P1/2 #Asiis (Advanced ssh intruder identification system)
Today, i leave some preview images of the python version here. It's full off new features.
- Threading
- Logging (file, terminal,telegram)
- Whois via socket tcp connection (port 43)
- All build-in modules!
- Statusline
P2/2
- Automatic whois server selection, based on ip country -> fallback via iana.org if no valid whois (validly check)
- Config what you want to see on statusline (Threads, Queue, Active intruder, Attack count, New IP since start)
- Known intruder detection.
The multi threading is really working...
And.... it's done, the first steps.
Added new log level to lib so only specific logs (alerts) will be send to telegram.
Update:
Added possibility to use Extensions/Plugins! 🙂
Do an example extension for later, so ppl. can learn how to create itself.
Adding possibility to do a backup of logs, db, whois file. Errors/Warnings will also be handled via application. Example shows warning, when some files for backup are not available.
I know... ppl. love it when it is automatic!
The first fully working extension for Asiis is running. It's to demonstrate how to write your own extensions.
KeyPoints:
- Automatic blocking of ip after x attempts
- Unblocking after x minutes (set an scheduler)
- Integration to app and access to application objects (SQL,… twitter.com/i/web/status/1…
ToDo for pre-release (no graphical panel)
- Add an option to unblock ip's manually (once/all)
- Fix some bugs (that i know)
- Review already created DockerFile.
Todo:
- Documentation/Wiki
- Cmd query option, to get stats about ip's
- Documentation/Wiki
- Cmd's for Telegram bot
-… twitter.com/i/web/status/1…
Choose a config type you want. The environment config file/Vars will work with docker later.
Explain:
You only set the name of the config file. The wrapper function then determine the file extension and select the right config loader, so you don't have to set any type of config.
Reworked extensions, they now have an on_load, on_hook, on_execute functions, they now be loaded into app first (here you can load intensive data into app) and call on_execute in the Worker, where the data is used.
Removed App objects (reworked some code). First include of map
Map is now included (using #folium module). Different layers, popups and tooltips included. More informations and data will be included later.
I still search for a cool nice fancy name for my app, actually it is called [Asiis] - Advanced ssh intruder identification system.
Be… twitter.com/i/web/status/1…
Pic 1: Load and exit of Application.
Pic 2: You are now able to add Information from extensions to the Statusline (B = Banned IP's)
@threadreaderapp unroll
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.