT="$(echo ${{ env.IMAGE_VERSION }} | cut -d '.' -f1-2)" # 15.52.35 > 15.52 | |
| echo "PKG_VER_2DIGIT=${PKG_VER_2DIGIT}" >> $GITHUB_ENV | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo "โ" | |
| echo "โ" | |
| sudo apt -qq update | |
| sudo apt -qq install tree | |
| echo "โ" | |
| echo "โ" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo "โ" | |
| echo "โ" | |
| echo " Runner .............. ${{ runner.name }}" | |
| echo " Workflow ............ ${{ github.workflow }} (#${{ github.workflow_ref }})" | |
| echo " Run Number .......... ${{ github.run_number }}" | |
| echo " Ref ................. ${{ github.ref }}" | |
| echo " Ref Name ............ ${{ github.ref_name }}" | |
| echo " Event Name .......... ${{ github.event_name }}" | |
| echo " Repo ................ ${{ github.repository }}" | |
| echo " Repo Owner .......... ${{ github.repository_owner }}" | |
| echo " Run ID .............. https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| echo " Triggered By ........ ${{ github.actor }}" | |
| echo " SHA 1 (GITHUB_SHA) .. ${GITHUB_SHA}" | |
| echo " SHA 2 (github.sha) .. ${{ github.sha }}" | |
| echo " SHA 3 (env.SHA1) .... ${SHA1}" | |
| echo " SHA 4 (env.SHA1_GH) . ${SHA1_GH}" | |
| echo " Workspace ........... ${{ github.workspace }}" | |
| echo " PWD ................. ${PWD}" | |
| echo " Job Name ............ ${{ steps.context.outputs.job_name }}" | |
| echo " Job ID .............. ${{ steps.context.outputs.job_id }}" | |
| echo " Job URL ............. ${{ steps.context.outputs.job_url }}" | |
| echo " Run ID .............. ${{ steps.context.outputs.run_id }}" | |
| echo " Run Attempt ......... ${{ steps.context.outputs.run_attempt }}" | |
| echo " Run Number .......... ${{ steps.context.outputs.run_number }}" | |
| echo " Run URL ............. ${{ steps.context.outputs.run_url }}" | |
| echo " Run Env ............. ${{ steps.context.outputs.environment }}" | |
| echo " Run Env URL ......... ${{ steps.context.outputs.environment_url }}" | |
| echo " Run Deployment ...... ${{ steps.context.outputs.deployment_id }}" | |
| echo " Run Deployment URL .. ${{ steps.context.outputs.deployment_url }}" | |
| echo " Run Deployment ...... ${{ steps.context.outputs.deployment_id }}" | |
| echo " Run Runner Name ..... ${{ steps.context.outputs.runner_name }}" | |
| echo " Run Runner ID ....... ${{ steps.context.outputs.runner_id }}" | |
| echo " Year ................ ${YEAR}" | |
| echo " Now ................. ${NOW}" | |
| echo " Now (Short) ......... ${NOW_SHORT}" | |
| echo " Now (Long) .......... ${NOW_LONG}" | |
| echo " Now (Docker) ........ ${NOW_DOCKER}" | |
| echo " Now (Docker TS) ..... ${NOW_DOCKER_TS}" | |
| echo "โ" | |
| echo "โ" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo "โ" | |
| echo "โ" | |
| tree -I node_modules -I .git -I ./ | |
| echo "โ" | |
| echo "โ" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo "โ" | |
| echo "โ" | |
| # # | |
| # Generate โบ Install Packages | |
| # # | |
| - name: "๐งฑ Install Packages" | |
| run: | | |
| sudo apt-get install -y ipcalc ed html2text whois uuid-runtime autoconf | |
| # # | |
| # Generate โบ Cache Packages | |
| # # | |
| - name: '๐งฑ Cache Packages' | |
| uses: awalsh128/cache-apt-pkgs-action@latest | |
| with: | |
| packages: ipcalc ed html2text whois uuid-runtime | |
| version: 1.0 | |
| # # | |
| # Generate โบ Check Day by building date key | |
| # # | |
| - name: 'Build day key' | |
| id: task_blocklist_generate_date_key | |
| shell: bash | |
| run: | | |
| echo "day=$(date -u +'%Y-%m-%d')" >> "$GITHUB_OUTPUT" | |
| # # | |
| # Generate โบ Resolve Run Mode | |
| # # | |
| - name: 'Resolve run mode' | |
| id: task_blocklist_generate_run_mode | |
| run: | | |
| run_core="false" | |
| run_daily="false" | |
| run_weekly="false" | |
| run_biweekly="false" | |
| force_daily="false" | |
| if [ "${{ github.event_name }}" = "schedule" ]; then | |
| if [ "${{ github.event.schedule }}" = "0 */4 * * *" ]; then | |
| run_core="true" | |
| elif [ "${{ github.event.schedule }}" = "15 1 * * *" ]; then | |
| run_daily="true" | |
| elif [ "${{ github.event.schedule }}" = "0 0 * * 0" ]; then | |
| run_weekly="true" | |
| elif [ "${{ github.event.schedule }}" = "0 0 */14 * *" ]; then | |
| run_biweekly="true" | |
| fi | |
| elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| if [ "${{ inputs.RUN_MODE }}" = "core_only" ]; then | |
| run_core="true" | |
| elif [ "${{ inputs.RUN_MODE }}" = "daily_only" ]; then | |
| run_daily="true" | |
| force_daily="true" | |
| elif [ "${{ inputs.RUN_MODE }}" = "weekly_only" ]; then | |
| run_weekly="true" | |
| elif [ "${{ inputs.RUN_MODE }}" = "biweekly_only" ]; then | |
| run_biweekly="true" | |
| fi | |
| fi | |
| echo "run_core=${run_core}" >> "$GITHUB_OUTPUT" | |
| echo "run_daily=${run_daily}" >> "$GITHUB_OUTPUT" | |
| echo "run_weekly=${run_weekly}" >> "$GITHUB_OUTPUT" | |
| echo "run_biweekly=${run_biweekly}" >> "$GITHUB_OUTPUT" | |
| echo "force_daily=${force_daily}" >> "$GITHUB_OUTPUT" | |
| # # | |
| # Generate โบ Configure | |
| # | |
| # this step installs packages we need to manage ipsets. | |
| # - iprange | |
| # this package allows us to convert ip ranges into a CIDR formatted ip | |
| # 10.10.0.1-10.10.0.9 => 10.10.0.1 | |
| # 10.10.0.2/31 | |
| # 10.10.0.4/30 | |
| # 10.10.0.8/31 | |
| # https://github.com/firehol/iprange | |
| # # | |
| - name: 'โ๏ธ Configure' | |
| id: task_blocklist_generate_configure | |
| run: | | |
| git clone https://github.com/firehol/iprange.git ./.temp/iprange | |
| cd .temp/iprange | |
| ./autogen.sh | |
| ./configure --disable-man | |
| sudo make && make install | |
| # # | |
| # Release โบ Dockerhub โบ Install Dependencies | |
| # # | |
| - name: '๐ฆ Install Dependencies' | |
| run: | |
| sudo apt-get install -qq dos2unix | |
| # # | |
| # Release โบ Dockerhub โบ Execute dos2unix | |
| # # | |
| - name: '๐ Apply dos2unix' | |
| run: | | |
| echo "โ ๏ธโ ๏ธโ ๏ธ Running DOS2UNIX โ ๏ธโ ๏ธโ ๏ธ" | |
| find .github/scripts -type f -name "*.sh" -print0 | xargs -0 dos2unix -- | |
| echo "โ โ โ Completed DOS2UNIX โ โ โ " | |
| # # | |
| # Generate โบ Set Template Permissions | |
| # # | |
| - name: "โ๏ธ Set Permissions" | |
| id: task_blocklist_generate_perms | |
| run: | | |
| echo "๐ง Setting executable permissions for scripts" | |
| num_success=0 | |
| num_failure=0 | |
| for f in .github/scripts/*.sh; do | |
| echo "Setting executable permission on ${f}" | |
| chmod 755 "${f}" | |
| if [ -x "${f}" ]; then | |
| echo " โ ${f} is executable" | |
| num_success=$((num_success + 1)) | |
| else | |
| echo "::error file=${f},line=1,title=Permission Failed::Failed to set executable bit" | |
| num_failure=$((num_failure + 1)) | |
| fi | |
| echo "" | |
| done | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo "โ ${num_success} successfully verified" | |
| echo "โ ${num_failure} failed" | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| if [ "${num_failure}" -gt 0 ]; then | |
| exit 1 | |
| fi | |
| echo "๐ All script permissions verified" | |
| # # | |
| # Generate โบ Set Env Variables | |
| # # | |
| - name: "๐ฆ Set Env Variables" | |
| id: task_commit_pre | |
| run: | | |
| useragent="${{ vars.BL_GENERAL_USERAGENT }}" | |
| echo "USERAGENT=$(echo $useragent)" >> $GITHUB_ENV | |
| # # | |
| # Generate โบ Master | |
| # # | |
| - name: "๐งฑ Generate โบ Main" | |
| id: task_blocklist_generate_master | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_core == 'true' | |
| run: | | |
| # # | |
| # Main โบ Master | |
| # # | |
| ./.github/scripts/bl-master.sh blocklists/master.ipset ${{ secrets.API_01_FILE_01 }} ${{ secrets.API_01_FILE_02 }} ${{ secrets.API_01_FILE_03 }} ${{ secrets.API_01_FILE_04 }} ${{ secrets.API_01_FILE_05 }} ${{ secrets.API_01_FILE_06 }} ${{ secrets.API_01_FILE_07 }} ${{ secrets.API_01_FILE_08 }} ${{ secrets.API_01_FILE_09 }} | |
| # # | |
| # Main โบ Highrisk | |
| # # | |
| HIGHRISK_URL=$( CFG_STDOUT=true ./.github/scripts/bl-htmlip.sh _highrisk_null.ipset "${{ vars.BL_MAIN_HIGHRISK_L1 }}" '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' ) | |
| HIGHRISK_LOCAL=$( CFG_STDOUT=true ./.github/scripts/bl-block.sh blocklists/highrisk.ipset highrisk ) | |
| HIGHRISK_LIST=$( echo -e "${HIGHRISK_URL}\n${HIGHRISK_LOCAL}" | sort -u ) | |
| echo "$HIGHRISK_LIST" | ./.github/scripts/bl-format.sh blocklists/highrisk.ipset | |
| # # | |
| # Main โบ TOR Exit Nodes | |
| # | |
| # @ref https://check.torproject.org/exit-addresses | |
| # curl -sSL "${{ vars.BL_TOR_EXITNODES }}" \ | |
| # | grep '^ExitAddress' \ | |
| # | awk '{print $2}' \ | |
| # https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1 | |
| # # | |
| curl -sSL "${{ vars.BL_TOR_EXITNODES_BARE }}" \ | |
| | sort -u \ | |
| | .github/scripts/bl-format.sh blocklists/tor_exitnodes.ipset | |
| # # | |
| # Generate โบ Threats | |
| # # | |
| - name: "๐งฑ Generate โบ Threats" | |
| id: task_blocklist_generate_threats | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_core == 'true' | |
| env: | |
| BL_THREATS_API_URL: ${{ secrets.BL_THREATS_API_URL }} | |
| BL_THREATS_API_ID_NAME: ${{ secrets.BL_THREATS_API_ID_NAME }} | |
| BL_THREATS_API_ID_VALUE: ${{ secrets.BL_THREATS_API_ID_VALUE }} | |
| BL_THREATS_API_KEY_NAME: ${{ secrets.BL_THREATS_API_KEY_NAME }} | |
| BL_THREATS_API_KEY_VALUE: ${{ secrets.BL_THREATS_API_KEY_VALUE }} | |
| username: github | |
| port: ${{ secrets.ARTIFACTS_PORT }} | |
| domain: ${{ secrets.ARTIFACTS_DOMAIN }} | |
| sshkey: ${{ secrets.ARTIFACTS_GITHUB_SSH_PRIVATE_KEY }} | |
| run: | | |
| # Setup SSH | |
| mkdir -p ~/.ssh | |
| echo "$sshkey" > "$HOME/.ssh/github_sftp_key" | |
| chmod 600 "$HOME/.ssh/github_sftp_key" | |
| # # | |
| # Threats โบ Attackers โบ All | |
| # # | |
| # # | |
| # Threats โบ Attackers โบ All (1d) | |
| # # | |
| ALL_LIST_API=$( | |
| curl --location "${BL_THREATS_API_URL}/SSH" \ | |
| --header "$BL_THREATS_API_ID_NAME: $BL_THREATS_API_ID_VALUE" \ | |
| --header "$BL_THREATS_API_KEY_NAME: $BL_THREATS_API_KEY_VALUE" \ | |
| | jq -r '.[].remote_host' | |
| ) | |
| ALL_LIST_LOCAL=$( | |
| ssh -p "$port" \ | |
| -i "$HOME/.ssh/github_sftp_key" \ | |
| -o StrictHostKeyChecking=no \ | |
| "$username@$domain" \ | |
| "cat /files/honeypots/ssh.json" \ | |
| | jq -r '.src_ip // empty' | |
| ) | |
| ALL_LIST=$( | |
| echo -e "${ALL_LIST_API}\n${ALL_LIST_LOCAL}" | sort -u | |
| ) | |
| echo "$ALL_LIST" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/all_1d.ipset | |
| # # | |
| # Threats โบ Attackers โบ All (365d) | |
| # # | |
| ALL_LIST_LIFETIME=$( | |
| { | |
| grep -vE '^\s*(#|$)' blocklists/threats/all_365d.ipset 2>/dev/null || true | |
| echo "$ALL_LIST" | |
| } | awk '!seen[$1]++ { print $1 }' | |
| ) | |
| echo "$ALL_LIST_LIFETIME" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/all_365d.ipset | |
| # # | |
| # Threats โบ Attackers โบ SSH | |
| # # | |
| # # | |
| # Threats โบ Attackers โบ SSH (1d) | |
| # # | |
| SSH_LIST_API=$( | |
| curl --location "${BL_THREATS_API_URL}/SSH" \ | |
| --header "$BL_THREATS_API_ID_NAME: $BL_THREATS_API_ID_VALUE" \ | |
| --header "$BL_THREATS_API_KEY_NAME: $BL_THREATS_API_KEY_VALUE" \ | |
| | jq -r '.[].remote_host' | |
| ) | |
| SSH_LIST_LOCAL=$( | |
| ssh -p "$port" \ | |
| -i "$HOME/.ssh/github_sftp_key" \ | |
| -o StrictHostKeyChecking=no \ | |
| "$username@$domain" \ | |
| "cat /files/honeypots/ssh.json" \ | |
| | jq -r '.src_ip // empty' | |
| ) | |
| SSH_LIST=$( | |
| echo -e "${SSH_LIST_API}\n${SSH_LIST_LOCAL}" | sort -u | |
| ) | |
| echo "$SSH_LIST" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/ssh_1d.ipset | |
| # # | |
| # Threats โบ Attackers โบ SSH (365d) | |
| # # | |
| SSH_LIST_LIFETIME=$( | |
| { | |
| grep -vE '^\s*(#|$)' blocklists/threats/ssh_365d.ipset 2>/dev/null || true | |
| echo "$SSH_LIST" | |
| } | awk '!seen[$1]++ { print $1 }' | |
| ) | |
| echo "$SSH_LIST_LIFETIME" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/ssh_365d.ipset | |
| # # | |
| # Threats โบ Attackers โบ VNC | |
| # # | |
| # # | |
| # Threats โบ Attackers โบ VNC (1d) | |
| # # | |
| VNC_LIST=$( | |
| curl --location "${BL_THREATS_API_URL}/VNC" \ | |
| --header "$BL_THREATS_API_ID_NAME: $BL_THREATS_API_ID_VALUE" \ | |
| --header "$BL_THREATS_API_KEY_NAME: $BL_THREATS_API_KEY_VALUE" \ | |
| | jq -r '.[].remote_host' \ | |
| | sort -u | |
| ) | |
| echo "$VNC_LIST" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/vnc_1d.ipset | |
| # # | |
| # Threats โบ Attackers โบ VNC (365d) | |
| # # | |
| VNC_LIST_LIFETIME=$( | |
| { | |
| grep -vE '^\s*(#|$)' blocklists/threats/vnc_365d.ipset 2>/dev/null || true | |
| echo "$VNC_LIST" | |
| } | awk '!seen[$1]++ { print $1 }' | |
| ) | |
| echo "$VNC_LIST_LIFETIME" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/vnc_365d.ipset | |
| # # | |
| # Threats โบ Attackers โบ SIP | |
| # # | |
| # # | |
| # Threats โบ Attackers โบ SIP (1d) | |
| # # | |
| SIP_LIST=$( | |
| curl --location "${BL_THREATS_API_URL}/SIP" \ | |
| --header "$BL_THREATS_API_ID_NAME: $BL_THREATS_API_ID_VALUE" \ | |
| --header "$BL_THREATS_API_KEY_NAME: $BL_THREATS_API_KEY_VALUE" \ | |
| | jq -r '.[].remote_host' \ | |
| | sort -u | |
| ) | |
| echo "$SIP_LIST" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/sip_1d.ipset | |
| # # | |
| # Threats โบ Attackers โบ SIP (365d) | |
| # # | |
| SIP_LIST_LIFETIME=$( | |
| { | |
| grep -vE '^\s*(#|$)' blocklists/threats/sip_365d.ipset 2>/dev/null || true | |
| echo "$SIP_LIST" | |
| } | awk '!seen[$1]++ { print $1 }' | |
| ) | |
| echo "$SIP_LIST_LIFETIME" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/sip_365d.ipset | |
| # # | |
| # Threats โบ Attackers โบ Telnet | |
| # # | |
| # # | |
| # Threats โบ Attackers โบ Telnet (1d) | |
| # # | |
| TELNET_LIST=$( | |
| curl --location "${BL_THREATS_API_URL}/Telnet" \ | |
| --header "$BL_THREATS_API_ID_NAME: $BL_THREATS_API_ID_VALUE" \ | |
| --header "$BL_THREATS_API_KEY_NAME: $BL_THREATS_API_KEY_VALUE" \ | |
| | jq -r '.[].remote_host' \ | |
| | sort -u | |
| ) | |
| echo "$TELNET_LIST" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/telnet_1d.ipset | |
| # # | |
| # Threats โบ Attackers โบ Telnet (365d) | |
| # # | |
| TELNET_LIST_LIFETIME=$( | |
| { | |
| grep -vE '^\s*(#|$)' blocklists/threats/telnet_365d.ipset 2>/dev/null || true | |
| echo "$TELNET_LIST" | |
| } | awk '!seen[$1]++ { print $1 }' | |
| ) | |
| echo "$TELNET_LIST_LIFETIME" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/telnet_365d.ipset | |
| # # | |
| # Threats โบ Attackers โบ FTP | |
| # # | |
| # # | |
| # Threats โบ Attackers โบ FTP (1d) | |
| # # | |
| FTP_LIST=$( | |
| curl --location "${BL_THREATS_API_URL}/FTP" \ | |
| --header "$BL_THREATS_API_ID_NAME: $BL_THREATS_API_ID_VALUE" \ | |
| --header "$BL_THREATS_API_KEY_NAME: $BL_THREATS_API_KEY_VALUE" \ | |
| | jq -r '.[].remote_host' \ | |
| | sort -u | |
| ) | |
| echo "$FTP_LIST" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/ftp_1d.ipset | |
| # # | |
| # Threats โบ Attackers โบ FTP (365d) | |
| # # | |
| FTP_LIST_LIFETIME=$( | |
| { | |
| grep -vE '^\s*(#|$)' blocklists/threats/ftp_365d.ipset 2>/dev/null || true | |
| echo "$FTP_LIST" | |
| } | awk '!seen[$1]++ { print $1 }' | |
| ) | |
| echo "$FTP_LIST_LIFETIME" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/ftp_365d.ipset | |
| # # | |
| # Threats โบ Attackers โบ HTTP | |
| # # | |
| # # | |
| # Threats โบ Attackers โบ HTTP (1d) | |
| # # | |
| HTTP_LIST=$( | |
| curl --location "${BL_THREATS_API_URL}/HTTP" \ | |
| --header "$BL_THREATS_API_ID_NAME: $BL_THREATS_API_ID_VALUE" \ | |
| --header "$BL_THREATS_API_KEY_NAME: $BL_THREATS_API_KEY_VALUE" \ | |
| | jq -r '.[].remote_host' \ | |
| | sort -u | |
| ) | |
| echo "$HTTP_LIST" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/http_1d.ipset | |
| # # | |
| # Threats โบ Attackers โบ HTTP (365d) | |
| # # | |
| HTTP_LIST_LIFETIME=$( | |
| { | |
| grep -vE '^\s*(#|$)' blocklists/threats/http_365d.ipset 2>/dev/null || true | |
| echo "$HTTP_LIST" | |
| } | awk '!seen[$1]++ { print $1 }' | |
| ) | |
| echo "$HTTP_LIST_LIFETIME" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/http_365d.ipset | |
| # # | |
| # Threats โบ Attackers โบ RDP | |
| # # | |
| # # | |
| # Threats โบ Attackers โบ RDP (1d) | |
| # # | |
| RDP_LIST=$( | |
| curl --location "${BL_THREATS_API_URL}/RDP" \ | |
| --header "$BL_THREATS_API_ID_NAME: $BL_THREATS_API_ID_VALUE" \ | |
| --header "$BL_THREATS_API_KEY_NAME: $BL_THREATS_API_KEY_VALUE" \ | |
| | jq -r '.[].remote_host' \ | |
| | sort -u | |
| ) | |
| echo "$RDP_LIST" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/rdp_1d.ipset | |
| # # | |
| # Threats โบ Attackers โบ RDP (365d) | |
| # # | |
| RDP_LIST_LIFETIME=$( | |
| { | |
| grep -vE '^\s*(#|$)' blocklists/threats/rdp_365d.ipset 2>/dev/null || true | |
| echo "$RDP_LIST" | |
| } | awk '!seen[$1]++ { print $1 }' | |
| ) | |
| echo "$RDP_LIST_LIFETIME" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/rdp_365d.ipset | |
| # # | |
| # Threats โบ Attackers โบ SMTP | |
| # # | |
| # # | |
| # Threats โบ Attackers โบ SMTP (1d) | |
| # # | |
| SMTP_LIST=$( | |
| curl --location "${BL_THREATS_API_URL}/SMTP" \ | |
| --header "$BL_THREATS_API_ID_NAME: $BL_THREATS_API_ID_VALUE" \ | |
| --header "$BL_THREATS_API_KEY_NAME: $BL_THREATS_API_KEY_VALUE" \ | |
| | jq -r '.[].remote_host' \ | |
| | sort -u | |
| ) | |
| echo "$SMTP_LIST" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/smtp_1d.ipset | |
| # # | |
| # Threats โบ Attackers โบ SMTP (365d) | |
| # # | |
| SMTP_LIST_LIFETIME=$( | |
| { | |
| grep -vE '^\s*(#|$)' blocklists/threats/smtp_365d.ipset 2>/dev/null || true | |
| echo "$SMTP_LIST" | |
| } | awk '!seen[$1]++ { print $1 }' | |
| ) | |
| echo "$SMTP_LIST_LIFETIME" | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true ./.github/scripts/bl-format.sh blocklists/threats/smtp_365d.ipset | |
| # # | |
| # Generate โบ 3rd Party | |
| # # | |
| - name: "๐งฑ Generate โบ 3rd Party" | |
| id: task_blocklist_generate_3rdparty | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_core == 'true' | |
| run: | | |
| # # | |
| # 3rd Party โบ Alienvault | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_ALIENVAULT_REPUTATION }}" \ | |
| | cut -d'#' -f1 \ | |
| | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/alienvault/bad_reputation.ipset | |
| # # | |
| # 3rd Party โบ BBcan177 | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_BBCAN177_MS1 }}" \ | |
| | CFG_INCLUDE_COMMENTS=true .github/scripts/bl-format.sh blocklists/3rdparty/bbcan177/ms1.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BBCAN177_MS3 }}" \ | |
| | CFG_INCLUDE_COMMENTS=true .github/scripts/bl-format.sh blocklists/3rdparty/bbcan177/ms3.ipset | |
| # # | |
| # 3rd Party โบ Binary Defense | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_BINARYDEFENSE_L1 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/binarydefense/blocklist.ipset | |
| # # | |
| # 3rd Party โบ Bitwire-IT | |
| # | |
| # @ref https://github.com/bitwire-it/ipblocklist | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_BITWIRE_INBOUND }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/bitwire/inbound.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BITWIRE_OUTBOUND }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/bitwire/outbound.ipset | |
| # # | |
| # 3rd Party โบ Blacklist Monster | |
| # | |
| # @ref https://blackhole.monster/ | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_BLACKLIST_MONSTER_TODAY }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/blackhole.monster/blacklist_today.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLACKLIST_MONSTER_15D }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/blackhole.monster/blacklist_15d.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLACKLIST_MONSTER_30D }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/blackhole.monster/blacklist_30d.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLACKLIST_MONSTER_ALL}}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/blackhole.monster/blacklist_all.ipset | |
| # # | |
| # 3rd Party โบ Blocklist.de | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_ALL }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/all.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_SSH }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/attacks_ssh.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_MAIL }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/attacks_mail.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_APACHE }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/attacks_apache.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_IMAP }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/attacks_imap.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_FTP }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/attacks_ftp.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_SIP }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/attacks_sip.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_BOTS }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/attacks_bots.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_LONGTERM }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/attacks_longterm.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_IRC }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/attacks_ircbot.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_BLOCKLISTDE_BRUTEFORCE }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/blocklist.de/attacks_bruteforce.ipset | |
| # # | |
| # 3rd Party โบ Botvrij | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_BOTVRIJ_L1 }}" \ | |
| | CFG_INCLUDE_COMMENTS=true .github/scripts/bl-format.sh blocklists/3rdparty/botvrij/threats_ioc.ipset | |
| # # | |
| # 3rd Party โบ BruteForceBlocker (Daniel Gerzo) | |
| # | |
| # @ref https://danger.rulez.sk/index.php/bruteforceblocker/faq/ | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_BRUTEFORCEBLOCKER_L1 }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/bruteforceblocker/blocklist.ipset | |
| # # | |
| # 3rd Party โบ CINS Army (Collective Intelligence Network Security) | |
| # | |
| # @ref https://cinsscore.com/list/ci-badguys.txt | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_CINSSCORE_BADGUYS }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/cinsscore/badguys.ipset | |
| # # | |
| # 3rd Party โบ DShield | |
| # | |
| # @ref https://www.dshield.org/feeds_doc.html | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_DSHIELD_BLOCK }}" \ | |
| | grep -v '^#' \ | |
| | awk '$4 >= 50 {print $1 "/" $3}' \ | |
| | sort -u \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/dshield/blocklist.ipset | |
| # # | |
| # 3rd Party โบ Emerging Threats | |
| # | |
| # @ref https://rules.emergingthreats.net/blockrules/compromised-ips.txt | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_EMERGINGTHREATS_COMPROMISED }}" \ | |
| | grep -v '^#' \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/emergingthreats/compromised.ipset | |
| # # | |
| # 3rd Party โบ Feodo Tracker โบ Botnet Command and Control (C2 or C&C) | |
| # | |
| # Dridex, Heodo (aka Emotet), TrickBot, QakBot (aka QuakBot / Qbot) and | |
| # BazarLoader (aka BazarBackdoor) botnet command&control servers (C2s). | |
| # | |
| # blocklist_c2_recommended C&C IP addresses (avoid false positives) | |
| # Only contains active botnet C&C servers or active in past hours. | |
| # blocklist_c2_ioc_normal Indicators Of Compromise (IOCs) (Normal) | |
| # Datasets contain additional info on tracked botnet C2s; | |
| # also IP addresses acting as botnet C2 within last 30 days. | |
| # blocklist_c2_ioc_aggressive Indicators Of Compromise (IOCs) (Aggressive) | |
| # Comprehensive list of all botnet C2s Feodo Tracker has. | |
| # IP addresses are re-used/recycled; false positive are much higher. | |
| # | |
| # @ref https://feodotracker.abuse.ch/blocklist/ | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_FEODOTRACKER_C2_RECOMMENDED }}" \ | |
| | grep -v '^#' \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/feodotracker/blocklist_c2_recommended.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_FEODOTRACKER_C2_IOC_NORMAL }}" \ | |
| | grep -v '^#' \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/feodotracker/blocklist_c2_iocs_normal.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_FEODOTRACKER_C2_IOC_AGGRESSIVE }}" \ | |
| | grep -v '^#' \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/feodotracker/blocklist_c2_iocs_aggressive.ipset | |
| # # | |
| # 3rd Party โบ Firehol | |
| # # | |
| curl -sSL "https://iplists.firehol.org/files/firehol_abusers_1d.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/abusers_1d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/firehol_abusers_30d.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/abusers_30d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/firehol_anonymous.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/anonymous.ipset | |
| curl -sSL "https://iplists.firehol.org/files/bitcoin_nodes.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/bitcoin_nodes.ipset | |
| curl -sSL "https://iplists.firehol.org/files/bitcoin_nodes_1d.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/bitcoin_nodes_1d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/bitcoin_nodes_7d.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/bitcoin_nodes_7d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/bitcoin_nodes_30d.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/bitcoin_nodes_30d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/botscout.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/botscout.ipset | |
| curl -sSL "https://iplists.firehol.org/files/botscout_1d.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/botscout_1d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/botscout_7d.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/botscout_7d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/botscout_30d.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/botscout_30d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/cybercrime.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/cybercrime.ipset | |
| curl -sSL "https://iplists.firehol.org/files/dshield.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/dshield.ipset | |
| curl -sSL "https://iplists.firehol.org/files/dshield_1d.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/dshield_1d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/dshield_7d.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/dshield_7d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/dshield_30d.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/dshield_30d.ipset | |
| curl -sSL "https://iplists.firehol.org/files/firehol_level1.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/level1.ipset | |
| curl -sSL "https://iplists.firehol.org/files/firehol_level2.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/level2.ipset | |
| curl -sSL "https://iplists.firehol.org/files/firehol_level3.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/level3.ipset | |
| curl -sSL "https://iplists.firehol.org/files/firehol_level4.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/level4.ipset | |
| curl -sSL "https://iplists.firehol.org/files/firehol_proxies.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/proxies.ipset | |
| curl -sSL "https://iplists.firehol.org/files/firehol_webclient.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/webclient.ipset | |
| curl -sSL "https://iplists.firehol.org/files/firehol_webserver.netset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/webservert.ipset | |
| curl -sSL "https://iplists.firehol.org/files/greensnow.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/greensnow.ipset | |
| curl -sSL "https://iplists.firehol.org/files/sblam.ipset" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/firehol/sblam.ipset | |
| # # | |
| # 3rd Party โบ GreenSnow | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_GREENSNOW }}" \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/greensnow/blocklist.ipset | |
| # # | |
| # 3rd Party โบ Hagezi | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_HAGEZI_L1 }}" \ | |
| | cut -d'#' -f1 \ | |
| | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' \ | |
| | .github/scripts/bl-format.sh blocklists/3rdparty/hagezi/threat_intelligence.ipset | |
| # # | |
| # 3rd Party โบ IPSum | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_IPSUM_L1 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/ipsum/level1.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_IPSUM_L2 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/ipsum/level2.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_IPSUM_L3 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/ipsum/level3.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_IPSUM_L4 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/ipsum/level4.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_IPSUM_L5 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/ipsum/level5.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_IPSUM_L6 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/ipsum/level6.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_IPSUM_L7 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/ipsum/level7.ipset | |
| curl -sSL "${{ vars.BL_3PARTY_IPSUM_L8 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/ipsum/level8.ipset | |
| # # | |
| # 3rd Party โบ LinuxTracker | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_LINUXTRACKER_L1 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/linuxtracker/blocklist.ipset | |
| # # | |
| # 3rd Party โบ Mikrotik โบ Core | |
| # | |
| # Url https://github.com/multiduplikator/mikrotik_blocklist | |
| # Entries ~20k | |
| # Update Every 3 hours | |
| # Sources Core threat feeds | |
| # Tor Exit Nodes Tor exit node IPs https://github.com/SecOps-Institute/Tor-IP-Addresses | |
| # Spamhaus DROP "Don't Route Or Peer" list https://www.spamhaus.org/drop/ | |
| # SSL Blacklist Botnet C&C servers https://sslbl.abuse.ch/ | |
| # Blocklist.de Fail2ban reported IPs https://lists.blocklist.de/ | |
| # Feodo Tracker Banking trojan C&C servers https://feodotracker.abuse.ch/ | |
| # FireHOL Level 1 Aggregated threat intelligence https://github.com/stamparm/ipsum | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_MULTIDUPLIKATOR_CORE }}" \ | |
| | CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/multiduplikator/blocklist_core.ipset | |
| # # | |
| # 3rd Party โบ Mikrotik โบ Large | |
| # | |
| # Url https://github.com/multiduplikator/mikrotik_blocklist | |
| # Entries ~25k | |
| # Update Every 3 hours | |
| # Sources Core + CINS Army | |
| # Tor Exit Nodes Tor exit node IPs https://github.com/SecOps-Institute/Tor-IP-Addresses | |
| # Spamhaus DROP "Don't Route Or Peer" list https://www.spamhaus.org/drop/ | |
| # SSL Blacklist Botnet C&C servers https://sslbl.abuse.ch/ | |
| # Blocklist.de Fail2ban reported IPs https://lists.blocklist.de/ | |
| # Feodo Tracker Banking trojan C&C servers https://feodotracker.abuse.ch/ | |
| # FireHOL Level 1 Aggregated threat intelligence https://github.com/stamparm/ipsum | |
| # CINS Army Collective Intelligence Network Security https://cinsscore.com/ | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_MULTIDUPLIKATOR_LARGE }}" \ | |
| | CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/multiduplikator/blocklist_large.ipset | |
| # # | |
| # 3rd Party โบ Mikrotik โบ Extra Large | |
| # | |
| # Url https://github.com/multiduplikator/mikrotik_blocklist | |
| # Entries ~68k | |
| # Update Every 3 hours | |
| # Sources Core + CINS Army + IPsum L1 | |
| # Tor Exit Nodes Tor exit node IPs https://github.com/SecOps-Institute/Tor-IP-Addresses | |
| # Spamhaus DROP "Don't Route Or Peer" list https://www.spamhaus.org/drop/ | |
| # SSL Blacklist Botnet C&C servers https://sslbl.abuse.ch/ | |
| # Blocklist.de Fail2ban reported IPs https://lists.blocklist.de/ | |
| # Feodo Tracker Banking trojan C&C servers https://feodotracker.abuse.ch/ | |
| # FireHOL Level 1 Aggregated threat intelligence https://github.com/stamparm/ipsum | |
| # CINS Army Collective Intelligence Network Security https://cinsscore.com/ | |
| # IPsum Level 1 Broader threat IPs (1+ hits) https://github.com/stamparm/ipsum | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_MULTIDUPLIKATOR_EXLARGE }}" \ | |
| | CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/multiduplikator/blocklist_extralarge.ipset | |
| # # | |
| # 3rd Party โบ Myip.ms โบ Full Database | |
| # # | |
| tmp_zip="$(mktemp)" | |
| curl -sSL "${{ vars.BL_3PARTY_MYIPMS_FULL }}" -o "${tmp_zip}" | |
| zip_entry="$(unzip -Z1 "${tmp_zip}" | grep -m1 -E '(^|/)full_blacklist_database\.txt$')" | |
| [ -z "${zip_entry}" ] && { echo "full_blacklist_database.txt not found in zip" >&2; rm -f "${tmp_zip}"; exit 1; } | |
| unzip -p "${tmp_zip}" "${zip_entry}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/myip.ms/blocklist_full.ipset | |
| rm -f "${tmp_zip}" | |
| # # | |
| # 3rd Party โบ Myip.ms โบ CSF / cPanel Specific | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_MYIPMS_CSF }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/myip.ms/blocklist_configserver.ipset | |
| # # | |
| # 3rd Party โบ Myip.ms โบ General | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_MYIPMS_GENERAL }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/myip.ms/blocklist_general.ipset | |
| # # | |
| # 3rd Party โบ Myip.ms โบ htaccess | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_MYIPMS_HTACCESS }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/myip.ms/blocklist_htaccess.ipset | |
| # # | |
| # 3rd Party โบ Myip.ms โบ Web Crawlers | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_MYIPMS_WEBCRAWLERS }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/myip.ms/blocklist_webcrawlers.ipset | |
| # # | |
| # 3rd Party โบ Rutgers | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_RUTGERS_ATTACKERS }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/rutgers.edu/blocklist.ipset | |
| # # | |
| # 3rd Party โบ Sblam | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_SBLAM_L1 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/sblam/blocklist.ipset | |
| # # | |
| # 3rd Party โบ Sekuripy โบ SSH auth log brute-force offenders | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_SEKURIPY_SSH_L1 }}" \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/sekuripy/ssh-bruteforce-attackers.ipset | |
| # # | |
| # 3rd Party โบ Sentinel Turris | |
| # # | |
| curl -sSL "${{ vars.BL_3PARTY_SENTINEL_TURRIS_L1 }}" \ | |
| | cut -d',' -f1 \ | |
| | tail -n +2 \ | |
| | CFG_SKIP_BOGON_FILTER=true CFG_TRUSTED_INPUT=true .github/scripts/bl-format.sh blocklists/3rdparty/sentinel.turris/greylist.ipset | |
| # # | |
| # Generate โบ Privacy โบ A - G | |
| # # | |
| - name: '๐งฑ Generate โบ Privacy (A-G) (1/day)' | |
| id: task_blocklist_generate_privacy_a_to_g | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_daily == 'true' | |
| run: | | |
| # # | |
| # Privacy โบ General | |
| # # | |
| CFG_SKIP_CIDR_DEDUPE=true CFG_SKIP_BOGON_FILTER=true CFG_INCLUDE_COMMENTS=true ./.github/scripts/bl-block.sh blocklists/privacy/@general.ipset privacy/general | |
| # # | |
| # Privacy โบ Activision | |
| # # | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/activision.ipset "${{ vars.BL_ACTIVISION_URL }}" | |
| # # | |
| # Privacy โบ Ahrefs | |
| # # | |
| curl -sSL -A "${{ env.USERAGENT }}" ${{ vars.BL_AI_AHREFS_URL }} | jq -r '.ips[].ip_address | select( . != null )' | .github/scripts/bl-format.sh blocklists/privacy/ahrefs.ipset | |
| # # | |
| # Privacy โบ AI โบ ChatGPT | |
| # # | |
| curl -sSL ${{ vars.BL_AI_OPENAI_GPTBOT_URL }} ${{ vars.BL_AI_OPENAI_GPTCHAT_URL }} ${{ vars.BL_AI_OPENAI_SEARCHBOT_URL }} \ | |
| | jq -r '.prefixes[] | .ipv4Prefix // .ipv6Prefix' \ | |
| | sort -u \ | |
| | .github/scripts/bl-format.sh blocklists/privacy/ai_openai_gpt_all.ipset | |
| curl -sSL "${{ vars.BL_AI_OPENAI_GPTBOT_URL }}" \ | |
| | jq -r '.prefixes[] | .ipv4Prefix // .ipv6Prefix' \ | |
| | sort -u \ | |
| | .github/scripts/bl-format.sh blocklists/privacy/ai_openai_gpt_bot.ipset | |
| curl -sSL "${{ vars.BL_AI_OPENAI_GPTCHAT_URL }}" \ | |
| | jq -r '.prefixes[] | .ipv4Prefix // .ipv6Prefix' \ | |
| | sort -u \ | |
| | .github/scripts/bl-format.sh blocklists/privacy/ai_openai_gpt_chat.ipset | |
| curl -sSL "${{ vars.BL_AI_OPENAI_SEARCHBOT_URL }}" \ | |
| | jq -r '.prefixes[] | .ipv4Prefix // .ipv6Prefix' \ | |
| | sort -u \ | |
| | .github/scripts/bl-format.sh blocklists/privacy/ai_openai_gpt_searchbot.ipset | |
| # # | |
| # Privacy โบ AI โบ Claude | |
| # # | |
| curl -sSL "${{ vars.BL_AI_CLAUDE_URL }}" \ | |
| | sed 's/<[^>]*>/\n/g' \ | |
| | sed -n '/Phased out IP addresses/,$!p' \ | |
| | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}|([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}/[0-9]{1,3}' \ | |
| | sort -u \ | |
| | .github/scripts/bl-format.sh blocklists/privacy/ai_claude_official.ipset | |
| # # | |
| # Privacy โบ Akamai (Cloud / CDN) | |
| # # | |
| AKAMAI_IPv4=$( curl -sSL -A "${{ env.USERAGENT }}" ${{ vars.BL_AKAMAI_CORE_URL }}/akamai_ipv4_CIDRs.txt \ | |
| | grep -vE '^(#|;|[[:space:]]*$)' ) | |
| AKAMAI_IPv6=$( curl -sSL -A "${{ env.USERAGENT }}" ${{ vars.BL_AKAMAI_CORE_URL }}/akamai_ipv6_CIDRs.txt \ | |
| | grep -vE '^(#|;|[[:space:]]*$)' ) | |
| AKAMAI_LIST=$( echo -e "${AKAMAI_IPv4}\n${AKAMAI_IPv6}" | sort -u ) | |
| echo "$AKAMAI_LIST" | .github/scripts/bl-format.sh blocklists/privacy/akamai.ipset | |
| # # | |
| # Privacy โบ Amazon AWS | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/amazon_aws.ipset "${{ vars.BL_AMAZON_CORE_URL }}" '.prefixes[] | select(.service=="AMAZON") | .ip_prefix' | |
| # # | |
| # Privacy โบ Amazon EC2 | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/amazon_ec2.ipset "${{ vars.BL_AMAZON_CORE_URL }}" '.prefixes[] | select(.service=="EC2") | .ip_prefix' | |
| # # | |
| # Privacy โบ Anthropic | |
| # # | |
| ./.github/scripts/bl-mip.sh blocklists/privacy/anthropic.ipset "${{ vars.BL_AI_ANTHROPIC_URL }}" privacy/anthropic | |
| # # | |
| # Privacy โบ Apple Bot | |
| # # | |
| curl -sSL -A "${{ env.USERAGENT }}" ${{ vars.BL_APPLE_INC_BOT_URL }} | jq -r '.prefixes | .[] |.ipv4Prefix//empty,.ipv6Prefix//empty' | .github/scripts/bl-format.sh blocklists/privacy/apple_bot.ipset | |
| # # | |
| # Privacy โบ Apple Proxy | |
| # https://developer.apple.com/icloud/prepare-your-network-for-icloud-private-relay/ | |
| # # | |
| curl -sSL -A "${{ env.USERAGENT }}" ${{ vars.BL_APPLE_INC_PROXY_URL }} \ | |
| | awk -F',' 'NR>1{print $1}' \ | |
| | CFG_TRUSTED_INPUT=true CFG_SKIP_BOGON_FILTER=true .github/scripts/bl-format.sh blocklists/privacy/apple_icloud.ipset | |
| # # | |
| # Privacy โบ Alibaba | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/alibaba.ipset "${{ vars.BL_CHINA_ALIBABA_ASN }}" | |
| # # | |
| # Privacy โบ Automattic / Tumblr / Wordpress.com | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/automattic.ipset "${{ vars.BL_AUTOMATTIC_WP_ASN }}" | |
| # # | |
| # Privacy โบ Baidu | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/baidu.ipset "${{ vars.BL_CHINA_BAIDU_ASN }}" | |
| # # | |
| # Privacy โบ Bing | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/bing.ipset "${{ vars.BL_BING_URL }}" '.prefixes | .[] |.ipv4Prefix//empty,.ipv6Prefix//empty' | |
| # # | |
| # Privacy โบ Blizzard | |
| # # | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/blizzard.ipset "${{ vars.BL_BLIZZARD_URL }}" | |
| # # | |
| # Privacy โบ Bluehost | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/bluehost_eig.ipset "${{ vars.BL_BLUEHOST_EIG_ASN }}" | |
| # # | |
| # Privacy โบ Bunny CDN | |
| # # | |
| BUNNYCDN_IPv4=$( curl -sSL ${{ vars.BL_BUNNYCDN_URL }}/plain \ | |
| | grep -vE '^(#|;|[[:space:]]*$)' ) | |
| BUNNYCDN_IPv6=$( curl -sSL ${{ vars.BL_BUNNYCDN_URL }}/ipv6 \ | |
| | jq -r '.[] | select( . != null )' | grep -vE '^(#|;|[[:space:]]*$)' ) | |
| BUNNYCDN_LIST=$( echo -e "${BUNNYCDN_IPv4}\n${BUNNYCDN_IPv6}" | sort -u ) | |
| echo "$BUNNYCDN_LIST" | .github/scripts/bl-format.sh blocklists/privacy/bunnycdn.ipset | |
| # # | |
| # Privacy โบ ByteDance / Tiktok | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/bytedance.ipset "${{ vars.BL_TIKTOK_BYTEDANCE_ASN }}" | |
| # Privacy โบ Censys, Inc. | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/censys_io.ipset "${{ vars.BL_CENSYS_IO_ASN }}" | |
| # Privacy โบ China โบ China Broadcasting Network | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/china_broadcasting_network.ipset "${{ vars.BL_CHINA_BROADCASTING_NETWORK_ASN }}" | |
| # Privacy โบ China โบ China Mobile | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/china_mobile.ipset "${{ vars.BL_CHINA_MOBILE_ASN }}" | |
| # Privacy โบ China โบ ChinaNET | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/china_chinanet.ipset "${{ vars.BL_CHINA_CHINANET_ASN }}" | |
| # Privacy โบ China โบ China / Shanghai Mobile Communications Co.,Ltd. | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/china_net_mobile.ipset "${{ vars.BL_CHINA_NETMOBILE_ASN }}" | |
| # Privacy โบ China โบ China Networks Inter-Exchange | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/china_networks.ipset "${{ vars.BL_CHINA_NETWORKS_ASN }}" | |
| # Privacy โบ China โบ Telecom | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/china_telecom.ipset "${{ vars.BL_CHINA_TELECOM_ASN }}" | |
| # Privacy โบ China โบ Tencent Networks | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/china_tencent.ipset "${{ vars.BL_CHINA_TENCENT_NET_ASN }}" | |
| # Privacy โบ China โบ Tietong | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/china_tietong.ipset "${{ vars.BL_CHINA_TIETONG_ASN }}" | |
| # Privacy โบ China โบ Unicorn | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/china_unicorn.ipset "${{ vars.BL_CHINA_UNICORN_ASN }}" | |
| # # | |
| # Privacy โบ Cloudfront | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/cloudfront.ipset "${{ vars.BL_AMAZON_CLOUDFRONT_URL }}" 'map(.[]) | sort | .[]' | |
| # # | |
| # Privacy โบ Cloudflare CDN | |
| # # | |
| CLOUDFLARE_IPv4=$( curl -sSL -A "${{ env.USERAGENT }}" ${{ vars.BL_CLOUDFLARE_URL }}/ips-v4 \ | |
| | grep -vE '^(#|;|[[:space:]]*$)' ) | |
| CLOUDFLARE_IPv6=$( curl -sSL -A "${{ env.USERAGENT }}" ${{ vars.BL_CLOUDFLARE_URL }}/ips-v6 \ | |
| | grep -vE '^(#|;|[[:space:]]*$)' ) | |
| CLOUDFLARE_LIST=$( echo -e "${CLOUDFLARE_IPv4}\n${CLOUDFLARE_IPv6}" | sort -u ) | |
| echo "$CLOUDFLARE_LIST" | .github/scripts/bl-format.sh blocklists/privacy/cloudflare.ipset | |
| # # | |
| # Privacy โบ COLOCROSSING / HostPapa | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/colocrossing_hostpapa.ipset "${{ vars.BL_COLOCROSSING_HOSTPAPA_ASN }}" | |
| # # | |
| # Privacy โบ Contabo Hosting | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/contabo_gmbh.ipset "${{ vars.BL_CONTABO_GMBH_ASN }}" | |
| # # | |
| # Privacy โบ Digital Ocean | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/digitalocean_asn.ipset "${{ vars.BL_DIGITAL_OCEAN_ASN }}" | |
| # # | |
| # Privacy โบ Digital Ocean | |
| # # | |
| curl -sSL -A "${{ env.USERAGENT }}" ${{ vars.BL_DIGITAL_OCEAN_URL }} \ | |
| | cut -d, -f1 \ | |
| | grep -vE '^(#|;|[[:space:]]*$)' \ | |
| | sort -u \ | |
| | .github/scripts/bl-format.sh blocklists/privacy/digitalocean_source.ipset | |
| # # | |
| # Privacy โบ Dream Hosting | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/dreamhost.ipset "${{ vars.BL_DREAMHOST_ASN }}" | |
| # # | |
| # Privacy โบ DuckDuckGo | |
| # | |
| # Originally, we crawled DDG's Github docs page. However, it was shut down in 2025. | |
| # curl -sSL -A "${{ env.USERAGENT }}" https://raw.githubusercontent.com/duckduckgo/duckduckgo-help-pages/master/_docs/results/duckduckbot.md | grep "^\- " | awk '{gsub("-",""); print}' | awk '{gsub(/ /,""); print}' | .github/scripts/bl-format.sh blocklists/privacy/duckduckgo.ipset | |
| # | |
| # Now we use their official json list | |
| # https://duckduckgo.com/duckduckbot.json | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/duckduckgo.ipset "${{ vars.BL_DUCKDUCKGO_URL }}" '.prefixes[] | select(.ipv4Prefix or .ipv6Prefix) | (.ipv4Prefix // .ipv6Prefix)' | |
| # # | |
| # Privacy โบ Electronic Arts & IGN | |
| # # | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/electronicarts_ign.ipset "${{ vars.BL_ELECTRONICARTS_URL }}" | |
| # # | |
| # Privacy โบ Facebook | |
| # https://github.com/SecOps-Institute/FacebookIPLists/blob/master/facebook_asn_list.lst | |
| # https://bgp.he.net/search?search%5Bsearch%5D=facebook&commit=Search | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/facebook.ipset "${{ vars.BL_FACEBOOK_ASN }}" | |
| # # | |
| # Privacy โบ Fastly | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/fastly.ipset ${{ vars.BL_FASTLY_URL }} 'map(.[]) | .[]' | |
| # # | |
| # Privacy โบ Github | |
| # | |
| # https://api.github.com/meta | |
| # # | |
| GITHUB_URL="${{ vars.BL_GITHUB_URL }}" | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_all.ipset $GITHUB_URL '.. | strings | select(test("^[0-9a-fA-F:.]+/[0-9]+$"))' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_hooks.ipset $GITHUB_URL '.hooks[]' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_web.ipset $GITHUB_URL '.web[]' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_api.ipset $GITHUB_URL '.api[]' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_git.ipset $GITHUB_URL '.git[]' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_packages.ipset $GITHUB_URL '.packages[]' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_pages.ipset $GITHUB_URL '.pages[]' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_importer.ipset $GITHUB_URL '.importer[]' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_actions.ipset $GITHUB_URL '.actions[]' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_actions_macos.ipset $GITHUB_URL '.actions_macos[]' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_codespaces.ipset $GITHUB_URL '.codespaces[]' | |
| ./.github/scripts/bl-json.sh blocklists/privacy/github_copilot.ipset $GITHUB_URL '.copilot[]' | |
| # # | |
| # Privacy โบ Google โบ Core | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/google_core.ipset "${{ vars.BL_GOOGLE_BOTS_URL }}" '.prefixes[] | select(.ipv4Prefix or .ipv6Prefix) | (.ipv4Prefix // .ipv6Prefix)' | |
| # # | |
| # Privacy โบ Google โบ Bot | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/google_bots.ipset "${{ vars.BL_GOOGLE_BOTS_URL }}" '.prefixes | .[] |.ipv4Prefix//empty,.ipv6Prefix//empty' | |
| # # | |
| # Privacy โบ Google โบ Cloud | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/google_cloud.ipset "${{ vars.BL_GOOGLE_CLOUD_URL }}" '.prefixes[] | select(.ipv4Prefix or .ipv6Prefix) | (.ipv4Prefix // .ipv6Prefix)' | |
| # # | |
| # Generate โบ Privacy โบ H - N | |
| # # | |
| - name: '๐งฑ Generate โบ Privacy (H-N) (1/day)' | |
| id: task_blocklist_generate_privacy_h_to_n | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_daily == 'true' | |
| run: | | |
| # # | |
| # Privacy โบ Huawei | |
| # # | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/huawei.ipset "${{ vars.BL_HUAWEI_ASN }}" | |
| # # | |
| # Privacy โบ Linode | |
| # # | |
| curl -sSL "${{ vars.BL_LINODE_URL }}" | awk -F',' '{print $1}' | sort -u | .github/scripts/bl-format.sh blocklists/privacy/linode.ipset | |
| # # | |
| # Privacy โบ Microsoft โบ 365 | |
| # # | |
| MS_365_URL="${{ vars.BL_MICROSOFT_365_URL }}?clientrequestid=$(uuidgen)" | |
| ./.github/scripts/bl-json.sh blocklists/privacy/microsoft_365.ipset $MS_365_URL '.[] | .ips[]?' | |
| # # | |
| # Privacy โบ Microsoft โบ Azure | |
| # | |
| # - Public Cloud | |
| # - US Government | |
| # - Germany Cloud | |
| # - China Cloud | |
| # | |
| # @ref https://azservicetags.azurewebsites.net/ | |
| # # | |
| MS_AZURE_URL_PUBLIC=$( curl -sSL "${{ vars.BL_MICROSOFT_AZURE_PUBLIC_URL }}" | grep -o 'https://download.microsoft.com/download[^"]*ServiceTags_Public_[0-9]\+\.json' | head -n1 ) | |
| ./.github/scripts/bl-json.sh blocklists/privacy/microsoft_azure_public.ipset $MS_AZURE_URL_PUBLIC '.values[].properties.addressPrefixes[]' | |
| MS_AZURE_URL_USGOV=$( curl -sSL "${{ vars.BL_MICROSOFT_AZURE_USGOV_URL }}" | grep -o 'https://download.microsoft.com/download[^"]*ServiceTags_AzureGovernment_[0-9]\+\.json' | head -n1 ) | |
| ./.github/scripts/bl-json.sh blocklists/privacy/microsoft_azure_usgov.ipset $MS_AZURE_URL_USGOV '.values[].properties.addressPrefixes[]' | |
| MS_AZURE_URL_GERMANY=$( curl -sSL "${{ vars.BL_MICROSOFT_AZURE_GERMANY_URL }}" | grep -o 'https://download.microsoft.com/download[^"]*ServiceTags_AzureGermany_[0-9]\+\.json' | head -n1 ) | |
| ./.github/scripts/bl-json.sh blocklists/privacy/microsoft_azure_usgov.ipset $MS_AZURE_URL_GERMANY '.values[].properties.addressPrefixes[]' | |
| MS_AZURE_URL_CHINA=$( curl -sSL "${{ vars.BL_MICROSOFT_AZURE_CHINA_URL }}" | grep -o 'https://download.microsoft.com/download[^"]*ServiceTags_China_[0-9]\+\.json' | head -n1 ) | |
| ./.github/scripts/bl-json.sh blocklists/privacy/microsoft_azure_china.ipset $MS_AZURE_URL_CHINA '.values[].properties.addressPrefixes[]' | |
| # # | |
| # Privacy โบ Nintendo | |
| # # | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/nintendo.ipset "${{ vars.BL_NINTENDO_URL }}" | |
| # # | |
| # Generate โบ Privacy โบ O - T | |
| # # | |
| - name: '๐งฑ Generate โบ Privacy (O-T) (1/day)' | |
| id: task_blocklist_generate_privacy_o_to_t | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_daily == 'true' | |
| run: | | |
| # # | |
| # Privacy โบ Oracle โบ OCI (EC2 / GCP) | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/oracle_oci.ipset "${{ vars.BL_ORACLE_OCI_URL }}" '.regions[].cidrs[] | select(.tags[] == "OCI") | .cidr' | |
| # # | |
| # Privacy โบ Oracle โบ Oracle services network (OSN) | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/oracle_osn.ipset "${{ vars.BL_ORACLE_OSN_URL }}" '.regions[].cidrs[] | select(.tags[] == "OSN") | .cidr' | |
| # # | |
| # Privacy โบ Oracle โบ Object Storage | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/oracle_object_storage.ipset "${{ vars.BL_ORACLE_OBJ_URL }}" '.regions[].cidrs[] | select(.tags[] == "OBJECT_STORAGE") | .cidr' | |
| # # | |
| # Privacy โบ Oracle โบ All | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/oracle_all.ipset "${{ vars.BL_ORACLE_ALL_URL }}" '.regions[].cidrs[] | .cidr' | |
| # # | |
| # Privacy โบ Pandora | |
| # # | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/pandora.ipset "${{ vars.BL_PANDORA_URL }}" | |
| # # | |
| # Privacy โบ Perplexity โบ All | |
| # | |
| # @ref https://docs.perplexity.ai/docs/resources/perplexity-crawlers | |
| # # | |
| curl -sSL https://www.perplexity.ai/perplexitybot.json https://www.perplexity.ai/perplexity-user.json \ | |
| | jq -r '.prefixes[] | select(.ipv4Prefix or .ipv6Prefix) | (.ipv4Prefix // .ipv6Prefix)' \ | |
| | sort -u \ | |
| | ./.github/scripts/bl-format.sh blocklists/privacy/perplexity_all.ipset | |
| # # | |
| # Privacy โบ Perplexity โบ Bot | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/perplexity_bot.ipset "https://www.perplexity.ai/perplexitybot.json" '.prefixes[] | select(.ipv4Prefix or .ipv6Prefix) | (.ipv4Prefix // .ipv6Prefix)' | |
| # # | |
| # Privacy โบ Perplexity โบ User | |
| # # | |
| ./.github/scripts/bl-json.sh blocklists/privacy/perplexity_user.ipset "https://www.perplexity.ai/perplexity-user.json" '.prefixes[] | select(.ipv4Prefix or .ipv6Prefix) | (.ipv4Prefix // .ipv6Prefix)' | |
| # # | |
| # Privacy โบ Pingdom | |
| # # | |
| PINGDOM_IPv4=$( curl -sSL "${{ vars.BL_PINGDOM_URL }}/ipv4" \ | |
| | grep -vE '^(#|;|[[:space:]]*$)') | |
| PINGDOM_IPv6=$( curl -sSL "${{ vars.BL_PINGDOM_URL }}/ipv6" \ | |
| | grep -vE '^(#|;|[[:space:]]*$)') | |
| PINGDOM_LIST=$( echo -e "${PINGDOM_IPv4}\n${PINGDOM_IPv6}" | sort -u ) | |
| echo "$PINGDOM_LIST" | .github/scripts/bl-format.sh blocklists/privacy/pingdom.ipset | |
| # # | |
| # Privacy โบ Pirate Bay | |
| # # | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/piratebay.ipset "${{ vars.BL_PIRATEBAY_URL }}" | |
| # # | |
| # Privacy โบ ProtonVPN | |
| # | |
| # Gathering these are tricky. Requires the authentication COOKIE / session_id to access API. | |
| # User Id => secrets.BL_PROTON_VPN_USERID | |
| # Cookie => secrets.BL_PROTON_VPN_AUTHCOOKIE | |
| # Session id => secrets.BL_PROTON_VPN_SESSIONID | |
| # # | |
| curl -s \ | |
| -H 'x-pm-appversion: AndroidVPN_5.5.52' \ | |
| -H 'x-pm-apiversion: 3' \ | |
| -H 'x-pm-locale: en_US' \ | |
| -H 'x-pm-uid: ${{ secrets.BL_PROTON_VPN_USERID }}' \ | |
| -H 'cookie: ${{ secrets.BL_PROTON_VPN_AUTHCOOKIE }}; Session-Id=${{ secrets.BL_PROTON_VPN_SESSIONID }}; Tag=default; Theme=1; Domain=protonvpn.com; st=eyJ0IjoiZiIsImgiOiIwIn0' \ | |
| '${{ vars.BL_PROTON_VPN_URL }}' \ | |
| | jq -r '.LogicalServers[] | .Servers[]? | .EntryIP, .ExitIP, .ExitIPv6 | select(. != null)' \ | |
| | sort -u \ | |
| | .github/scripts/bl-format.sh blocklists/privacy/proton_vpn.ipset proton_vpn | |
| # Privacy โบ Punkbuster | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/punkbuster.ipset "${{ vars.BL_PUNKBUSTER_URL }}" | |
| # Privacy โบ Riot Games | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/riot_games.ipset "${{ vars.BL_RIOTGAMES_URL }}" | |
| # Privacy โบ RSS API | |
| curl -sSL -A "${{ env.USERAGENT }}" "${{ vars.BL_RSSAPI_URL }}" | .github/scripts/bl-format.sh blocklists/privacy/rssapi.ipset | |
| # Privacy โบ Shadow Server | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/shadowserver.ipset "${{ vars.BL_SHADOWSERVER_FOUNDATION_ASN }}" | |
| # Privacy โบ Sony โบ All | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/sony_all.ipset "${{ vars.BL_SONY_ALL_ASN }}" | |
| # Privacy โบ Sony โบ Sony Network Communications Inc. (Japan/ISP/So-net) | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/sony_network_communications.ipset "${{ vars.BL_SONY_NETWORK_COMMUNICATIONS_ASN }}" | |
| # Privacy โบ Sony โบ Sony Interactive Entertainment LLC (Playstation) | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/sony_playstation_network.ipset "${{ vars.BL_SONY_PLAYSTATION_NETWORK_ASN }}" | |
| # Privacy โบ Sony โบ Sony Pictures Technologies Inc. | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/sony_pictures_technologies.ipset "${{ vars.BL_SONY_PICTURES_TECHNOLOGIES_ASN }}" | |
| # Privacy โบ Sony โบ User Reported | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/sony_userflagged.ipset "${{ vars.BL_SONY_USERFLAGGED_URL }}" | |
| # Privacy โบ Steam | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/steam.ipset "${{ vars.BL_STEAM_URL }}" | |
| # Privacy โบ Stripe โบ API | |
| curl -sSL -A "${{ env.USERAGENT }}" "${{ vars.BL_STRIPE_API_URL }}" | .github/scripts/bl-format.sh blocklists/privacy/stripe_api.ipset | |
| # Privacy โบ Stripe โบ Armada Gator | |
| curl -sSL -A "${{ env.USERAGENT }}" "${{ vars.BL_STRIPE_ARMADA_GATOR_URL }}" | .github/scripts/bl-format.sh blocklists/privacy/stripe_armada_gator.ipset | |
| # Privacy โบ Stripe โบ Webhooks | |
| curl -sSL -A "${{ env.USERAGENT }}" "${{ vars.BL_STRIPE_WEBHOOKS_URL }}" | .github/scripts/bl-format.sh blocklists/privacy/stripe_webhooks.ipset | |
| # Privacy โบ Telegram | |
| curl -sSL -A "${{ env.USERAGENT }}" "${{ vars.BL_TELEGRAM_URL }}" | .github/scripts/bl-format.sh blocklists/privacy/telegram.ipset | |
| # Privacy โบ Tumblr | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/tumblr.ipset "${{ vars.BL_TUMBLR_ASN }}" | |
| # Privacy โบ Twitter / X | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/privacy/twitter_x.ipset "${{ vars.BL_TWITTER_INC_X_ASN }}" | |
| # # | |
| # Generate โบ Privacy โบ U - Z | |
| # # | |
| - name: '๐งฑ Generate โบ Privacy (U-Z) (1/day)' | |
| id: task_blocklist_generate_privacy_u_to_z | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_daily == 'true' | |
| run: | | |
| # Privacy โบ Ubisoft | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/ubisoft.ipset "${{ vars.BL_UBISOFT_URL }}" | |
| # Privacy โบ Uptime Robot | |
| curl -sSL -A "${{ env.USERAGENT }}" "${{ vars.BL_UPTIMEROBOT_URL }}" | .github/scripts/bl-format.sh blocklists/privacy/uptimerobot.ipset | |
| # Privacy โบ WebPageTest | |
| curl -sSLk -A "${{ env.USERAGENT }}" "${{ secrets.PROXY_WEB_URL_HTTPS }}/json?url=https%3A%2F%2Fwebpagetest.org%2Faddresses.php%3Ff%3Djson" | jq -r '.data[].addresses[] | select( . != null )' | .github/scripts/bl-format.sh blocklists/privacy/webpagetest.ipset | |
| # Privacy โบ Xfire | |
| ./.github/scripts/range-iprange.sh blocklists/privacy/xfire.ipset "${{ vars.BL_XFIRE_URL }}" | |
| # # | |
| # Generate โบ Spam | |
| # # | |
| - name: '๐งฑ Generate โบ Spam' | |
| id: task_blocklist_generate_spam | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_core == 'true' | |
| run: | | |
| ./.github/scripts/bl-plain.sh blocklists/spam/spamhaus.ipset ${{ vars.BL_SPAM_SPAMHAUS_URL }} | |
| # # | |
| # Generate โบ Spam โบ Forums | |
| # | |
| # only updated once per day (daily path) | |
| # # | |
| - name: '๐งฑ Generate โบ Spam โบ Forums (1/day)' | |
| id: task_blocklist_spam_generate_forums | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_daily == 'true' | |
| run: | | |
| chmod +x ".github/scripts/bl-plain.sh" | |
| ./.github/scripts/bl-plain.sh blocklists/spam/forums.ipset ${{ vars.BL_SPAM_FORUMS_URL }} | |
| # # | |
| # Generate โบ Internet Service Provider | |
| # | |
| # @resources https://ftp.arin.net/info/asn.txt | |
| # https://networksdb.io | |
| # https://rapidapi.com | |
| # https://ip.guide/ | |
| # https://2ip.io | |
| # https://ip2location.com | |
| # https://ipqualityscore.com | |
| # https://ipinfo.io | |
| # https://radb.net | |
| # https://bgpview.io | |
| # @info script on another server is responsible for ensuring this workflow list is kept up to date with the correct ASN. | |
| # we use numerous resources to compare ASNs to see which ones are active and which ones have been migrated. | |
| # # | |
| - name: '๐งฑ Generate โบ ISP (1/day)' | |
| id: task_blocklist_generate_isp | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_daily == 'true' | |
| run: | | |
| # ISP โบ AOL | |
| ./.github/scripts/bl-block.sh blocklists/isp/aol.ipset isp/aol.ipset | |
| # ISP โบ ATT | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/att.ipset "${{ vars.BL_ATT_ASN }}" | |
| # ISP โบ Cablevision | Later merged with Suddenlink | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/cablevision.ipset "${{ vars.BL_CABLEVISION_ASN }}" | |
| # ISP โบ Charter & Spectrum (Previously Time Warner Cable) | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/charter_spectrum_timewarnercable.ipset "${{ vars.BL_CHARTER_SPECTRUM_TIMEWARNERCABLE_ASN }}" | |
| # ISP โบ Comcast | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/comcast.ipset "${{ vars.BL_COMCAST_ASN }}" | |
| # ISP โบ Cox Communications | |
| # https://networksdb.io/ip-addresses-of/cox-communications-inc | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/cox_communications.ipset "${{ vars.BL_COX_COMMUNICATIONS_ASN }}" | |
| # ISP โบ Embarq | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/embarq.ipset "${{ vars.BL_EMBARQ_ASN }}" | |
| # ISP โบ Frontier Communications | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/frontier_communications.ipset "${{ vars.BL_FRONTIER_COMMUNICATIONS_ASN }}" | |
| # ISP โบ Qwest / CenturyLink | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/qwest_centurylink.ipset "${{ vars.BL_QWEST_CENTURYLINK_ASN }}" | |
| # ISP โบ Sprint | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/sprint.ipset "${{ vars.BL_SPRINT_ASN }}" | |
| # ISP โบ Verizon | |
| # https://networksdb.io/search/org/verizon | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/verizon.ipset "${{ vars.BL_VERIZON_ASN }}" | |
| # ISP โบ SpaceX Starlink | |
| CFG_TRUSTED_INPUT=true ./.github/scripts/bl-whois.sh blocklists/isp/spacex_starlink.ipset "${{ vars.BL_SPACEX_STARLINK_ASN }}" | |
| # ISP โบ Suddenlink / Altice / Optiumum | |
| ./.github/scripts/bl-json.sh blocklists/isp/suddenlink_altice_optimum.ipset https://ip.guide/AS19108 '.routes | .v4//empty,.v6//empty | .[]' | |
| # # | |
| # Generate โบ Geographical โบ Geolite2 โบ Setup | |
| # | |
| # this step should only be ran once per day (at 1:15am UTC). | |
| # The vars defined below are used for caching. The current day of the year + year are calculated, this allows | |
| # the same cached files to be used in a 24 hour period. When the day of the year changes, a new set of geo files will | |
| # be updated. | |
| # | |
| # CACHE VARS: year_week outputs the current week of the year, and year | |
| # 51_2024 | |
| # | |
| # year_day outputs the current day of the year, and year | |
| # 308_2024 | |
| # # | |
| - name: '๐งฑ Geographical โบ GeoLite2 (Setup)' | |
| id: task_blocklist_geographical_generate_setup | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_daily == 'true' | |
| run: | | |
| should_run="true" | |
| force_run="${{ steps.task_blocklist_generate_run_mode.outputs.force_daily }}" | |
| echo "should_run=${should_run}" >> "$GITHUB_OUTPUT" | |
| echo "force_run=${force_run}" >> "$GITHUB_OUTPUT" | |
| echo "year_week=$(date +'%U_%Y')" >> $GITHUB_ENV | |
| echo "year_day=$(date +'%j_%Y')" >> $GITHUB_ENV | |
| # # | |
| # Generate โบ Geographical โบ Geolite2 โบ Cache | |
| # | |
| # uses the same cache in a 24 hour period. | |
| # | |
| # @output cache-hit | |
| # only run step if cache hit found | |
| # if: steps.task_blocklist_geographical_generate_cache.outputs.cache-hit == 'true' | |
| # # | |
| - name: '๐งฑ Geographical โบ GeoLite2 (Cache)' | |
| id: task_blocklist_geographical_generate_cache | |
| uses: actions/cache@v5 | |
| if: steps.task_blocklist_geographical_generate_setup.outputs.should_run == 'true' | |
| with: | |
| path: .github/.daily/geolite2 | |
| key: daily-${{ runner.os }}-geolite2-${{ steps.task_blocklist_generate_date_key.outputs.day }} | |
| # # | |
| # Generate โบ Geographical โบ Geolite2 โบ Build | |
| # # | |
| - name: '๐งฑ Geographical โบ GeoLite2 (1/day)' | |
| id: task_blocklist_generate_geolite2_country | |
| if: steps.task_blocklist_geographical_generate_setup.outputs.should_run == 'true' && ( steps.task_blocklist_geographical_generate_setup.outputs.force_run == 'true' || steps.task_blocklist_geographical_generate_cache.outputs.cache-hit != 'true' ) | |
| run: | | |
| chmod +x ".github/scripts/bl-geolite2.sh" | |
| run_geolite2=".github/scripts/bl-geolite2.sh -l ${{ secrets.API_GEOLITE2_KEY }}" | |
| eval "./$run_geolite2" | |
| # # | |
| # Generate โบ ASN | |
| # | |
| # ASN numbers are automatically managed & updated via a backend system. Store ASNs as github variable. | |
| # # | |
| - name: '๐งฑ Geographical โบ GeoLite2 โบ ASN (1/day)' | |
| id: task_blocklist_generate_geolite2_asn | |
| if: steps.task_blocklist_geographical_generate_setup.outputs.should_run == 'true' && ( steps.task_blocklist_geographical_generate_setup.outputs.force_run == 'true' || steps.task_blocklist_geographical_generate_cache.outputs.cache-hit != 'true' ) | |
| run: | | |
| export MAXMIND_LICENSE_KEY="${{ secrets.API_GEOLITE2_KEY }}" | |
| export BL_GEOLITE2_REUSE_TEMP=true | |
| rm -rf .github/temp .github/.temp | |
| ./.github/scripts/bl-geolite2_asn.sh --folder A --file akamai_core --asn ${{ vars.BL_AKAMAI_CORE_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder A --file akamai_linode --asn ${{ vars.BL_AKAMAI_LINODE_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder A --file alibaba --asn ${{ vars.BL_CHINA_ALIBABA_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder A --file amazon_core --asn ${{ vars.BL_AMAZON_CORE_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder A --file amazon_cloudfront --asn ${{ vars.BL_AMAZON_CLOUDFRONT_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder A --file apple_inc --asn ${{ vars.BL_APPLE_INC_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder A --file att --asn ${{ vars.BL_ATT_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder A --file automattic --asn ${{ vars.BL_AUTOMATTIC_WP_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder B --file baidu --asn ${{ vars.BL_CHINA_BAIDU_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder B --file bluehost_eig --asn ${{ vars.BL_BLUEHOST_EIG_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder B --file bunnycdn --asn ${{ vars.BL_BUNNYCDN_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file cablevision --asn ${{ vars.BL_CABLEVISION_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file censys_io --asn ${{ vars.BL_CENSYS_IO_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file charter_spectrum_timewarnercable --asn ${{ vars.BL_CHARTER_SPECTRUM_TIMEWARNERCABLE_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file china_broadcasting_network --asn ${{ vars.BL_CHINA_BROADCASTING_NETWORK_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file china_mobile --asn ${{ vars.BL_CHINA_MOBILE_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file china_chinanet --asn ${{ vars.BL_CHINA_CHINANET_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file china_net_mobile --asn ${{ vars.BL_CHINA_NETMOBILE_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file china_networks --asn ${{ vars.BL_CHINA_NETWORKS_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file china_telecom --asn ${{ vars.BL_CHINA_TELECOM_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file china_tencent_net --asn ${{ vars.BL_CHINA_TENCENT_NET_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file china_tietong --asn ${{ vars.BL_CHINA_TIETONG_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file china_unicorn --asn ${{ vars.BL_CHINA_UNICORN_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file cloudflare --asn ${{ vars.BL_CLOUDFLARE_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file colocrossing_hostpapa --asn ${{ vars.BL_COLOCROSSING_HOSTPAPA_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file comcast --asn ${{ vars.BL_COMCAST_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file contabo_gmbh --asn ${{ vars.BL_CONTABO_GMBH_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder C --file cox_communications --asn ${{ vars.BL_COX_COMMUNICATIONS_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder D --file digitalocean --asn ${{ vars.BL_DIGITAL_OCEAN_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder D --file dreamhost --asn ${{ vars.BL_DREAMHOST_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder E --file embarq --asn ${{ vars.BL_EMBARQ_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder F --file facebook --asn ${{ vars.BL_FACEBOOK_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder F --file fastly --asn ${{ vars.BL_FASTLY_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder F --file fdc_servers --asn ${{ vars.BL_FDC_SERVERS_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder F --file frontier_communications --asn ${{ vars.BL_FRONTIER_COMMUNICATIONS_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder G --file github_inc --asn ${{ vars.BL_GITHUB_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder G --file godaddy --asn ${{ vars.BL_GODADDY_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder G --file google --asn ${{ vars.BL_GOOGLE_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder H --file haproxy_technologies_inc --asn ${{ vars.BL_HAPROXY_TECHNOLOGIES_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder H --file hetzner --asn ${{ vars.BL_HETZNER_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder H --file hostinger --asn ${{ vars.BL_HOSTINGER_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder I --file inmotion_hosting --asn ${{ vars.BL_INMOTION_HOSTING_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder I --file ionos_1and1 --asn ${{ vars.BL_IONOS_1AND1_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder I --file internet_measurement_com --asn ${{ vars.BL_INTERNET_MEASUREMENT_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder K --file korea_telecom --asn ${{ vars.BL_KOREA_TELECOM_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder L --file leaseweb_hosting --asn ${{ vars.BL_LEASEWEB_HOSTING_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder M --file microsoft_corp --asn ${{ vars.BL_MICROSOFT_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder N --file namecheap --asn ${{ vars.BL_NAMECHEAP_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder N --file nintendo --asn ${{ vars.BL_NINTENDO_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder O --file onyphe_io --asn ${{ vars.BL_ONYPHE_IO_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder O --file oracle --asn ${{ vars.BL_ORACLE_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder O --file ovh_cloud --asn ${{ vars.BL_OVH_CLOUD_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder P --file palo_alto_networks --asn ${{ vars.BL_PALO_ALTO_NETWORKS_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder P --file psychz_networks --asn ${{ vars.BL_PSYCHZ_NETWORKS_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder Q --file quadra_net --asn ${{ vars.BL_QUADRA_NET_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder Q --file qwest_centurylink --asn ${{ vars.BL_QWEST_CENTURYLINK_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder R --file rackspace_hosting --asn ${{ vars.BL_RACKSPACE_HOSTING_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder R --file recyber_net --asn ${{ vars.BL_RECYBER_NET_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder R --file russia_crimeacom_south_llc --asn ${{ vars.BL_RUSSIA_CRIMEACOM_SOUTH_LLC_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder R --file russia_zummer_llc --asn ${{ vars.BL_RUSSIA_ZUMMER_LLC_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder S --file scaleway_sas --asn ${{ vars.BL_SCALEWAY_SAS_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder S --file servers_dot_com_inc --asn ${{ vars.BL_SERVERS_DOT_COM_INC_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder S --file shadowserver_foundation --asn ${{ vars.BL_SHADOWSERVER_FOUNDATION_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder S --file shodan_io --asn ${{ vars.BL_SHODAN_IO_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder S --file sharktech --asn ${{ vars.BL_SHARKTECH_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder S --file stackpath_blackhost --asn ${{ vars.BL_STACKPATH_BLACKHOST_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder S --file spacex_starlink --asn ${{ vars.BL_SPACEX_STARLINK_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder S --file sprint --asn ${{ vars.BL_SPRINT_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder T --file tiktok_bytedance --asn ${{ vars.BL_TIKTOK_BYTEDANCE_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder T --file tumblr --asn ${{ vars.BL_TUMBLR_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder T --file twitter_x --asn ${{ vars.BL_TWITTER_INC_X_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder U --file upcloud_usa_inc --asn ${{ vars.BL_UPCLOUD_USA_INC_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder U --file usa_department_of_defense_dnic --asn ${{ vars.BL_USA_DOD_DNIC_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder U --file usa_internet_corp --asn ${{ vars.BL_USA_INTERNET_CORP_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder V --file verizon --asn ${{ vars.BL_VERIZON_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder V --file vietel --asn ${{ vars.BL_VIETNAM_VIETEL_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder V --file vultr --asn ${{ vars.BL_VULTR_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder Y --file yahoo --asn ${{ vars.BL_YAHOO_ASN }} | |
| ./.github/scripts/bl-geolite2_asn.sh --folder Y --file youtube --asn ${{ vars.BL_YOUTUBE_ASN }} | |
| rm -rf blocklists/geolite/asn/ipv4 blocklists/geolite/asn/ipv6 | |
| rm -rf .github/temp .github/.temp | |
| # # | |
| # Generate โบ Transmission | |
| # # | |
| - name: '๐งฑ Generate โบ Transmission' | |
| id: task_blocklist_generate_transmission | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_core == 'true' | |
| run: | | |
| ./.github/scripts/bt-transmission.sh | |
| # # | |
| # Generate โบ Weekly | |
| # | |
| # Only updated once per week | |
| # # | |
| - name: '๐งฑ Generate โบ Weekly (7/days)' | |
| id: task_blocklist_generate_weekly | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_weekly == 'true' | |
| run: | | |
| # # | |
| # Weekly โบ BOGON | |
| # # | |
| CFG_SKIP_CIDR_DEDUPE=true ./.github/scripts/bogon.sh blocklists/bogon.ipset | |
| # # | |
| # Generate โบ Biweekly | |
| # | |
| # Only updated once every 2 weeks | |
| # # | |
| - name: '๐งฑ Generate โบ Bi-weekly (14/days)' | |
| id: task_blocklist_generate_biweekly | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_biweekly == 'true' | |
| run: | | |
| # # | |
| # Biweekly โบ IANA | |
| # # | |
| CFG_SKIP_BOGON_FILTER=true CFG_SKIP_CIDR_DEDUPE=true ./.github/scripts/range-iprange.sh blocklists/iana-reserved.ipset .github/blocks/iana/reserved.ipset | |
| CFG_SKIP_BOGON_FILTER=true CFG_SKIP_CIDR_DEDUPE=true ./.github/scripts/range-iprange.sh blocklists/iana-private.ipset .github/blocks/iana/private.ipset | |
| CFG_SKIP_BOGON_FILTER=true CFG_SKIP_CIDR_DEDUPE=true ./.github/scripts/range-iprange.sh blocklists/iana-multicast.ipset .github/blocks/iana/multicast.ipset | |
| # # | |
| # Delete Leftover Temps | |
| # # | |
| - name: '๐งฑ Generate โบ Cleanup Temps' | |
| id: task_blocklist_generate_cleanup | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_core == 'true' | |
| run: | | |
| echo "๐งน Cleaning up leftover .tmp files..." | |
| find ./blocklists -type f -name '*.tmp' -print -delete | |
| echo "โ Cleanup complete." | |
| # # | |
| # Generate โบ Verbose โบ List Tree | |
| # # | |
| - name: '๐ฒ Debug โบ Verbose Tree Listing' | |
| if: steps.task_blocklist_generate_run_mode.outputs.run_core == 'true' | |
| run: | | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| echo " PWD ..................... ${PWD}" | |
| echo " GITHUB.WORKSPACE ........ ${{ github.workspace }}" | |
| echo -e | |
| echo -e | |
| tree -I node_modules -I .git -I ./ | |
| echo "โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ" | |
| # # | |
| # Generate โบ SFTP / SSH โบ Upload Artifact | |
| # # | |
| - name: 'SSH โบ Zip Artifacts' | |
| id: generate_artifact_zip | |
| run: | | |
| REPO_NAME="${{ github.event.repository.name }}" # csf-firewall | |
| BRANCH_NAME="${{ github.ref_name }}" # main | |
| RUN_ID="${{ github.run_id }}" # 17373119899 | |
| ARTIFACT_NAME="artifact_${BRANCH_NAME}_${RUN_ID}.zip" # artifacts_main_xxxxxx.zip | |
| ARTIFACT_PATH="${REPO_NAME}/${ARTIFACT_NAME}" # csf-firewall/artifacts_main_xxxxxx.zip | |
| echo "REPO_NAME=$REPO_NAME" >> $GITHUB_ENV # csf-firewall | |
| echo "ARTIFACT_NAME=$ARTIFACT_NAME" >> $GITHUB_ENV # artifacts_main_xxxxxx.zip | |
| echo "ARTIFACT_PATH=$ARTIFACT_PATH" >> $GITHUB_ENV # csf-firewall/artifacts_main_xxxxxx.zip | |
| echo "artifact-name=$ARTIFACT_NAME" >> $GITHUB_OUTPUT # artifacts_main_xxxxxx.zip | |
| echo "artifact-path=$ARTIFACT_PATH" >> $GITHUB_OUTPUT # csf-firewall/artifacts_main_xxxxxx.zip | |
| zip -r "$ARTIFACT_NAME" ./* # delete original zip before push | |
| # # | |
| # Generate โบ SFTP / SSH โบ Upload Artifact | |
| # # | |
| - name: 'SSH โบ Upload Artifacts' | |
| env: | |
| username: github | |
| port: ${{ secrets.ARTIFACTS_PORT }} | |
| domain: ${{ secrets.ARTIFACTS_DOMAIN }} | |
| sshkey: ${{ secrets.ARTIFACTS_GITHUB_SSH_PRIVATE_KEY }} | |
| run: | | |
| # # | |
| # Make sure the .ssh folder exists | |
| # # | |
| mkdir -p ~/.ssh | |
| echo "$sshkey" > "$HOME/.ssh/github_sftp_key" | |
| chmod 600 "$HOME/.ssh/github_sftp_key" | |
| # # | |
| # Upload to repo-specific directory | |
| # # | |
| sftp -P "$port" \ | |
| -i "$HOME/.ssh/github_sftp_key" \ | |
| -o StrictHostKeyChecking=no \ | |
| "$username@$domain" <<EOF | |
| mkdir $REPO_NAME | |
| cd $REPO_NAME | |
| put $ARTIFACT_NAME | |
| bye | |
| EOF | |
| # Delete local artifact after upload | |
| rm -f "$ARTIFACT_NAME" | |
| # # | |
| # Generate โบ Artifact โบ Upload | |
| # # | |
| - name: "๐ Generate โบ Upload Artifact" | |
| id: task_blocklist_generate_artifact_upload | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: blocklist-latest | |
| path: ./ | |
| retention-days: 1 | |
| # # | |
| # Job โบ Commit | |
| # # | |
| blocklist-commit: | |
| name: >- | |
| ๐ Commit | |
| runs-on: ubuntu-latest | |
| # runs-on: apollo-x64 | |
| timeout-minutes: 120 | |
| needs: [ blocklist-setup, blocklist-generate ] | |
| steps: | |
| # # | |
| # Commit โบ Checkout | |
| # # | |
| - name: >- | |
| โ๏ธ Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| # # | |
| # Commit โบ Artifact โบ Setup SSH | |
| # # | |
| - name: '๐ Commit โบ Setup SSH Artifact' | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.ARTIFACTS_GITHUB_SSH_PRIVATE_KEY }}" > "$HOME/.ssh/github_sftp_key" | |
| chmod 600 "$HOME/.ssh/github_sftp_key" | |
| # # | |
| # Commit โบ Artifact โบ Download | |
| # # | |
| #- name: '๐ Commit โบ Download Artifact' | |
| # run: | | |
| # ARTIFACT_PATH="${{ needs.blocklist-generate.outputs.artifact-path }}" # csf-firewall/artifacts_main_xxxxxx.zip | |
| # ARTIFACT_NAME="$(basename "$ARTIFACT_PATH")" # artifacts_main_xxxxxx.zip | |
| # REPO_NAME="$(dirname "$ARTIFACT_PATH")" # csf-firewall | |
| # echo "Downloading $ARTIFACT_PATH" | |
| # sftp -P ${{ secrets.ARTIFACTS_PORT }} \ | |
| # -i "$HOME/.ssh/github_sftp_key" \ | |
| # -o StrictHostKeyChecking=no \ | |
| # github@${{ secrets.ARTIFACTS_DOMAIN }} <<EOF | |
| # cd $REPO_NAME | |
| # get $ARTIFACT_NAME | |
| # bye | |
| # EOF | |
| # unzip -o "$ARTIFACT_NAME" # unzip -o artifacts_main_xxxxxx.zip | |
| # rm -f "$ARTIFACT_NAME" # rm -f artifacts_main_xxxxxx.zip | |
| # # | |
| # Commit โบ GPG โบ Import Key (No Passphrase) | |
| # | |
| # requires your GPG private key, converted to base64 binary .gpg (not armored .asc) | |
| # | |
| # this is utilized to generate signed hash digest | |
| # | |
| # find . -maxdepth 1 \( -name '*.zip' -o -name '*.gz' \) -printf '%P\n' | xargs -r sha1sum | gpg --digest-algo sha256 --clearsign > sha1sum.txt.asc | |
| # find . -maxdepth 1 \( -name '*.zip' -o -name '*.gz' \) -printf '%P\n' | xargs -r sha256sum | gpg --digest-algo sha256 --clearsign > sha256 | |
| # # | |
| - name: '๐ชช Commit โบ GPG โบ Import Signing Key โบ W/o Passphrase' | |
| if: env.GPG_KEY_BASE64 != '' && env.GPG_KEY_PASSPHRASE == '' | |
| run: | | |
| echo "$GPG_KEY_BASE64" | base64 -di | gpg --import | |
| # # | |
| # Commit โบ GPG โบ Import Key (With Passphrase) | |
| # | |
| # requires your GPG private key, converted to base64 binary .gpg (not armored .asc) | |
| # | |
| # this is utilized to generate signed hash digest | |
| # | |
| # find . -maxdepth 1 \( -name '*.zip' -o -name '*.gz' \) -printf '%P\n' | xargs -r sha1sum | gpg --digest-algo sha256 --clearsign > sha1sum.txt.asc | |
| # find . -maxdepth 1 \( -name '*.zip' -o -name '*.gz' \) -printf '%P\n' | xargs -r sha256sum | gpg --digest-algo sha256 --clearsign > sha256 | |
| # # | |
| - name: '๐ชช Commit โบ GPG โบ Import Signing Key โบ w/ Passphrase' | |
| if: env.GPG_KEY_BASE64 != '' && env.GPG_KEY_PASSPHRASE != '' | |
| run: | | |
| echo "$GPG_KEY_BASE64" | base64 -di > /tmp/signing-key.gpg | |
| echo "$GPG_KEY_PASSPHRASE" | gpg --pinentry-mode loopback --passphrase-fd 0 --import /tmp/signing-key.gpg | |
| (echo "$GPG_KEY_PASSPHRASE"; echo; echo) | gpg --command-fd 0 --pinentry-mode loopback --change-passphrase $(gpg --list-secret-keys --with-colons 2> /dev/null | grep '^sec:' | cut --delimiter ':' --fields 5 | tail -n 1) | |
| # # | |
| # Commit โบ Artifact โบ Download | |
| # # | |
| - name: "๐ Commit โบ Download Artifact" | |
| id: task_commit_artifact_download | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: blocklist-latest | |
| path: ./ | |
| # # | |
| # Commit โบ Precommit | |
| # # | |
| - name: "๐ฆ Commit โบ Pre-commit" | |
| id: task_commit_pre | |
| run: | | |
| now=$(date -u '+%m/%d/%Y %H:%M') | |
| commit_label="Sync" >> $GITHUB_ENV | |
| commit_message="\`๏ธ๏ธ๐ $commit_label ๐\` \`$now UTC\`" >> $GITHUB_ENV | |
| echo "COMMIT_MESSAGE=$(echo $commit_message)" >> $GITHUB_ENV | |
| echo "NOW=$(echo $now)" >> $GITHUB_ENV | |
| # # | |
| # Commit โบ Update โบ README | |
| # # | |
| - name: "๐ Commit โบ Update โบ README" | |
| id: task_commit_update_readme | |
| run: | | |
| chmod +x ".github/scripts/update-readme.sh" | |
| ./.github/scripts/update-readme.sh README.md | |
| # # | |
| # Commit โบ Update โบ Manifest | |
| # # | |
| - name: "๐ Commit โบ Update โบ Manifest" | |
| id: task_commit_update_manifest | |
| run: | | |
| chmod +x ".github/scripts/update-manifest.sh" | |
| ./.github/scripts/update-manifest.sh manifest.json | |
| # # | |
| # Commit โบ GPG Key | |
| # | |
| # required in order to do signed commits | |
| # # | |
| - name: "๐ฆ Commit โบ GPG Key" | |
| id: task_commit_gpg | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.ADMINSERV_GPG_KEY_ASC }} | |
| passphrase: ${{ secrets.ADMINSERV_GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| # # | |
| # Commit โบ Commit | |
| # # | |
| - name: "๐ฆ Commit โบ Execute" | |
| id: task_commit_execute | |
| uses: stefanzweifel/git-auto-commit-action@v5 | |
| with: | |
| commit_message: ${{ env.COMMIT_MESSAGE }} | |
| commit_author: "${{ steps.task_commit_gpg.outputs.name }} <${{ steps.task_commit_gpg.outputs.email }}>" | |
| commit_user_name: ${{ steps.task_commit_gpg.outputs.name }} | |
| commit_user_email: ${{ steps.task_commit_gpg.outputs.email }} | |
| # # | |
| # Commit โบ Clean up Artifacts | |
| # | |
| # Left-behind artifacts cleaned up after 5 days | |
| # # | |
| - name: '๐ Commit โบ Cleanup Old Artifacts' | |
| env: | |
| username: github | |
| port: ${{ secrets.ARTIFACTS_PORT }} | |
| domain: ${{ secrets.ARTIFACTS_DOMAIN }} | |
| sshkey: ${{ secrets.ARTIFACTS_GITHUB_SSH_PRIVATE_KEY }} | |
| run: | | |
| ssh -p "$port" \ | |
| -i "$HOME/.ssh/github_sftp_key" \ | |
| -o StrictHostKeyChecking=no \ | |
| "$username@$domain" \ | |
| "find /files/${{ github.event.repository.name }} -name 'artifacts_*.zip' -type f -mtime +2 -delete" |