En script som laver en Routeros ip4v whitelist udfra fra Microsoft's xml

 

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$o365Ips = "https://support.content.office.net/en-us/static/O365IPAddresses.xml"

$output = "$PSScriptRoot\O365IPAddresses.xml"

$RosFirewallAddresslist = "/ip firewall address-list"
$RosAddList = "add list=Whitelist_O365 address="
$RosComment = " comment=O365_"

$RosScriptOutput = "c:\temp\o365Ros.rsc"

$RosFirewallAddresslist | out-file $RosScriptOutput -Encoding unicode -Force

$wc = New-Object System.Net.WebClient
$wc.DownloadFile($o365Ips, $output)

[xml]$o365Data = Get-Content $output
$o365 = @()

foreach($product in $o365Data.products.product)
{
    write-host $product.name
   
    foreach ($address in $product.addresslist)
    {

        if ($address.type -eq "IPv4")
        {

            if ($address.address)
            {
                $ourObject = New-Object -TypeName psobject
                $ourObject | Add-Member -MemberType NoteProperty -Name Product -Value $product.name
                $ourObject | Add-Member -MemberType NoteProperty -Name AddressesType -Value $address.type
                $ourObject | Add-Member -MemberType NoteProperty -Name IPaddresses -Value $address.address
            }
                  
        }
        elseif($address.type -eq "IPv6")
        {
            #       Write-host $address.address
        }
        elseif($address.type -eq "URL")
        {
            #   Write-host $address.address
        }

    }
    $o365 += $ourObject
    $ourObject = $null

}
$o365

$o365 | foreach { $Prod = $_.Product  ; $ips = $_.IPaddresses ; $Prod + " : " + $ips.Count ; `
foreach ($ip in $ips){ $RosAddList + $ip + $RosComment +  $Prod | out-file $RosScriptOutput -Encoding unicode -Append }; `
` }
#Write-host "test "
get-content $RosScriptOutput

En powershell script som bygger en blocklist udfra nogle at de Data som Sans stiller til rådighed.

## makes powershell use TLS1.2

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$blacklist = "https://isc.sans.edu/api/threatlist/shodan?json"

$Webdata = Invoke-WebRequest $blacklist -UserAgent "This email address is being protected from spambots. You need JavaScript enabled to view it.]"
$data = $Webdata | ConvertFrom-Json

#$data.ipv4.Count
#Start-Sleep -Seconds 100

$RosFirewallAddresslist = "/ip firewall address-list"
$RosAddList = "add list=blacklist address="
$RosComment = " comment=Sans_shodan"

$RosScriptOutput = "c:\temp\Sans_shodan.rsc"
$RosFirewallAddresslist | out-file $RosScriptOutput -Encoding unicode -Force

## https://chrisjwarwick.wordpress.com/2012/09/16/more-regular-expressions-regex-for-ip-v4-addresses/
Function ExtractValidIPAddress($String){
    $IPregex=‘(?<Address>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))’
    If ($String -Match $IPregex) {$Matches.Address}
}

foreach( $line in $data.ipv4 )
{
if ($line -and (ExtractValidIPAddress($line) )) {
$RosAddList + $line + $RosComment | out-file $RosScriptOutput -Encoding unicode -Append
}
}

#Get-Content $RosScriptOutput

Lidt powershell som danner en RSC file til mikrotik enheder, der kan bruges til blocklists

## makes powershell use TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$blacklist = "http://malc0de.com/bl/IP_Blacklist.txt"

$data = Invoke-WebRequest $blacklist

$RosFirewallAddresslist = "/ip firewall address-list"
$RosAddList = "add list=blacklist address="
$RosComment = " comment=Malcode"

$RosScriptOutput = "c:\temp\Malcode.rsc"
$RosFirewallAddresslist | out-file $RosScriptOutput -Encoding unicode -Force

## https://chrisjwarwick.wordpress.com/2012/09/16/more-regular-expressions-regex-for-ip-v4-addresses/
Function ExtractValidIPAddress($String){
$IPregex=‘(?<Address>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))’
If ($String -Match $IPregex) {$Matches.Address}
}

foreach( $line in $data.RawContent.Split("") )
{
if ($line -and (ExtractValidIPAddress($line) )) {
$RosAddList + $line + $RosComment | out-file $RosScriptOutput -Encoding unicode -Append
}
}
#Get-Content $RosScriptOutput

 

Et Powershell script som danner en RSC output file til brug på mikrotik enheder.

 


## makes powershell use TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$blacklist = "https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt"

$data = Invoke-WebRequest $blacklist

$RosFirewallAddresslist = "/ip firewall address-list"
$RosAddList = "add list=blacklist address="
$RosComment = " comment=RansomwareTracker"

$RosScriptOutput = "c:\temp\RansomwareTracker.rsc"

$RosFirewallAddresslist | out-file $RosScriptOutput -Encoding unicode -Force

## https://chrisjwarwick.wordpress.com/2012/09/16/more-regular-expressions-regex-for-ip-v4-addresses/
Function ExtractValidIPAddress($String){
$IPregex=‘(?<Address>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))’
If ($String -Match $IPregex) {$Matches.Address}
}

foreach( $line in $data.RawContent.Split("") )
{
if ($line -and (ExtractValidIPAddress($line) )) {
$RosAddList + $line + $RosComment | out-file $RosScriptOutput -Encoding unicode -Append
}
}
#Get-Content $RosScriptOutput

 

Et Lille powershell script som danner en mikrotik / routeros RSC script file, der kan bruges til at opdateret en addresse liste.

 ## senderbase.org / talsos
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$blacklist = "https://talosintelligence.com/documents/ip-blacklist"

$data = Invoke-WebRequest $blacklist
$RosFirewallAddresslist = "/ip firewall address-list"
$RosAddList = "add list=blacklist address="
$RosComment = " comment=Talos"
$RosScriptOutput = "c:\temp\Talos.rsc"

$RosFirewallAddresslist | out-file $RosScriptOutput -Encoding unicode -Force

## https://chrisjwarwick.wordpress.com/2012/09/16/more-regular-expressions-regex-for-ip-v4-addresses/
Function ExtractValidIPAddress($String){
$IPregex=‘(?<Address>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))’
If ($String -Match $IPregex) {$Matches.Address}
}

foreach( $line in $data.RawContent.Split("") )
{
if ($line -and (ExtractValidIPAddress($line) )) {
$RosAddList + $line + $RosComment | out-file $RosScriptOutput -Encoding unicode -Append
}
}
#Get-Content $RosScriptOutput