| Name | sephiroth JSON |
| Version |
1.0.5
JSON |
| download |
| home_page | None |
| Summary | Utility for building blocklists for IP ranges |
| upload_time | 2025-02-16 18:48:38 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.9 |
| license | None |
| keywords |
blocklists
ip
security
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# Sephiroth
A Python3 script to build cloud block lists for servers.
[](https://github.com/0xdade/sephiroth/releases/latest)
[](https://github.com/0xdade/sephiroth/graphs/contributors)
[](LICENSE)
[](https://hub.docker.com/repository/docker/0xdade/sephiroth)
[](https://github.com/psf/black)
## Usage
Sephiroth provides a built in help menu through the use of Python's argparse library. It tells you which commands are required, as well as other options.
```bash
sephiroth on master [!] on 🐳 v19.03.12 via sephiroth via 🐍 3.8.3
➜ sephiroth --help
usage: Sephiroth [-h] -s {nginx,apache,caddy,iptables,ip6tables} -t {aws,azure,gcp,oci,asn,file,tor,do,linode,cloudflare} [-a ASN] [-f FILENAME] [-r REDIR_TARGET] [-p] [--no-ipv6] [--compacted] [-V]
Sephiroth is made to help block clouds.
options:
-h, --help show this help message and exit
-s {nginx,apache,caddy,iptables,ip6tables}, --server {nginx,apache,caddy,iptables,ip6tables}
Type of server to build blocklist for
-t {aws,azure,gcp,oci,asn,file,tor,do,linode,cloudflare}, --target {aws,azure,gcp,oci,asn,file,tor,do,linode,cloudflare}
Targets to block
-a ASN, --asn ASN ASN to block in AS#### format
-f FILENAME, --file FILENAME
Files to block addresses from
-r REDIR_TARGET, --redir REDIR_TARGET
Place to redirect requests to. (apache)
-p, --proxy Using PROXY Protocol? (nginx)
--no-ipv6 Exclude ipv6 addresses from the block list where applicable
--compacted Compact neighboring cidr ranges. This produces smaller file sizes but loses detail about each range.
-V, --version show program's version number and exit
For more information, assistance, or to submit a pull request, please visit https://github.com/0xdade/sephiroth.
```
## Example
```bash
sephiroth on master [!?] on 🐳 v19.03.8 via sephiroth took 7s
➜ sephiroth -s nginx -t asn -a AS15169 -a AS31337 -t aws
(asn) Fetching IP ranges from api.hackertarget.com for 2 ASNs
(aws) Fetching IP ranges from Amazon
Your nginx blocklist for asn, aws can be found at output/2020-06-07_002847_nginx_asn_aws.conf
Please add this line to /etc/nginx/nginx.conf before the Virtual Host Configs.
include /mnt/c/Users/dade/Desktop/sephiroth/output/2020-06-07_002847_nginx_asn_aws.conf;
Then you can use the $block_ip variable in your site config like so:
if ($block_ip) {
return 302 https://example.com;
}
```
## Supported Servers
* `nginx` - Makes use of nginx's `ngx_http_geo_module` which comes with the nginx package in Ubuntu 18.04. Optionally supports the use of `proxy_protocol`, in the event that you are using a PROXY-enabled redirector.
* `apache` - Generates a mod_rewrite rule set to do conditional redirects based on cloud ip ranges. Does not (to my knowledge) support `proxy_protocol` usage. Requires `-r REDIR_TARGET` for the RewriteRule
* `caddy` - Generates a list of IP addresses, each prepended with the `remote_ip` request matcher.
* `iptables` - Generates a set of iptables DROP rules to block access from listed IPv4 ranges.
* `ip6tables` - Generates a set of ip6tables DROP rules to block access from listed IPv6 ranges.
## Supported Providers
While Sephiroth began as a cloud blocking script, it became apparent that there were plenty of other sources of ip addresses that might be useful, and so we expanded. This is the list of currently supported providers.
* `aws` - Amazon Web Services. Obtained via the [documented download process](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html#aws-ip-download).
* `azure` - Azure Cloud. Fetched via a two part process. Fetch the html of [the download page](https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519) and then parse the html to get the `failoverLink` anchor tag. That JSON is then downloaded.
* `gcp` - Google Cloud Platform. Fetches the `cloud.json` as documented via the [docs](https://cloud.google.com/compute/docs/faq#find_ip_range).
* `oci` - Oracle Cloud Infrastructure. Fetched via the [documented download process](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/addressranges.htm)
* `asn` - Lookup IP ranges by ASN. Uses [Hackertarget](https://hackertarget.com/as-ip-lookup/) API to make fetching results painless. Limited to 100 ASN lookups per day per source IP.
* `file` - Read line-separated list of addresses from one or more files. Lines that begin with # are ignored and lines that contain a # after the address save the comment into the output.
* `tor` - Fetch the bulk list of Tor exit nodes from the [torproject.org website](https://blog.torproject.org/changes-tor-exit-list-service) and add them to the list.
* `do` - Digital Ocean. Fetched from `google.csv` as documented on the [Platform page](https://www.digitalocean.com/docs/platform/).
* `linode` - Linode. Fetched from [geoip.linode.com](https://geoip.linode.com)
* `cloudflare` - Cloudflare. Fetched from [documented API](https://developers.cloudflare.com/api/operations/cloudflare-i-ps-cloudflare-ip-details)
## Setup
### Python
It is recommended to install sephiroth into its own virtual environment using a tool like `pipx`.
```bash
pipx install sephiroth
```
You can also get the always-latest updates by cloning directly from the repository, however this installation requires setting up pipenv to install the dependencies needed.
```bash
git clone https://github.com/0xdade/sephiroth.git
cd sephiroth
pipenv install .
```
### Docker
Alternatively, we provide a [Dockerfile](/Dockerfile) with build and run instructions, or you can fetch the latest version from [dockerhub](https://hub.docker.com/r/0xdade/sephiroth):
```bash
docker pull 0xdade/sephiroth
docker run --rm -v $(pwd):/app/output sephiroth -s nginx -t gcp
```
## Acknowledgements
These are resources I found while building sephiroth that I thought were quite helpful
* [curi0usJack's](https://twitter.com/curi0usJack) [mod_rewrite rules gist](https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10)
* [Enjen ASN Blocklist](https://www.enjen.net/asn-blocklist/readme.php) - [Example](https://www.enjen.net/asn-blocklist/index.php?asn=15169&type=nginx)
## License
```text
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. You just DO WHAT THE FUCK YOU WANT TO.
```
Raw data
{
"_id": null,
"home_page": null,
"name": "sephiroth",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": "0xdade <dade@actualcrimes.org>",
"keywords": "blocklists, ip, security",
"author": null,
"author_email": "0xdade <dade@actualcrimes.org>",
"download_url": "https://files.pythonhosted.org/packages/e6/d8/ff8d761e02e7a269552a8f07195e47ea7fc450ec1462244f2adef01aa5d3/sephiroth-1.0.5.tar.gz",
"platform": null,
"description": "# Sephiroth\n\nA Python3 script to build cloud block lists for servers.\n\n\n[](https://github.com/0xdade/sephiroth/releases/latest)\n[](https://github.com/0xdade/sephiroth/graphs/contributors)\n[](LICENSE)\n[](https://hub.docker.com/repository/docker/0xdade/sephiroth)\n[](https://github.com/psf/black)\n\n## Usage\n\nSephiroth provides a built in help menu through the use of Python's argparse library. It tells you which commands are required, as well as other options.\n\n```bash\nsephiroth on \ue0a0 master [!] on \ud83d\udc33 v19.03.12 via sephiroth via \ud83d\udc0d 3.8.3\n\u279c sephiroth --help\nusage: Sephiroth [-h] -s {nginx,apache,caddy,iptables,ip6tables} -t {aws,azure,gcp,oci,asn,file,tor,do,linode,cloudflare} [-a ASN] [-f FILENAME] [-r REDIR_TARGET] [-p] [--no-ipv6] [--compacted] [-V]\n\nSephiroth is made to help block clouds.\n\noptions:\n -h, --help show this help message and exit\n -s {nginx,apache,caddy,iptables,ip6tables}, --server {nginx,apache,caddy,iptables,ip6tables}\n Type of server to build blocklist for\n -t {aws,azure,gcp,oci,asn,file,tor,do,linode,cloudflare}, --target {aws,azure,gcp,oci,asn,file,tor,do,linode,cloudflare}\n Targets to block\n -a ASN, --asn ASN ASN to block in AS#### format\n -f FILENAME, --file FILENAME\n Files to block addresses from\n -r REDIR_TARGET, --redir REDIR_TARGET\n Place to redirect requests to. (apache)\n -p, --proxy Using PROXY Protocol? (nginx)\n --no-ipv6 Exclude ipv6 addresses from the block list where applicable\n --compacted Compact neighboring cidr ranges. This produces smaller file sizes but loses detail about each range.\n -V, --version show program's version number and exit\n\nFor more information, assistance, or to submit a pull request, please visit https://github.com/0xdade/sephiroth.\n```\n\n## Example\n\n```bash\nsephiroth on \ue0a0 master [!?] on \ud83d\udc33 v19.03.8 via sephiroth took 7s\n\u279c sephiroth -s nginx -t asn -a AS15169 -a AS31337 -t aws\n(asn) Fetching IP ranges from api.hackertarget.com for 2 ASNs\n(aws) Fetching IP ranges from Amazon\nYour nginx blocklist for asn, aws can be found at output/2020-06-07_002847_nginx_asn_aws.conf\n\nPlease add this line to /etc/nginx/nginx.conf before the Virtual Host Configs.\n\n include /mnt/c/Users/dade/Desktop/sephiroth/output/2020-06-07_002847_nginx_asn_aws.conf;\n\nThen you can use the $block_ip variable in your site config like so:\n\n if ($block_ip) {\n return 302 https://example.com;\n }\n\n```\n\n\n## Supported Servers\n\n* `nginx` - Makes use of nginx's `ngx_http_geo_module` which comes with the nginx package in Ubuntu 18.04. Optionally supports the use of `proxy_protocol`, in the event that you are using a PROXY-enabled redirector.\n* `apache` - Generates a mod_rewrite rule set to do conditional redirects based on cloud ip ranges. Does not (to my knowledge) support `proxy_protocol` usage. Requires `-r REDIR_TARGET` for the RewriteRule\n* `caddy` - Generates a list of IP addresses, each prepended with the `remote_ip` request matcher.\n* `iptables` - Generates a set of iptables DROP rules to block access from listed IPv4 ranges.\n* `ip6tables` - Generates a set of ip6tables DROP rules to block access from listed IPv6 ranges.\n\n## Supported Providers\n\nWhile Sephiroth began as a cloud blocking script, it became apparent that there were plenty of other sources of ip addresses that might be useful, and so we expanded. This is the list of currently supported providers.\n\n* `aws` - Amazon Web Services. Obtained via the [documented download process](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html#aws-ip-download).\n* `azure` - Azure Cloud. Fetched via a two part process. Fetch the html of [the download page](https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519) and then parse the html to get the `failoverLink` anchor tag. That JSON is then downloaded.\n* `gcp` - Google Cloud Platform. Fetches the `cloud.json` as documented via the [docs](https://cloud.google.com/compute/docs/faq#find_ip_range).\n* `oci` - Oracle Cloud Infrastructure. Fetched via the [documented download process](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/addressranges.htm)\n* `asn` - Lookup IP ranges by ASN. Uses [Hackertarget](https://hackertarget.com/as-ip-lookup/) API to make fetching results painless. Limited to 100 ASN lookups per day per source IP.\n* `file` - Read line-separated list of addresses from one or more files. Lines that begin with # are ignored and lines that contain a # after the address save the comment into the output.\n* `tor` - Fetch the bulk list of Tor exit nodes from the [torproject.org website](https://blog.torproject.org/changes-tor-exit-list-service) and add them to the list.\n* `do` - Digital Ocean. Fetched from `google.csv` as documented on the [Platform page](https://www.digitalocean.com/docs/platform/).\n* `linode` - Linode. Fetched from [geoip.linode.com](https://geoip.linode.com)\n* `cloudflare` - Cloudflare. Fetched from [documented API](https://developers.cloudflare.com/api/operations/cloudflare-i-ps-cloudflare-ip-details)\n\n## Setup\n\n\n### Python\nIt is recommended to install sephiroth into its own virtual environment using a tool like `pipx`.\n\n```bash\npipx install sephiroth\n```\n\nYou can also get the always-latest updates by cloning directly from the repository, however this installation requires setting up pipenv to install the dependencies needed.\n\n```bash\ngit clone https://github.com/0xdade/sephiroth.git\ncd sephiroth\npipenv install .\n```\n\n### Docker\n\nAlternatively, we provide a [Dockerfile](/Dockerfile) with build and run instructions, or you can fetch the latest version from [dockerhub](https://hub.docker.com/r/0xdade/sephiroth):\n\n```bash\ndocker pull 0xdade/sephiroth\ndocker run --rm -v $(pwd):/app/output sephiroth -s nginx -t gcp\n```\n\n\n## Acknowledgements\n\nThese are resources I found while building sephiroth that I thought were quite helpful\n\n* [curi0usJack's](https://twitter.com/curi0usJack) [mod_rewrite rules gist](https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10)\n* [Enjen ASN Blocklist](https://www.enjen.net/asn-blocklist/readme.php) - [Example](https://www.enjen.net/asn-blocklist/index.php?asn=15169&type=nginx)\n\n## License\n\n```text\nDO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE\n Version 2, December 2004\n\n Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>\n\n Everyone is permitted to copy and distribute verbatim or modified\n copies of this license document, and changing it is allowed as long\n as the name is changed.\n\n DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE\n TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n 0. You just DO WHAT THE FUCK YOU WANT TO.\n```\n",
"bugtrack_url": null,
"license": null,
"summary": "Utility for building blocklists for IP ranges",
"version": "1.0.5",
"project_urls": {
"Homepage": "https://github.com/0xdade/sephiroth",
"Repository": "https://github.com/0xdade/sephiroth.git"
},
"split_keywords": [
"blocklists",
" ip",
" security"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "0896bbe3c734b04d08c9c10d48797d766d40e68c6e1fe95208c818c5e7509eaa",
"md5": "7ffdd67aaf83ca9114650b692b97289f",
"sha256": "4e96be3b71b9b52c813d52fe3a58711ce5930aa7ed5e86da84c2e77e5e466ed4"
},
"downloads": -1,
"filename": "sephiroth-1.0.5-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7ffdd67aaf83ca9114650b692b97289f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 20937,
"upload_time": "2025-02-16T18:48:35",
"upload_time_iso_8601": "2025-02-16T18:48:35.496441Z",
"url": "https://files.pythonhosted.org/packages/08/96/bbe3c734b04d08c9c10d48797d766d40e68c6e1fe95208c818c5e7509eaa/sephiroth-1.0.5-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "e6d8ff8d761e02e7a269552a8f07195e47ea7fc450ec1462244f2adef01aa5d3",
"md5": "8b910c8798fbbee7f9aa776be77b87a0",
"sha256": "d32376075cadbbd9e04b6ad5fd6223c976f803e1177ad329bb31b8fb55c553f9"
},
"downloads": -1,
"filename": "sephiroth-1.0.5.tar.gz",
"has_sig": false,
"md5_digest": "8b910c8798fbbee7f9aa776be77b87a0",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 11367,
"upload_time": "2025-02-16T18:48:38",
"upload_time_iso_8601": "2025-02-16T18:48:38.439099Z",
"url": "https://files.pythonhosted.org/packages/e6/d8/ff8d761e02e7a269552a8f07195e47ea7fc450ec1462244f2adef01aa5d3/sephiroth-1.0.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-02-16 18:48:38",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "0xdade",
"github_project": "sephiroth",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "sephiroth"
}
