SYS320 Week 13 Lab - JadenGil/Jaden-Tech-Journal GitHub Wiki

# Array of sites containing threatt intell $drop_urls = @('https://rules.emergingthreats.net/blockrules/emerging-botcc.rules','https://emergingthreats.net/blockrules/comprimised-ips.txt')

# Loop through the URLs for the rules list foreach ($u in $drop_urls) {

`# Extract the filename`
`$temp = $u.split("/")`

`# THe last element in the array taken off the filename`
`$file_name = $temp[4]`

`if (Test-Path $file_name) {`

    `continue`

`} else {`



    `# Download the rules list`
    `Invoke-WebRequest -Uri $u -Outfile $file_name`
    `}# close foreach Loop`

}# close the foreach loop

# Array containing the filename $input_paths = @('.\compromised-ips.txt','.\emerging-botcc.rules')

#Extract the IP addresses # 108.190.109.107 #108.191.2.72 $regex_drop = '\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b'

# Append the IP addresses to the temp IP list. Select-String -Path $input_paths -Pattern $regex_drop | `` ForEach-Object { $_.Matches } | `ForEach-Object { $_.Value } | Sort-Object | Get-Unique | Out-File -FilePath "ips-bad.tmp"

# Get IP addresses discovered, loop through and replace the beginning of the line with the IPTables syntax # After the IP address, add the remaining IPTables syntax and save the results file # iptables -A INPUT -s 108.191.2.72 -j DROP (Get-Content -Path ".\ips-bad.tmp") | % `` { $_ -replace "^","iptables -A INPUT -s " -replace "$", " -j DROP" } | `` Out-File -FilePath "iptables.bash"