From e48c2539c23bc4432b9a86ecaade872dd7b5ee0d Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Mon, 22 Apr 2024 09:20:14 +0200 Subject: [PATCH] chg: Add ip-src|dst and ip-dst|port as matching attr types to cidr lists --- lists/akamai/list.json | 6 ++++-- lists/amazon-aws/list.json | 6 ++++-- lists/apple/list.json | 6 ++++-- lists/cloudflare/list.json | 8 +++++--- lists/crl-ip/list.json | 6 ++++-- lists/fastly/list.json | 6 ++++-- lists/google-gcp/list.json | 6 ++++-- lists/google-gmail-sending-ips/list.json | 6 ++++-- lists/googlebot/list.json | 6 ++++-- lists/microsoft-azure-china/list.json | 6 ++++-- lists/microsoft-azure-germany/list.json | 6 ++++-- lists/microsoft-azure-us-gov/list.json | 6 ++++-- lists/microsoft-azure/list.json | 6 ++++-- lists/microsoft-office365-cn/list.json | 6 ++++-- lists/microsoft-office365-ip/list.json | 6 ++++-- lists/multicast/list.json | 6 ++++-- lists/openai-gptbot/list.json | 6 ++++-- lists/ovh-cluster/list.json | 6 ++++-- lists/parking-domain/list.json | 8 +++++--- lists/public-dns-v4/list.json | 6 ++++-- lists/public-dns-v6/list.json | 6 ++++-- lists/sinkholes/list.json | 7 +++++-- lists/smtp-receiving-ips/list.json | 6 ++++-- lists/smtp-sending-ips/list.json | 6 ++++-- lists/stackpath/list.json | 8 +++++--- lists/tenable-cloud-ipv4/list.json | 6 ++++-- lists/tenable-cloud-ipv6/list.json | 6 ++++-- lists/umbrella-blockpage-v4/list.json | 6 ++++-- lists/umbrella-blockpage-v6/list.json | 6 ++++-- lists/vpn-ipv4/list.json | 6 ++++-- lists/vpn-ipv6/list.json | 6 ++++-- lists/wikimedia/list.json | 6 ++++-- lists/zscaler/list.json | 6 ++++-- tools/generate-akamai.py | 2 +- tools/generate-amazon-aws.py | 2 +- tools/generate-check-host-net.py | 2 +- tools/generate-cloudflare.py | 2 +- tools/generate-crl-ip-domains.py | 2 +- tools/generate-google-bot.py | 2 +- tools/generate-google-gcp.py | 2 +- tools/generate-google-gmail-sending-ips.py | 2 +- tools/generate-gptbot.py | 2 +- tools/generate-microsoft-azure.py | 2 +- tools/generate-office365.py | 4 ++-- tools/generate-smtp.py | 4 ++-- tools/generate-stackpath.py | 2 +- tools/generate-tenable.py | 2 +- tools/generate-vpn.py | 2 +- tools/generate-wikimedia.py | 2 +- tools/generate-zscaler.py | 2 +- 50 files changed, 155 insertions(+), 88 deletions(-) diff --git a/lists/akamai/list.json b/lists/akamai/list.json index 33a6b026..406a2faa 100644 --- a/lists/akamai/list.json +++ b/lists/akamai/list.json @@ -273,9 +273,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Akamai IP ranges", "type": "cidr", - "version": 20210613 + "version": 20240422 } diff --git a/lists/amazon-aws/list.json b/lists/amazon-aws/list.json index 10406f75..e31e2bac 100644 --- a/lists/amazon-aws/list.json +++ b/lists/amazon-aws/list.json @@ -2669,9 +2669,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Amazon AWS IP address ranges", "type": "cidr", - "version": 20240418 + "version": 20240422 } diff --git a/lists/apple/list.json b/lists/apple/list.json index 0e3f8a5a..1fa62bcf 100644 --- a/lists/apple/list.json +++ b/lists/apple/list.json @@ -6,9 +6,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Apple IP ranges", "type": "cidr", - "version": 20210610 + "version": 20240422 } diff --git a/lists/cloudflare/list.json b/lists/cloudflare/list.json index 3f1c66e8..d7a5c92b 100644 --- a/lists/cloudflare/list.json +++ b/lists/cloudflare/list.json @@ -25,11 +25,13 @@ "2c0f:f248::/32" ], "matching_attributes": [ - "ip-dst", "ip-src", - "domain|ip" + "ip-dst", + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Cloudflare IP ranges", "type": "cidr", - "version": 20240418 + "version": 20240422 } diff --git a/lists/crl-ip/list.json b/lists/crl-ip/list.json index de9cf19f..6d501a7a 100644 --- a/lists/crl-ip/list.json +++ b/lists/crl-ip/list.json @@ -260,9 +260,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "CRL and OCSP IP addresses", "type": "cidr", - "version": 20240418 + "version": 20240422 } diff --git a/lists/fastly/list.json b/lists/fastly/list.json index 073ec681..74f08ad2 100644 --- a/lists/fastly/list.json +++ b/lists/fastly/list.json @@ -24,9 +24,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Fastly IP address ranges", "type": "cidr", - "version": 20201106 + "version": 20240422 } diff --git a/lists/google-gcp/list.json b/lists/google-gcp/list.json index cacd8503..168468a9 100644 --- a/lists/google-gcp/list.json +++ b/lists/google-gcp/list.json @@ -304,9 +304,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known GCP (Google Cloud Platform) IP address ranges", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/google-gmail-sending-ips/list.json b/lists/google-gmail-sending-ips/list.json index 4fcc182f..cf5871f0 100644 --- a/lists/google-gmail-sending-ips/list.json +++ b/lists/google-gmail-sending-ips/list.json @@ -32,9 +32,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Gmail sending IP ranges", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/googlebot/list.json b/lists/googlebot/list.json index 49ab738f..c056ffd8 100644 --- a/lists/googlebot/list.json +++ b/lists/googlebot/list.json @@ -71,9 +71,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Googlebot IP ranges (https://developers.google.com/search/apis/ipranges/googlebot.json)", "type": "cidr", - "version": 20240405 + "version": 20240402 } diff --git a/lists/microsoft-azure-china/list.json b/lists/microsoft-azure-china/list.json index b5395689..e0652561 100644 --- a/lists/microsoft-azure-china/list.json +++ b/lists/microsoft-azure-china/list.json @@ -205,9 +205,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Microsoft Azure China Datacenter IP Ranges", "type": "cidr", - "version": 20240418 + "version": 20240422 } diff --git a/lists/microsoft-azure-germany/list.json b/lists/microsoft-azure-germany/list.json index 63bffe75..c22f3359 100644 --- a/lists/microsoft-azure-germany/list.json +++ b/lists/microsoft-azure-germany/list.json @@ -41,9 +41,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Microsoft Azure Germany Datacenter IP Ranges", "type": "cidr", - "version": 20240418 + "version": 20240422 } diff --git a/lists/microsoft-azure-us-gov/list.json b/lists/microsoft-azure-us-gov/list.json index aa701663..5cb5ddc5 100644 --- a/lists/microsoft-azure-us-gov/list.json +++ b/lists/microsoft-azure-us-gov/list.json @@ -181,9 +181,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Microsoft Azure US Government Cloud Datacenter IP Ranges", "type": "cidr", - "version": 20240418 + "version": 20240422 } diff --git a/lists/microsoft-azure/list.json b/lists/microsoft-azure/list.json index 7032d91d..2cf12714 100644 --- a/lists/microsoft-azure/list.json +++ b/lists/microsoft-azure/list.json @@ -2416,9 +2416,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Microsoft Azure Datacenter IP Ranges", "type": "cidr", - "version": 20240418 + "version": 20240422 } diff --git a/lists/microsoft-office365-cn/list.json b/lists/microsoft-office365-cn/list.json index 7dd6986b..5c03fe37 100644 --- a/lists/microsoft-office365-cn/list.json +++ b/lists/microsoft-office365-cn/list.json @@ -78,9 +78,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Office 365 IP address ranges in China", "type": "cidr", - "version": 20240418 + "version": 20240422 } diff --git a/lists/microsoft-office365-ip/list.json b/lists/microsoft-office365-ip/list.json index 7b82ec47..0e7211d4 100644 --- a/lists/microsoft-office365-ip/list.json +++ b/lists/microsoft-office365-ip/list.json @@ -89,9 +89,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Office 365 IP address ranges", "type": "cidr", - "version": 20240418 + "version": 20240422 } diff --git a/lists/multicast/list.json b/lists/multicast/list.json index 8c15d34a..4ef09cb1 100644 --- a/lists/multicast/list.json +++ b/lists/multicast/list.json @@ -21,9 +21,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of RFC 5771 multicast CIDR blocks", "type": "cidr", - "version": 3 + "version": 4 } diff --git a/lists/openai-gptbot/list.json b/lists/openai-gptbot/list.json index f2394e22..82dc23c8 100644 --- a/lists/openai-gptbot/list.json +++ b/lists/openai-gptbot/list.json @@ -7,9 +7,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known IP address ranges for OpenAI GPT crawler bot", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/ovh-cluster/list.json b/lists/ovh-cluster/list.json index 3cdbe6da..06f14a92 100644 --- a/lists/ovh-cluster/list.json +++ b/lists/ovh-cluster/list.json @@ -436,9 +436,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Ovh Cluster IP", "type": "cidr", - "version": 20180222 + "version": 20240422 } diff --git a/lists/parking-domain/list.json b/lists/parking-domain/list.json index bb9dc8a6..11903aab 100644 --- a/lists/parking-domain/list.json +++ b/lists/parking-domain/list.json @@ -105,11 +105,13 @@ "99.83.154.118/32" ], "matching_attributes": [ - "domain|ip", + "ip-src", "ip-dst", - "ip-src" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "Parking domains", "type": "cidr", - "version": 20221024 + "version": 20240422 } diff --git a/lists/public-dns-v4/list.json b/lists/public-dns-v4/list.json index 68c45529..eb17758f 100644 --- a/lists/public-dns-v4/list.json +++ b/lists/public-dns-v4/list.json @@ -62745,9 +62745,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known IPv4 public DNS resolvers", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/public-dns-v6/list.json b/lists/public-dns-v6/list.json index 178ca0a0..1db97a9c 100644 --- a/lists/public-dns-v6/list.json +++ b/lists/public-dns-v6/list.json @@ -267,9 +267,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known IPv6 public DNS resolvers", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/sinkholes/list.json b/lists/sinkholes/list.json index a41ae015..56536896 100644 --- a/lists/sinkholes/list.json +++ b/lists/sinkholes/list.json @@ -111,9 +111,12 @@ ], "matching_attributes": [ "ip-src", - "ip-dst" + "ip-dst", + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known sinkholes", "type": "cidr", - "version": 1 + "version": 2 } diff --git a/lists/smtp-receiving-ips/list.json b/lists/smtp-receiving-ips/list.json index 257f085f..ef969390 100644 --- a/lists/smtp-receiving-ips/list.json +++ b/lists/smtp-receiving-ips/list.json @@ -261,9 +261,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known SMTP receiving IP addresses", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/smtp-sending-ips/list.json b/lists/smtp-sending-ips/list.json index 8639baa2..659c025a 100644 --- a/lists/smtp-sending-ips/list.json +++ b/lists/smtp-sending-ips/list.json @@ -926,9 +926,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known SMTP sending IP ranges", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/stackpath/list.json b/lists/stackpath/list.json index e5a2e2ee..af4a93ea 100644 --- a/lists/stackpath/list.json +++ b/lists/stackpath/list.json @@ -250,11 +250,13 @@ "98.190.94.128/25" ], "matching_attributes": [ - "ip-dst", "ip-src", - "domain|ip" + "ip-dst", + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Stackpath CDN IP ranges", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/tenable-cloud-ipv4/list.json b/lists/tenable-cloud-ipv4/list.json index d4faf326..544aba81 100644 --- a/lists/tenable-cloud-ipv4/list.json +++ b/lists/tenable-cloud-ipv4/list.json @@ -44,9 +44,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Tenable Cloud Sensors IPv4", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/tenable-cloud-ipv6/list.json b/lists/tenable-cloud-ipv6/list.json index e4029a76..6c9e6585 100644 --- a/lists/tenable-cloud-ipv6/list.json +++ b/lists/tenable-cloud-ipv6/list.json @@ -22,9 +22,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Tenable Cloud Sensors IPv6", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/umbrella-blockpage-v4/list.json b/lists/umbrella-blockpage-v4/list.json index 881e0e0a..28d4c596 100644 --- a/lists/umbrella-blockpage-v4/list.json +++ b/lists/umbrella-blockpage-v4/list.json @@ -11,9 +11,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "cisco-umbrella-blockpage-ipv4", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/umbrella-blockpage-v6/list.json b/lists/umbrella-blockpage-v6/list.json index 31749ca7..d0304342 100644 --- a/lists/umbrella-blockpage-v6/list.json +++ b/lists/umbrella-blockpage-v6/list.json @@ -11,9 +11,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "cisco-umbrella-blockpage-ipv6", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/vpn-ipv4/list.json b/lists/vpn-ipv4/list.json index ff357aca..815a2882 100644 --- a/lists/vpn-ipv4/list.json +++ b/lists/vpn-ipv4/list.json @@ -24048,9 +24048,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "Specialized list of vpn-ipv4 addresses belonging to common VPN providers and datacenters", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/vpn-ipv6/list.json b/lists/vpn-ipv6/list.json index 0bdd582b..bd0c4f13 100644 --- a/lists/vpn-ipv6/list.json +++ b/lists/vpn-ipv6/list.json @@ -1255,9 +1255,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "Specialized list of IPv6 addresses belonging to common VPN providers and datacenters", "type": "cidr", - "version": 20220324 + "version": 20240422 } diff --git a/lists/wikimedia/list.json b/lists/wikimedia/list.json index 57726acb..3a97d4c9 100644 --- a/lists/wikimedia/list.json +++ b/lists/wikimedia/list.json @@ -67,9 +67,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Wikimedia address ranges", "type": "cidr", - "version": 20240405 + "version": 20240422 } diff --git a/lists/zscaler/list.json b/lists/zscaler/list.json index f8bf12bd..da2c316b 100644 --- a/lists/zscaler/list.json +++ b/lists/zscaler/list.json @@ -71,9 +71,11 @@ "matching_attributes": [ "ip-src", "ip-dst", - "domain|ip" + "domain|ip", + "ip-src|port", + "ip-dst|port" ], "name": "List of known Zscaler IP address ranges", "type": "cidr", - "version": 20230810 + "version": 20240422 } diff --git a/tools/generate-akamai.py b/tools/generate-akamai.py index 34561bc4..acc54775 100644 --- a/tools/generate-akamai.py +++ b/tools/generate-akamai.py @@ -72,7 +72,7 @@ def is_akamai(data: dict) -> bool: 'description': 'Akamai IP ranges from BGP search', 'type': 'cidr', 'list': consolidate_networks(networks), - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } write_to_file(warninglist, "akamai") diff --git a/tools/generate-amazon-aws.py b/tools/generate-amazon-aws.py index 36f4a2f0..fffeb06d 100755 --- a/tools/generate-amazon-aws.py +++ b/tools/generate-amazon-aws.py @@ -23,7 +23,7 @@ def process(file, dst): 'description': 'Amazon AWS IP address ranges (https://ip-ranges.amazonaws.com/ip-ranges.json)', 'type': 'cidr', 'list': consolidate_networks(l), - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } write_to_file(warninglist, dst) diff --git a/tools/generate-check-host-net.py b/tools/generate-check-host-net.py index 9a465a75..c7848a71 100755 --- a/tools/generate-check-host-net.py +++ b/tools/generate-check-host-net.py @@ -20,7 +20,7 @@ def process(file, dst): 'description': 'check-host IP addresses (https://check-host.net/nodes/ips)', 'type': 'cidr', 'list': consolidate_networks(l), - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } write_to_file(warninglist, dst) diff --git a/tools/generate-cloudflare.py b/tools/generate-cloudflare.py index dec326f7..31b93f0e 100755 --- a/tools/generate-cloudflare.py +++ b/tools/generate-cloudflare.py @@ -11,7 +11,7 @@ def process(files, dst): 'description': "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)", 'type': "cidr", 'list': [], - 'matching_attributes': ["ip-dst", "ip-src", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } for file in files: diff --git a/tools/generate-crl-ip-domains.py b/tools/generate-crl-ip-domains.py index 5781f72d..de06e349 100755 --- a/tools/generate-crl-ip-domains.py +++ b/tools/generate-crl-ip-domains.py @@ -99,7 +99,7 @@ def process(file): 'version': get_version(), 'description': 'IP addresses that belongs to CRL or OCSP', 'list': get_ips_from_domains(crl_ocsp_domains), - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"], + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"], 'type': 'cidr', } write_to_file(warninglist, "crl-ip") diff --git a/tools/generate-google-bot.py b/tools/generate-google-bot.py index 72fcb0ad..f5ac4acd 100644 --- a/tools/generate-google-bot.py +++ b/tools/generate-google-bot.py @@ -15,7 +15,7 @@ 'name': 'List of known Googlebot IP ranges (https://developers.google.com/search/apis/ipranges/googlebot.json)', 'version': get_version(), 'description': "Google Bot IP address ranges (https://developers.google.com/search/apis/ipranges/googlebot.json)", - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"], + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"], 'type': 'cidr', 'list': consolidate_networks(ranges), } diff --git a/tools/generate-google-gcp.py b/tools/generate-google-gcp.py index 8095ea5a..3c760c25 100644 --- a/tools/generate-google-gcp.py +++ b/tools/generate-google-gcp.py @@ -15,7 +15,7 @@ 'name': "List of known GCP (Google Cloud Platform) IP address ranges", 'version': get_version(), 'description': "GCP (Google Cloud Platform) IP address ranges (https://www.gstatic.com/ipranges/cloud.json)", - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"], + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"], 'type': 'cidr', 'list': consolidate_networks(ranges), } diff --git a/tools/generate-google-gmail-sending-ips.py b/tools/generate-google-gmail-sending-ips.py index 8b44f325..7d559d06 100644 --- a/tools/generate-google-gmail-sending-ips.py +++ b/tools/generate-google-gmail-sending-ips.py @@ -9,7 +9,7 @@ 'name': "List of known Gmail sending IP ranges", 'version': get_version(), 'description': "List of known Gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)", - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"], + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"], 'type': 'cidr', 'list': consolidate_networks(spf.get_ip_ranges_from_spf("gmail.com")), } diff --git a/tools/generate-gptbot.py b/tools/generate-gptbot.py index cb760cc4..07b43590 100755 --- a/tools/generate-gptbot.py +++ b/tools/generate-gptbot.py @@ -19,7 +19,7 @@ def process(file, dst): 'description': 'OpenAI gptbot crawler (https://openai.com/gptbot-ranges.txt)', 'type': 'cidr', 'list': consolidate_networks(l), - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } write_to_file(warninglist, dst) diff --git a/tools/generate-microsoft-azure.py b/tools/generate-microsoft-azure.py index bc800ccc..40a30160 100755 --- a/tools/generate-microsoft-azure.py +++ b/tools/generate-microsoft-azure.py @@ -20,7 +20,7 @@ def process(file, dst, name: str, description: str): 'name': name, 'version': get_version(), 'description': description, - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"], + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"], 'type': 'cidr' } diff --git a/tools/generate-office365.py b/tools/generate-office365.py index 99f3d342..4d64936d 100755 --- a/tools/generate-office365.py +++ b/tools/generate-office365.py @@ -23,7 +23,7 @@ def process(url): 'name': 'List of known Office 365 IP address ranges', 'description': 'Office 365 IP address ranges', 'type': 'cidr', - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } generate(consolidate_networks(lips), office365_ips_dst, office365_ips_warninglist) @@ -65,6 +65,6 @@ def get_lists(url): 'name': 'List of known Office 365 IP address ranges in China', 'description': 'Office 365 IP address ranges in China', 'type': 'cidr', - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } generate(consolidate_networks(lips), "microsoft-office365-cn", warninglist) diff --git a/tools/generate-smtp.py b/tools/generate-smtp.py index bbab1e04..eca791d9 100644 --- a/tools/generate-smtp.py +++ b/tools/generate-smtp.py @@ -79,7 +79,7 @@ 'name': "List of known SMTP sending IP ranges", 'version': get_version(), 'description': "List of IP ranges for known SMTP servers.", - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"], + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"], 'type': 'cidr', 'list': consolidate_networks(spf_ranges), } @@ -93,7 +93,7 @@ 'name': "List of known SMTP receiving IP addresses", 'version': get_version(), 'description': "List of IP addresses for known SMTP servers.", - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"], + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"], 'type': 'cidr', 'list': map(str, mx_ips), } diff --git a/tools/generate-stackpath.py b/tools/generate-stackpath.py index e5503df8..99772f05 100755 --- a/tools/generate-stackpath.py +++ b/tools/generate-stackpath.py @@ -74,7 +74,7 @@ def process(files, dst): 'description': "List of known Stackpath (Highwinds) CDN IP ranges (https://support.stackpath.com/hc/en-us/articles/360001091666-Whitelist-CDN-WAF-IP-Blocks)", 'type': "cidr", 'list': [], - 'matching_attributes': ["ip-dst", "ip-src", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } for file in files: diff --git a/tools/generate-tenable.py b/tools/generate-tenable.py index 07dbd875..b7657143 100644 --- a/tools/generate-tenable.py +++ b/tools/generate-tenable.py @@ -10,7 +10,7 @@ def process(file, dst, name: str, description: str, prefixlist: str, prefixitem: 'name': name, 'version': get_version(), 'description': description, - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"], + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"], 'type': 'cidr' } diff --git a/tools/generate-vpn.py b/tools/generate-vpn.py index 3a134645..2f107227 100755 --- a/tools/generate-vpn.py +++ b/tools/generate-vpn.py @@ -11,7 +11,7 @@ def process(url, dst): 'description': 'Specialized list of {} addresses belonging to common VPN providers and datacenters'.format(dst), 'list': consolidate_networks(process_stream(url)), 'type': 'cidr', - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } write_to_file(warninglist, dst) diff --git a/tools/generate-wikimedia.py b/tools/generate-wikimedia.py index 4a4132d9..99d12f91 100755 --- a/tools/generate-wikimedia.py +++ b/tools/generate-wikimedia.py @@ -15,7 +15,7 @@ def process(url, dst): 'description': 'Wikimedia address ranges (http://noc.wikimedia.org/conf/reverse-proxy.php.txt)', 'type': 'cidr', 'list': [], - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } matched = re.findall( diff --git a/tools/generate-zscaler.py b/tools/generate-zscaler.py index 7d382577..62c41152 100755 --- a/tools/generate-zscaler.py +++ b/tools/generate-zscaler.py @@ -20,7 +20,7 @@ def process(file, dst): 'description': 'Zscaler IP address ranges (https://config.zscaler.com/api/zscaler.net/hubs/cidr/json/required)', 'type': 'cidr', 'list': consolidate_networks(l), - 'matching_attributes': ["ip-src", "ip-dst", "domain|ip"] + 'matching_attributes': ["ip-src", "ip-dst", "domain|ip", "ip-src|port", "ip-dst|port"] } write_to_file(warninglist, dst)