Cloudflare and Dome9 Blacklister Scripts (Bash/Python)
One of my servers was under attack from an IP in China recently (some lame automated SQLi), but I figured I’d blackhole the source IP anyway.
My first step was to blacklist in Dome9, which I use to manage that server’s firewall, but after noticing that the attacks were still hitting my server I remembered that because I also use Cloudflare and those attacks were getting tunnelled through their network. So the solution (for that particular attack) was to also blacklist the source IP in Cloudflare. When another stupid attack came in a day or so later, I did the same and realised that it would be much easier if I automated the whole process.
So I threw together a Bash script (and then a Python script) that leverages the Cloudflare and Dome9 APIs to submit a given IP address to one or both services.
I’ve put these into my scripts repo on GitHub. Simply insert your Cloudflare and/or Dome9 API keys into the configuration portion of the script and go. Using this you could conceivably fully automate it by auto-detecting brute-force type attacks using a script on the server and calling this script to make the blacklist updates.
Bearing in mind these were very hastily put together, any feedback/improvements are welcome!
Curated List of Penetration Testing Reports
Julio Cesar Fort has started putting together a curated list of penetration testing reports from a variety of security consultancies. While the list is new, and not exhaustive yet, it’s on the right track and I look forward to seeing it grow. It’s always interesting to see how different companies do their reporting, and there is a lot to be learned in these reports. If you’re a professional penetration tester, the layout, structure and formatting choices are probably more interesting than the actual content in this case.
The list is on GitHub, so I’m sure we’ll start seeing others contributing soon: https://github.com/juliocesarfort/public-pentesting-reports
Loading ...
