I'm trying to check if a list of ip addresses (list called ips) belong to a list of subnets (list called subnets). If one ip from ips belong to subnet from subnets, it is considered as scanned. My goal is to find not scanned subnets.
I wrote this small script which seems to work, but the actual result is not accurate. What do I mean by saying that: it is accurately parses the subnets from a file (there are 100 subnets), but after the for executing it appears to miss some results, because in the end there are only 97 subnets. Any help will be appreciated.
Data looks like this:
ip adresses:
172.0.0.1
172.0.0.2
etc
subnets:
172.0.0.1/24
186.0.0.1/30
etc
the code fragment:
print(len(subnets)) #returns 100
for ip in ips:
for subnet in subnets:
if(ip in subnet):
scanned.append(subnet)
scanned = list(set(scanned))
notscanned = [x for x in subnets if x not in scanned]
print(len(scanned + notscanned)) #returns 97
Related
I'm looking for discovering the IP cameras that are connected to my network. I found a tool in the following link
https://github.com/andreikop/python-ws-discovery
when I'm using it with the following commands I can not find one of my cameras which is in my network
from wsdiscovery.discovery import ThreadedWSDiscovery as WSDiscovery
from wsdiscovery.publishing import ThreadedWSPublishing as WSPublishing
from wsdiscovery import QName, Scope
# Define type, scope & address of service
ttype1 = QName("http://www.onvif.org/ver10/device/wsdl", "Device")
scope1 = Scope("onvif://www.onvif.org/Model")
xAddr1 = "localhost:8080/abc"
# Publish the service
wsp = WSPublishing()
wsp.start()
wsp.publishService(types=[ttype1], scopes=[scope1], xAddrs=[xAddr1])
# Discover it (along with any other service out there)
wsd = WSDiscovery()
wsd.start()
services = wsd.searchServices()
for service in services:
print(service.getEPR() + ":" + service.getXAddrs()[0])
wsd.stop()
the result of this commands are:
urn:uuid:9b8cd29b-4bd4-5d1c-2f0c-edf3ff9a7eb3:http://#.#.42.244:80/onvif/device_service
urn:uuid:c65e3f71-99e5-4c5d-9615-325bcab19840:http://#.#.42.128/onvif/device_service
urn:uuid:317435e5-a21c-467b-96b8-a213e455bcb4:http://#.#.42.60:5357/317435e5-a21c-467b-96b8-a213e455bcb4/
my own IP is #.#.42.53
and two IP cameras with IPs:
#.#.42.244 and #.#.42.128 are discovered
but I have another camera which IP is #.#.5.179 and it isn't discoverd.
it's because that it has various IP range from my computer? (the camera range is 5 and my computer range is 42)
In that case how I can solve this problem and expand my discovery range?
I have a data management issue that I have been banging my head against. I have some Openstack resources managed outside Terrafrom that I need to find the IP addresses for, then add them to a list that can be handed through Ansible or cloud-init. There are an arbitrary number of these resources, rather than being a fixed list size, or names.
I have the names of the resources, so I am looking them up via for_each:
data "openstack_networking_port_v2" "ports" {
for_each = toset(var.assigned_ports)
name = "${each.key}port"
}
which results in a data source for each resource like this:
data.openstack_networking_port_v2.ports["host1port"]
data.openstack_networking_port_v2.ports["host2port"]
data.openstack_networking_port_v2.ports["host3port"]
where the content includes the IP address I'm after via a field (below is truncated for brevity):
data "openstack_networking_port_v2" "ports" {
admin_state_up = true
all_fixed_ips = [
"10.1.2.3",
]
all_security_group_ids = [
"2cccdd5f-dec0-4f2e-80a3-ceefbb3625ff",
]
}
I would like to build a local that is a list of these IP addresses that I can use somewhere, but I am struggling to get anywhere, especially as the IP address I am after is element 0 in the list, eg:
data.openstack_networking_port_v2.ports["host3port"].all_fixed_ips[0]
any help would be greatly appreciated.
I managed to solve it by creating a local like below:
locals {
ips = [ for ip in data.openstack_networking_port_v2.ports: ip.all_fixed_ips[0]]
}
I had tried something similar before, but was incorrectly iterating on:
data.openstack_networking_port_v2.ports[*]
I want to build a 3 tier VPC using only AZ1a and AZ1b. But I want to have a range of IP addresses and use them for each tier but need them to always fall in AZ1a or AZ1b.
I have 3 app tiers (web, app, db):
Using only two AZs.
availability_zones = ["us-east-1a", "us-east-1b"]
I have put together a list of the subnets I want to use. SoI want web to grab the first two and put into each of the AZs, then I want app to grab the next two and put into each of the AZs, and so on on.
private_subnets_cidr_intapp = ["10.211.130.0/28", "10.211.130.16/28", "10.211.130.32", "10.211.130.48", "10.211.130.64/28", "10.211.130.80/28"]
How do you go about this, and an example would help. Should I be using a map?
Somehow, I had to get second eth1 private ip address of ec2 instances using python3. I can get only ec2 instance-id. I managed to do it,but it is not good code I think.
I tried filters but failed. Instead I use like below.
ec2 = boto3.client('ec2')
def get_sec_ip(instance_id):
res=ec2.describe_instances(InstanceIds=[instance_id])
print(res['Reservations'][0]['Instances'][0]['NetworkInterfaces'][1]['PrivateIpAddress'])```
instance_id = 'i-03a0d15992b7bf'
get_sec_ip(instance_id)
Is there anybody who did this result using ec2.describe_instances' filters?
An other possibility is to use Instance object:
ec2 = boto3.resource('ec2')
instance = ec2.Instance(instance_id)
print(instance.network_interfaces[1].private_ip_address)
The filter is not used for limiting output, but limiting number of instance descriptions return. For example, the describe_instances can return 10 instances (not in your case, but in general), and Filters can limit it to only 2 based on some criteria, e.g. instances only in a given subnet.
I currently have the following DNS Query Alert rule set up in Suricata (for test purposes):
alert dns any any -> any any (msg:”Test dns_query option”; dns_query; content:”google”; nocase; sid:1;)
Which is triggered when it captures DNS events which contain the word "google", such as in this packet:
{"timestamp":"2017-06-08T15:58:59.907085+0000","flow_id":1798294020028434,"in_iface":"ens33","event_type":"dns","src_ip":"172.16.10.132","src_port":53,"dest_ip":"192.168.160.140","dest_port":52385,"proto":"UDP","dns":{"type":"answer","id":57334,"rcode":"NOERROR","rrname":"www.google.com","rrtype":"A","ttl":300,"rdata":"172.217.12.164"}}
However, instead of searching for resource record names that contain "google", I want to use this same kind of alert to trigger on IP addresses that resolve to loopback, as is the case with the following packet (Notice the rdata field):
{"timestamp":"2017-06-08T15:59:37.120927+0000","flow_id":36683121284050,"in_iface":"ens33","event_type":"dns","src_ip":"172.16.10.132","src_port":53,"dest_ip":"192.168.160.140","dest_port":62260,"proto":"UDP","dns":{"type":"answer","id":53553,"rcode":"NOERROR","rrname":"outlook1.us","rrtype":"A","ttl":120,"rdata":"127.0.0.1"}}
As I have noticed, the contentsection of a Suricata rule searches only for a string.
My current rule triggers on a text match with the rrname/domain, how would I make it so that the rule triggers on rdata/IP address?
p.s.
Just out of curiosity I tried replacing the "google" in the content section of my alert with "127.0.0.1" and that didn't work either, as expected.
The ip address is just a 32 bit number. In the rule the IP should be represented as a hex value and not a string, for purposes of efficiency and saving bandwidth (a string will be 8+ bytes as opposed to 4 bytes).
Here is my final Suricata rule to alert whenever somebody gets sent to loopback on my network:
alert dns any any -> any any (msg:"BLACKLISTED DOMAIN"; content:"|7F 00 00 01|"; sid:1;)