diff options
| author | 尹姜谊 <[email protected]> | 2024-11-08 14:42:50 +0800 |
|---|---|---|
| committer | 尹姜谊 <[email protected]> | 2024-11-08 14:42:50 +0800 |
| commit | c057aff33d329f918bad57c8de5705f841a9495e (patch) | |
| tree | 15c25b451afde91775fea215c7c2be0f4e6f806c | |
| parent | ee5a5dba40817632ed32d8d86313bb45def60100 (diff) | |
| parent | c0d48d9b8b55926fcaf38c7a126c67ea01e03dbf (diff) | |
修改:适配24.08版本知识库库表结构变化24.08
| -rw-r--r-- | config24.01.yaml | 50 | ||||
| -rw-r--r-- | data/.DS_Store | bin | 6148 -> 0 bytes | |||
| -rw-r--r-- | data/.gitkeep | 0 | ||||
| -rw-r--r-- | detection/knowledgebase_monitor.py | 44 | ||||
| -rw-r--r-- | detection/tool/KnowledgeBaseTool.py | 10 | ||||
| -rw-r--r-- | detection/tool/__pycache__/KnowledgeBaseTool.cpython-39.pyc | bin | 0 -> 3537 bytes | |||
| -rw-r--r-- | detection/vpn_detector.py | 66 | ||||
| -rw-r--r-- | detection/vpnservices/cyberghostvpn.py | 8 | ||||
| -rw-r--r-- | detection/vpnservices/ipvanishvpn.py | 8 | ||||
| -rw-r--r-- | detection/vpnservices/ivacyvpn.py | 8 | ||||
| -rw-r--r-- | detection/vpnservices/windscribevpn.py | 8 | ||||
| -rw-r--r-- | test/__pycache__/test_vpn_detector.cpython-39.pyc | bin | 12516 -> 13883 bytes | |||
| -rw-r--r-- | test/test_knowledgebase_monitor.py | 31 | ||||
| -rw-r--r-- | test/test_knowledgebase_tool.py | 8 | ||||
| -rw-r--r-- | test/test_plugins.py | 14 | ||||
| -rw-r--r-- | test/test_vpn_detector.py | 22 |
16 files changed, 152 insertions, 125 deletions
diff --git a/config24.01.yaml b/config24.01.yaml index 9439093..6e64cdf 100644 --- a/config24.01.yaml +++ b/config24.01.yaml @@ -12,13 +12,14 @@ common: protected_ip_list: ['8.8.8.8', '8.8.4.4', '1.1.1.1', '255.255.255.255', '0.0.0.0', '127.*'] monitor: - monitor_file_path: /opt/vpn-finder-plugins/prom/vpn_plugin_knowledgebase_monitor.prom + monitor_file_path: /Users/joy/Downloads/vpn_thwarting_monitor.prom +# monitor_file_path: /opt/vpn-finder-plugins/prom/vpn_plugin_knowledgebase_monitor.prom outdated_days: 100 # outdated after Inactive for days. outdated results will not be monitored as effective results timezone_hour_gap: 8 clickhouse: - host: 10.160.12.147 + host: 192.168.40.147 port: 9001 username: default password: galaxy2019 @@ -27,25 +28,24 @@ clickhouse: security_table_name: security_event mariadb: - host: 10.160.12.201 + host: 192.168.44.53 port: 3306 user: root - pswd: galaxy2019 + pswd: 111111 db_name: cn_api - ip_table_name: cn_vpn_learning_ip - domain_table_name: cn_vpn_learning_domain + table_name: cn_intelligence_indicator + knowledgebase: - host: 10.160.12.204:8090 + host: 192.168.44.54:8090 kb_username: api_pin: - api_path: /v1/knowledgeBase/items/batch + api_path: /v1/tag/items/batch api_token: a2857bc21b01421b85953fc2c65b4d4c api_retry_times: 3 api_timeout: 9999 db_name: cn_api - ip_library_name: vpn_learning_ip - domain_library_name: vpn_learning_domain + library_name: cn_intelligence_indicator ### PLUGIN CONFIGS @@ -53,7 +53,7 @@ knowledgebase: hotspotvpn: plugin_name: hotspotvpn vpn_service_name: hotspotvpn - plugin_id: 1 + plugin_id: fd3a275b-49e0-462e-8630-c0f4698da9a8 object_type: ip confidence: confirmed sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (ssl_ja3_hash in ('f49621211538d12435b8498f195d0c31', '908e8001ed339d74cedd91a4eb7abfab')) UNION ALL SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (ssl_sni IN ({$domain_list})) GROUP BY server_ip having length(groupUniqArray(server_domain)) >= 5 @@ -63,33 +63,33 @@ hotspotvpn: ipvanishvpn: plugin_name: ipvanishvpn vpn_service_name: ipvanishvpn - plugin_id: 2 + plugin_id: c7ef715a-4ee0-4ac7-b30e-49f337fc8fb8 confidence: confirmed domain: object_type: domain sql: SELECT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND dns_qname LIKE '%.vpn.ipvanish.com' group by dns_qname ip: object_type: ip - kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'ipvanishvpn' group by domain + kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'ipvanishvpn' group by domain ivacyvpn: plugin_name: ivacyvpn vpn_service_name: ivacyvpn - plugin_id: 3 + plugin_id: fdb15703-fb5c-4600-8f04-6128adb1940b confidence: confirmed domain: object_type: domain sql: SELECT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND ((dns_qname LIKE '%.pointtoserver.com') or (dns_qname LIKE '%.ptoserver.com') or (dns_qname LIKE '%.dns2use.com')) group by dns_qname ip: object_type: ip - kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'ivacyvpn' group by domain + kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'ivacyvpn' group by domain protonvpn: plugin_name: protonvpn vpn_service_name: protonvpn - plugin_id: 4 + plugin_id: 9315f6f7-c921-4bb2-a16f-3da86ad3baee object_type: ip confidence: confirmed sql: SELECT server_ip, groupUniqArray(server_port) as ports FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (server_port IN (443, 7770, 8443, 88, 5060, 51820, 500, 80, 1224, 4500, 4569, 5060, 1194)) GROUP BY server_ip HAVING length(ports) >= 10 @@ -99,14 +99,14 @@ protonvpn: cyberghostvpn: plugin_name: cyberghostvpn vpn_service_name: cyberghostvpn - plugin_id: 5 + plugin_id: d3e486c4-4d4d-429e-9af8-d018f73dde99 confidence: confirmed domain: object_type: domain sql: SELECT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND dns_qname LIKE '%.nodes.gen4.ninja' group by dns_qname ip: object_type: ip - kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'cyberghostvpn' group by domain + kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'cyberghostvpn' group by domain monitor_on: False udp_monitor_app_name: Cyberghost-UDP sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} and app_transition like '%{$udp_monitor_app_name}%' group by server_ip @@ -115,7 +115,7 @@ cyberghostvpn: windscribevpn: plugin_name: windscribevpn vpn_service_name: windscribevpn - plugin_id: 6 + plugin_id: 9bd2b634-be41-453f-b6eb-89e25bbffcc3 confidence: confirmed domain: object_type: domain @@ -123,12 +123,12 @@ windscribevpn: domains: whiskergalaxy.com, totallyacdn.com ip: object_type: ip - kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'windscribevpn' group by domain + kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'windscribevpn' group by domain sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} and (ssl_cert_subject like '%Windscribe%' or ssl_cert_issuer like '%Windscribe%') group by server_ip turbovpn: vpn_service_name: turbovpn - plugin_id: 7 + plugin_id: 77fdc9b2-83b5-451f-a85d-98798810a7ec plugin_name: turbovpn object_type: ip confidence: confirmed @@ -137,7 +137,7 @@ turbovpn: geckovpn: vpn_service_name: geckovpn - plugin_id: 8 + plugin_id: ffbda1c9-dbbe-4160-8961-270d3aeb6a37 plugin_name: geckovpn object_type: ip confidence: confirmed @@ -146,7 +146,7 @@ geckovpn: vpnunlimited: vpn_service_name: vpnunlimited - plugin_id: 9 + plugin_id: a0693f60-9028-4680-bbce-4200cfcbd291 plugin_name: vpnunlimited object_type: ip confidence: confirmed @@ -156,5 +156,5 @@ vpnunlimited: psiphon3vpn: vpn_service_name: psiphon3vpn - plugin_id: 10 - plugin_name: psiphon3vpn
\ No newline at end of file + plugin_id: 5d225aa8-ae80-4c89-a972-026bbb5d14e4 + plugin_name: psiphon3vpn diff --git a/data/.DS_Store b/data/.DS_Store Binary files differdeleted file mode 100644 index f38ef2e..0000000 --- a/data/.DS_Store +++ /dev/null diff --git a/data/.gitkeep b/data/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/data/.gitkeep diff --git a/detection/knowledgebase_monitor.py b/detection/knowledgebase_monitor.py index 10ecbdf..0a0dbb9 100644 --- a/detection/knowledgebase_monitor.py +++ b/detection/knowledgebase_monitor.py @@ -19,9 +19,9 @@ class KnowledgeBaseMonitor: self.knowledgebase_config = Config().config['knowledgebase'] self.knowledgebase_tool = KnowledgeApi(self.knowledgebase_config) - def get_vpn_count(self, vpn_service=None, start_t=None, end_t=None, node_type='ip', mode='active', timezone_gap_hour=0): + def get_vpn_count(self, plugin_name=None, start_t=None, end_t=None, node_type='ip', mode='active', timezone_gap_hour=0): """ - :param vpn_service: filter by vpn_service + :param plugin_name: filter by vpn_service :param node_type: 'ip' or 'domain' :param mode: 'active' or 'new' :param start_t: time range, format as '2024-01-20 15:00:00' @@ -30,11 +30,11 @@ class KnowledgeBaseMonitor: """ q = "" - # query node type + library_id = self.knowledgebase_tool.get_library_id(self.knowledgebase_config['library_name']) if node_type == 'ip': - library_id = self.knowledgebase_tool.get_library_id(self.knowledgebase_config['ip_library_name']) + q += "type = 'IP'" elif node_type == 'domain': - library_id = self.knowledgebase_tool.get_library_id(self.knowledgebase_config['domain_library_name']) + q += "type = 'Domain'" else: raise ValueError( "Wrong parameter \"node_type\" provided for KnowledgeBaseMonitor.get_vpn_ip_count: {}".format( @@ -42,16 +42,16 @@ class KnowledgeBaseMonitor: # query active node or new node if mode == 'active': - time_column = 'op_time' + time_column = 'updated_time' elif mode == 'new': - time_column = 'c_time' + time_column = 'created_time' else: raise ValueError( "Wrong parameter \"\mode\" provided for KnowledgeBaseMonitor. get_vpn_ip_count: {}".format(mode)) # query specific vpn service - if vpn_service and vpn_service!='all': - q += " and vpn_service_name = '{}'".format(vpn_service) + if plugin_name and plugin_name != 'all': + q += " and source_name = '{}'".format(plugin_name) # query specific time range if start_t: @@ -77,13 +77,13 @@ class KnowledgeBaseMonitor: # cycle active kb_metric['active_ip_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='ip', mode='active', timezone_gap_hour=time_zone_gap, - start_t=start_time, end_t=end_time, vpn_service=vpn_service) + start_t=start_time, end_t=end_time, plugin_name=vpn_service) kb_metric['new_ip_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='ip', mode='new', timezone_gap_hour=time_zone_gap, - start_t=start_time, end_t=end_time, vpn_service=vpn_service) + start_t=start_time, end_t=end_time, plugin_name=vpn_service) kb_metric['active_domain_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='domain', mode='active', timezone_gap_hour=time_zone_gap, - start_t=start_time, end_t=end_time, vpn_service=vpn_service) + start_t=start_time, end_t=end_time, plugin_name=vpn_service) kb_metric['new_domain_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='domain', mode='new', timezone_gap_hour=time_zone_gap, - start_t=start_time, end_t=end_time, vpn_service=vpn_service) + start_t=start_time, end_t=end_time, plugin_name=vpn_service) for key in monitor_result_dict.keys(): @@ -109,25 +109,25 @@ class KnowledgeBaseMonitor: if vpn_service is None: vpn_service = 'all' # all - kb_metric['ip_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='ip', timezone_gap_hour=time_zone_gap, vpn_service=vpn_service) - kb_metric['domain_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='domain', timezone_gap_hour=time_zone_gap, vpn_service=vpn_service) + kb_metric['ip_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='ip', timezone_gap_hour=time_zone_gap, plugin_name=vpn_service) + kb_metric['domain_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='domain', timezone_gap_hour=time_zone_gap, plugin_name=vpn_service) # all active in like 7 days t = (datetime.datetime.now().replace(minute=0, second=0, microsecond=0) - datetime.timedelta(days=self.monitor_config['outdated_days'])).strftime("%Y-%m-%d %H:%M:%S") - kb_metric['active_ip_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='ip', mode='active', timezone_gap_hour=time_zone_gap, start_t=t, vpn_service=vpn_service) - kb_metric['active_domain_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='domain', mode='active', timezone_gap_hour=time_zone_gap, start_t=t, vpn_service=vpn_service) + kb_metric['active_ip_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='ip', mode='active', timezone_gap_hour=time_zone_gap, start_t=t, plugin_name=vpn_service) + kb_metric['active_domain_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='domain', mode='active', timezone_gap_hour=time_zone_gap, start_t=t, plugin_name=vpn_service) # cycle active kb_metric['cycle_active_ip_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='ip', mode='active', timezone_gap_hour=time_zone_gap, - start_t=current_start_time, end_t=current_end_time, vpn_service=vpn_service) + start_t=current_start_time, end_t=current_end_time, plugin_name=vpn_service) kb_metric['cycle_new_ip_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='ip', mode='new', timezone_gap_hour=time_zone_gap, - start_t=current_start_time, end_t=current_end_time, vpn_service=vpn_service) + start_t=current_start_time, end_t=current_end_time, plugin_name=vpn_service) kb_metric['cycle_active_domain_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='domain', mode='active', timezone_gap_hour=time_zone_gap, - start_t=current_start_time, end_t=current_end_time, vpn_service=vpn_service) + start_t=current_start_time, end_t=current_end_time, plugin_name=vpn_service) kb_metric['cycle_new_domain_count{{type="{}"}}'.format(vpn_service)] = self.get_vpn_count(node_type='domain', mode='new', timezone_gap_hour=time_zone_gap, - start_t=current_start_time, end_t=current_end_time, vpn_service=vpn_service) + start_t=current_start_time, end_t=current_end_time, plugin_name=vpn_service) # churn ratio = (# new in current cycle)/(# all active) @@ -190,7 +190,7 @@ if __name__ == '__main__': for item in monitor_result_dict.items(): with open(monitor_file, "a") as file: file.write(item[0] + ' ' + str(item[1]) + '\n') - logger.info("[Monitor] {}~{} -{} {}".format(start_time, end_time, item[0], str(item[1]))) + logger.info("[Monitor] {}~{} - {} {}".format(start_time, end_time, item[0], str(item[1]))) # offline onetime mode diff --git a/detection/tool/KnowledgeBaseTool.py b/detection/tool/KnowledgeBaseTool.py index 0e2f3d1..a8079d4 100644 --- a/detection/tool/KnowledgeBaseTool.py +++ b/detection/tool/KnowledgeBaseTool.py @@ -14,6 +14,7 @@ import sys sys.path.append('..') from tool.LoggingTool import Logger +from urllib.parse import quote logger = Logger().getLogger() simplefilter(action='ignore', category=FutureWarning) @@ -27,7 +28,7 @@ class KnowledgeApi: self.api_path = config['api_path'] self.retry_max = config['api_retry_times'] self.request_timeout = config['api_timeout'] - # self.api_token = self.get_api_token() + self.api_token = config['api_token'] def get_api_token(self): @@ -59,13 +60,12 @@ class KnowledgeApi: sys.exit() - def file_import(self, file_path, knowledge_id, action, description=''): + def file_import(self, file_path, action, description=''): url = 'http://' + self.api_address + self.api_path file = open(file_path, "rb") file_object = {"file": file} param = { - "knowledgeId": knowledge_id, "action": action, "description": description } @@ -102,12 +102,14 @@ class KnowledgeApi: def get_knowledgebase_count(self, knowledge_id, page_size=None, page_no=None, q=None): url = 'http://' + self.api_address + '/v1/knowledgeBase/' + str(knowledge_id) + q = quote(q, 'utf-8') param = { - "q": q, "pageNo": page_no, "pageSize": page_size } + url += ('?q=' + q) + header = { "Cn-Authorization": self.api_token } diff --git a/detection/tool/__pycache__/KnowledgeBaseTool.cpython-39.pyc b/detection/tool/__pycache__/KnowledgeBaseTool.cpython-39.pyc Binary files differnew file mode 100644 index 0000000..6ae2542 --- /dev/null +++ b/detection/tool/__pycache__/KnowledgeBaseTool.cpython-39.pyc diff --git a/detection/vpn_detector.py b/detection/vpn_detector.py index 36ec6e4..d5de299 100644 --- a/detection/vpn_detector.py +++ b/detection/vpn_detector.py @@ -74,7 +74,7 @@ class VpnDetector: config = Config().config return config - def save_to_knowledgebase(self, object_list, object_type, vpn_service_name, plugin_id, plugin_name, output_filename, confidence='suspected'): + def save_results(self, object_list, object_type, vpn_service_name, plugin_id, plugin_name, output_filename, confidence='suspected'): """ Write data to local file and knowledge base :param object_type: ip or domain @@ -86,27 +86,25 @@ class VpnDetector: :param confidence: 3 kinds of confidence level, confirmed, suspect, tentative :return: """ - if object_type == 'ip': - library_name = self.config['knowledgebase']['ip_library_name'] - else: - library_name = self.config['knowledgebase']['domain_library_name'] - knowledge_id = self.kb.get_library_id(library_name) # convert result data into required format https://docs.geedge.net/pages/viewpage.action?pageId=104760257 - result_df = pd.DataFrame() + result_df = pd.DataFrame(columns=['type', 'source_id', 'source_name', 'ip_addr_format', 'ip1', 'ip2', 'domain', 'method', 'confidence', 'tags', 'description', 'first_seen_time', 'last_seen_time']) + if object_type == 'ip': result_df['ip1'] = object_list result_df['ip2'] = object_list - result_df.insert(0, 'addr_format', 'Single') + result_df['type'] = 'IP' + result_df['ip_addr_format'] = 'Single' + if object_type == 'domain': - result_df['domain'] = object_list + result_df['domain'] = ['$'+i for i in object_list] + result_df['type'] = 'Domain' - result_df['plugin_id'] = plugin_id - result_df['plugin_name'] = plugin_name - result_df['vpn_service_name'] = vpn_service_name + result_df['source_id'] = plugin_id + result_df['source_name'] = plugin_name + result_df['tags'] = vpn_service_name result_df['method'] = 'passive_ml' result_df['confidence'] = confidence - result_df['is_valid'] = 1 # result save if len(result_df) > 0: @@ -124,7 +122,9 @@ class VpnDetector: knowledge_api = KnowledgeApi(self.config['knowledgebase']) self.logger.info('[{}] - [Updating knowledgebase]- {} num:{}'.format(plugin_name, object_type, len(object_list))) description_str = "Update {} record(s).".format(len(object_list)) - knowledge_api.file_import(result_file, knowledge_id, 'update', description_str) + knowledge_api.file_import(result_file, 'update', description_str) + self.logger.info( + '[{}] - Write to knowledgebase successfully.'.format(plugin_name)) @@ -201,9 +201,7 @@ class VpnDetector: return [i for i in original_ip_list if ':' not in i] -# 入口函数定义 -if __name__ == '__main__': - +def main(): parser = argparse.ArgumentParser(description='VPN detection') parser.add_argument('-p', '--plugin', type=str, help='plugin name') parser.add_argument('-m', '--mode', type=str, default='recent', help='recent or fixed') @@ -232,7 +230,8 @@ if __name__ == '__main__': exit() # 根据当前时间向前取整小时 end_time = datetime.datetime.now().strftime("%Y-%m-%d %H:00:00") - start_time = (datetime.datetime.now() - datetime.timedelta(hours=recent_interval)).strftime("%Y-%m-%d %H:00:00") + start_time = (datetime.datetime.now() - datetime.timedelta(hours=recent_interval)).strftime( + "%Y-%m-%d %H:00:00") elif mode == 'fixed': if start_time == '' or end_time == '': print('Please input correct time format') @@ -242,7 +241,6 @@ if __name__ == '__main__': print('Please input correct time mode') exit() - detector = None if plugin_name == 'hotspotvpn': from vpnservices.hotspotvpn import Hotspotvpn @@ -275,31 +273,31 @@ if __name__ == '__main__': print('Please input correct plugin name') exit() - result_group = detector.find_server() for server_group in result_group: result_list = server_group.server_list detector.logger.debug('[{}] - result list before filter: {}.'.format(detector.plugin_name, result_list)) if server_group.object_type == 'ip': # 日志记录IP数量 - detector.logger.info('[{}] - {} {} found.'.format(detector.plugin_name, len(result_list), server_group.object_type)) + detector.logger.info( + '[{}] - {} {} found.'.format(detector.plugin_name, len(result_list), server_group.object_type)) result_list = detector.filtered_by_isp(result_list, detector.config['common']['protected_isp_list']) result_list = detector.filtered_by_ip(result_list, detector.config['common']['protected_ip_list']) result_list = detector.filter_ipv6(result_list) detector.logger.debug( - '[{}] - filtered list {}.'.format(detector.plugin_name, [i for i in server_group.server_list if i not in result_list])) - detector.logger.info('[{}] - Filtered by ISP and IP, {} {} left.'.format(detector.plugin_name, len(result_list), server_group.object_type)) - if len(result_list) > 0: - detector.save_to_knowledgebase(result_list, server_group.object_type, - detector.vpn_service_name, detector.plugin_id, - detector.plugin_name, - server_group.output_file_name, - detector.confidence) - - # Output logs to record the amount of data written, plugin id, plugin name and other information + '[{}] - filtered list {}.'.format(detector.plugin_name, + [i for i in server_group.server_list if i not in result_list])) detector.logger.info( - '[{}] - Write {} {} to knowledgebase successfully.'.format(detector.plugin_name, - len(result_list), - server_group.object_type)) + '[{}] - Filtered by ISP and IP, {} {} left.'.format(detector.plugin_name, len(result_list), + server_group.object_type)) + if len(result_list) > 0: + detector.save_results(result_list, server_group.object_type, + detector.vpn_service_name, detector.plugin_id, + detector.plugin_name, + server_group.output_file_name, + detector.confidence) +# 入口函数定义 +if __name__ == '__main__': + main()
\ No newline at end of file diff --git a/detection/vpnservices/cyberghostvpn.py b/detection/vpnservices/cyberghostvpn.py index b68adb1..5c90de8 100644 --- a/detection/vpnservices/cyberghostvpn.py +++ b/detection/vpnservices/cyberghostvpn.py @@ -71,14 +71,12 @@ class CyberghostvpnServerip(VpnDetector): self.kb_sql = self.plugin_config['ip']['kb_sql'] self.kb_dbname = self.config['knowledgebase']['db_name'] - self.kb_table_name = self.config['knowledgebase']['domain_library_name'] self.mariadb = MariadbUtil(self.config['mariadb']['host'], self.config['mariadb']['port'], self.config['mariadb']['user'], str(self.config['mariadb']['pswd']), self.config['mariadb']['db_name']) self.mariadb_dbname = self.config['mariadb']['db_name'] - self.mariadb_ip_tb_name = self.config['mariadb']['ip_table_name'] - self.mariadb_domain_tb_name = self.config['mariadb']['domain_table_name'] + self.mariadb_tb_name = self.config['mariadb']['table_name'] self.sql = self.plugin_config['ip']['sql'] @@ -130,7 +128,7 @@ class CyberghostvpnServerip(VpnDetector): :return: cyberghostvpn server ip list """ self.kb_sql = self.kb_sql.replace("{$mariadb_dbname}", self.mariadb_dbname).replace( - "{$mariadb_domain_tablename}", self.mariadb_domain_tb_name) + "{$mariadb_tablename}", self.mariadb_tb_name) # 根据server name获取ip self.logger.info('[{}] - Get servername from knowledge base.'.format(self.plugin_name)) @@ -142,7 +140,7 @@ class CyberghostvpnServerip(VpnDetector): self.mariadb.close() if query_result: - servername_list = [i[0] for i in query_result] + servername_list = [i[0].strip('$') for i in query_result] self.server_name_list.extend(servername_list) # 判断是否能够访问外网,如果能够访问外网,则从外网获取cyberghost_servername_list的域名解析地址 diff --git a/detection/vpnservices/ipvanishvpn.py b/detection/vpnservices/ipvanishvpn.py index 1b1d5fb..6f2db93 100644 --- a/detection/vpnservices/ipvanishvpn.py +++ b/detection/vpnservices/ipvanishvpn.py @@ -71,14 +71,12 @@ class IpvanishvpnServerip(VpnDetector): self.kb_sql = self.plugin_config['ip']['kb_sql'] self.kb_dbname = self.config['knowledgebase']['db_name'] - self.kb_table_name = self.config['knowledgebase']['domain_library_name'] self.mariadb = MariadbUtil(self.config['mariadb']['host'], self.config['mariadb']['port'], self.config['mariadb']['user'], str(self.config['mariadb']['pswd']), self.config['mariadb']['db_name']) self.mariadb_dbname = self.config['mariadb']['db_name'] - self.mariadb_ip_tb_name = self.config['mariadb']['ip_table_name'] - self.mariadb_domain_tb_name = self.config['mariadb']['domain_table_name'] + self.mariadb_tb_name = self.config['mariadb']['table_name'] self.server_name_list = [] @@ -110,7 +108,7 @@ class IpvanishvpnServerip(VpnDetector): Get ipvanishvpn server ip by resolving ipvanishvpn server name :return: ipvanishvpn server ip list """ - self.kb_sql = self.kb_sql.replace("{$mariadb_dbname}", self.mariadb_dbname).replace("{$mariadb_domain_tablename}", self.mariadb_domain_tb_name) + self.kb_sql = self.kb_sql.replace("{$mariadb_dbname}", self.mariadb_dbname).replace("{$mariadb_tablename}", self.mariadb_tb_name) servername_list = [] resolved_ip_list = [] @@ -120,7 +118,7 @@ class IpvanishvpnServerip(VpnDetector): self.mariadb.close() if query_result: - servername_list = [i[0] for i in query_result] + servername_list = [i[0].strip('$') for i in query_result] self.server_name_list.extend(servername_list) diff --git a/detection/vpnservices/ivacyvpn.py b/detection/vpnservices/ivacyvpn.py index e12fd9c..9929583 100644 --- a/detection/vpnservices/ivacyvpn.py +++ b/detection/vpnservices/ivacyvpn.py @@ -68,14 +68,12 @@ class IvacyvpnServerip(VpnDetector): self.kb_sql = self.plugin_config['ip']['kb_sql'] self.kb_dbname = self.config['knowledgebase']['db_name'] - self.kb_table_name = self.config['knowledgebase']['domain_library_name'] self.mariadb = MariadbUtil(self.config['mariadb']['host'], self.config['mariadb']['port'], self.config['mariadb']['user'], str(self.config['mariadb']['pswd']), self.config['mariadb']['db_name']) self.mariadb_dbname = self.config['mariadb']['db_name'] - self.mariadb_ip_tb_name = self.config['mariadb']['ip_table_name'] - self.mariadb_domain_tb_name = self.config['mariadb']['domain_table_name'] + self.mariadb_tb_name = self.config['mariadb']['table_name'] self.server_name_list = [] @@ -87,7 +85,7 @@ class IvacyvpnServerip(VpnDetector): Find ivacyvpn server ip by resolving ivacyvpn server name :return: server ip list """ - self.kb_sql = self.kb_sql.replace("{$mariadb_dbname}", self.mariadb_dbname).replace("{$mariadb_domain_tablename}", self.mariadb_domain_tb_name) + self.kb_sql = self.kb_sql.replace("{$mariadb_dbname}", self.mariadb_dbname).replace("{$mariadb_tablename}", self.mariadb_tb_name) server_ip_list = [] @@ -98,7 +96,7 @@ class IvacyvpnServerip(VpnDetector): if query_result: for row in query_result: - self.server_name_list.append(row[0]) + self.server_name_list.append(row[0].strip('$')) # add dc-xxx.pointtoserver.com to self.server_name_list self.server_name_list.extend([f"dc-{str(index)}.pointtoserver.com" for index in range(1000)]) diff --git a/detection/vpnservices/windscribevpn.py b/detection/vpnservices/windscribevpn.py index 5978907..43cee14 100644 --- a/detection/vpnservices/windscribevpn.py +++ b/detection/vpnservices/windscribevpn.py @@ -79,14 +79,12 @@ class WindscribevpnActiveServerip(VpnDetector): self.kb_sql = self.plugin_config['ip']['kb_sql'] self.sql = self.plugin_config['ip']['sql'] self.kb_dbname = self.config['knowledgebase']['db_name'] - self.kb_table_name = self.config['knowledgebase']['domain_library_name'] self.mariadb = MariadbUtil(self.config['mariadb']['host'], self.config['mariadb']['port'], self.config['mariadb']['user'], str(self.config['mariadb']['pswd']), self.config['mariadb']['db_name']) self.mariadb_dbname = self.config['mariadb']['db_name'] - self.mariadb_ip_tb_name = self.config['mariadb']['ip_table_name'] - self.mariadb_domain_tb_name = self.config['mariadb']['domain_table_name'] + self.mariadb_tb_name = self.config['mariadb']['table_name'] self.server_name_list = [] @@ -122,7 +120,7 @@ class WindscribevpnActiveServerip(VpnDetector): :return: windscribevpn server ip list """ self.kb_sql = self.kb_sql.replace("{$mariadb_dbname}", self.mariadb_dbname).replace( - "{$mariadb_domain_tablename}", self.mariadb_domain_tb_name) + "{$mariadb_tablename}", self.mariadb_tb_name) servername_list = [] resolved_ip_list = [] @@ -132,7 +130,7 @@ class WindscribevpnActiveServerip(VpnDetector): self.mariadb.close() if query_result: - servername_list = [i[0] for i in query_result] + servername_list = [i[0].strip('$') for i in query_result] self.server_name_list.extend(servername_list) diff --git a/test/__pycache__/test_vpn_detector.cpython-39.pyc b/test/__pycache__/test_vpn_detector.cpython-39.pyc Binary files differindex f29d0a6..1779733 100644 --- a/test/__pycache__/test_vpn_detector.cpython-39.pyc +++ b/test/__pycache__/test_vpn_detector.cpython-39.pyc diff --git a/test/test_knowledgebase_monitor.py b/test/test_knowledgebase_monitor.py index 8aa0297..1e76070 100644 --- a/test/test_knowledgebase_monitor.py +++ b/test/test_knowledgebase_monitor.py @@ -8,7 +8,7 @@ import unittest from Config import Config -from monitor.knowlegebase_monitor import KnowledgeBaseMonitor +from knowledgebase_monitor import KnowledgeBaseMonitor class TestKnowledgeMonitor(unittest.TestCase): def setUp(self): @@ -17,17 +17,17 @@ class TestKnowledgeMonitor(unittest.TestCase): def test_get_knowledgebase(self): self.assertEqual(self.knowledge_monitor.get_vpn_count( - vpn_service='protonvpn', start_t='2024-01-30 00:00:00', + plugin_name='protonvpn', start_t='2024-01-30 00:00:00', end_t='2024-01-31 00:00:00', timezone_gap_hour=0, node_type='ip', mode='new'), 53655) self.assertEqual(self.knowledge_monitor.get_vpn_count( - vpn_service='protonvpn', start_t='2024-01-30 00:00:00', + plugin_name='protonvpn', start_t='2024-01-30 00:00:00', end_t='2024-01-31 00:00:00', timezone_gap_hour=0, node_type='ip', mode='active'), 53675) self.assertEqual(self.knowledge_monitor.get_vpn_count( - vpn_service='ivacyvpn', start_t='2024-01-15 00:00:00', + plugin_name='ivacyvpn', start_t='2024-01-15 00:00:00', end_t='2024-01-31 00:00:00', timezone_gap_hour=0, node_type='domain', mode='new'), 162) @@ -53,4 +53,25 @@ class TestKnowledgeMonitor(unittest.TestCase): self.assertEqual(self.knowledge_monitor.get_vpn_count(node_type='domain', mode='active', start_t='2024-01-18 00:00:00'), 48396) - + def test_get_vpn_count(self): + # self.assertEqual(self.knowledge_monitor.get_vpn_count(source_name='protonvpn', start_t='2024-01-30 00:00:00', + # end_t='2024-01-31 00:00:00', timezone_gap_hour=0, node_type='ip', mode='new'), 0) + + self.assertEqual(self.knowledge_monitor.get_vpn_count(plugin_name='windscribevpn', start_t='2024-01-15 00:00:00', + end_t='2024-05-31 00:00:00', timezone_gap_hour=0, node_type='domain', mode='active'), 1031) + + # # time gap test + # self.assertEqual(self.knowledge_monitor.get_vpn_count(start_t='2024-01-31 00:00:00', + # end_t='2024-01-31 08:00:00', timezone_gap_hour=0, node_type='domain', mode='active'), 1041) + # + # self.assertEqual(self.knowledge_monitor.get_vpn_count(start_t='2024-01-30 21:00:00', + # end_t='2024-01-31 05:00:00', timezone_gap_hour=3, node_type='domain', mode='active'), 1041) + # + # self.assertEqual(self.knowledge_monitor.get_vpn_count(start_t='2024-01-31 03:00:00', + # end_t='2024-01-31 11:00:00', timezone_gap_hour=-3, node_type='domain', mode='active'), 1041) + # + # # all domains + # self.assertEqual(self.knowledge_monitor.get_vpn_count(node_type='domain'), 71622) + # + # # all active domains after '2024-01-18 00:00:00' + # self.assertEqual(self.knowledge_monitor.get_vpn_count(node_type='domain', mode='active', start_t='2024-01-18 00:00:00'), 48396) diff --git a/test/test_knowledgebase_tool.py b/test/test_knowledgebase_tool.py index f809872..4e9544e 100644 --- a/test/test_knowledgebase_tool.py +++ b/test/test_knowledgebase_tool.py @@ -14,7 +14,11 @@ class TestKnowledgeApi(unittest.TestCase): def setUp(self): config = Config().config - self.knowledgebase_tool = KnowledgeApi(config) + self.knowledgebase_tool = KnowledgeApi(config['knowledgebase']) def test_get_knowledgebase(self): - print(self.knowledgebase_tool.get_knowledgebase_count(knowledge_id=6, q="c_time >= '2023-10-26 08:12:47' AND addr_format = 'Single'")) + print(self.knowledgebase_tool.get_knowledgebase_count(knowledge_id=16, q="c_time >= '2023-10-26 08:12:47' AND addr_format = 'Single'")) + + def test_file_import(self): + self.knowledgebase_tool.file_import('/Users/joy/work/iie/project/cyber_narrator/CN/3-新功能研发/vpn-detection/3.项目代码/CN-Code/vpn-finder-plugins/tmp_ip.csv', + action='update')
\ No newline at end of file diff --git a/test/test_plugins.py b/test/test_plugins.py index 4787b97..96ce4e3 100644 --- a/test/test_plugins.py +++ b/test/test_plugins.py @@ -46,13 +46,13 @@ class TestIpvanishvpnServername(unittest.TestCase): print(result.server_list) def test_save_to_knowledgebase(self): - self.ipvanishvpn_detector.save_to_knowledgebase(object_type='domain', - object_list=self.ipvanishvpn_detector.find_server(), - vpn_service_name=self.ipvanishvpn_detector.vpn_service_name, - plugin_id=self.ipvanishvpn_detector.plugin_id, - plugin_name=self.ipvanishvpn_detector.plugin_name, - output_filename=self.ipvanishvpn_detector.output_file_name, - confidence=self.ipvanishvpn_detector.confidence) + self.ipvanishvpn_detector.save_results(object_type='domain', + object_list=self.ipvanishvpn_detector.find_server(), + vpn_service_name=self.ipvanishvpn_detector.vpn_service_name, + plugin_id=self.ipvanishvpn_detector.plugin_id, + plugin_name=self.ipvanishvpn_detector.plugin_name, + output_filename=self.ipvanishvpn_detector.output_file_name, + confidence=self.ipvanishvpn_detector.confidence) class TestIpvanishvpnServerip(unittest.TestCase): diff --git a/test/test_vpn_detector.py b/test/test_vpn_detector.py index a45092b..4e089a2 100644 --- a/test/test_vpn_detector.py +++ b/test/test_vpn_detector.py @@ -18,9 +18,9 @@ class TestVpnDetector(unittest.TestCase): def test_list_to_knowledgebase(self): object_list = ['dc-488.pointtoserver.com', 'dc-497.pointtoserver.com', 'dc-321.ptoserver.com', 'dc-681.pointtoserver.com', 'dc-585.pointtoserver.com', 'dc-673.pointtoserver.com', 'dc-617.pointtoserver.com', 'dc-586.ptoserver.com', 'dc-540.ptoserver.com', 'dc-636.pointtoserver.com', 'dc-249.pointtoserver.com', 'dc-616.pointtoserver.com', 'dc-528.pointtoserver.com', 'dc-654.pointtoserver.com', 'dc-597.pointtoserver.com', 'dc-502.pointtoserver.com', 'dc-687.pointtoserver.com', 'dc-84.pointtoserver.com', 'dc-382.pointtoserver.com', 'dc-293.pointtoserver.com', 'dc-408.pointtoserver.com', 'dc-28.pointtoserver.com', 'dc-489.pointtoserver.com', 'dc-620.pointtoserver.com', 'dc-23.pointtoserver.com', 'dc-265.pointtoserver.com', 'dc-600.pointtoserver.com', 'dc-35.ptoserver.com', 'dc-533.ptoserver.com', 'dc-359.ptoserver.com', 'dc-647.pointtoserver.com', 'dc-644.pointtoserver.com', 'dc-501.pointtoserver.com', 'dc-678.pointtoserver.com', 'dc-676.pointtoserver.com', 'ack-eu.pointtoserver.com', 'dc-516.pointtoserver.com', 'dc-282.pointtoserver.com', 'dc-550.pointtoserver.com', 'dc-27.ptoserver.com', 'dc-549.ptoserver.com', 'dc-671.pointtoserver.com', 'dc-281.pointtoserver.com', 'dc-161.pointtoserver.com', 'dc-612.pointtoserver.com', 'dc-630.pointtoserver.com', 'dc-90.ptoserver.com', 'dc-656.pointtoserver.com', 'dc-574.ptoserver.com', 'dc-487.ptoserver.com', 'dc-550.ptoserver.com', 'dc-503.ptoserver.com', 'dc-260.ptoserver.com', 'dc-405.ptoserver.com', 'dc-108.pointtoserver.com', 'dc-575.pointtoserver.com', 'dc-588.pointtoserver.com', 'dc-323.pointtoserver.com', 'dc-599.pointtoserver.com', 'dc-622.pointtoserver.com', 'dc-615.pointtoserver.com', 'dc-642.pointtoserver.com', 'dc-607.pointtoserver.com', 'dc-625.pointtoserver.com', 'dc-693.pointtoserver.com', 'dc-592.pointtoserver.com', 'dc-674.pointtoserver.com', 'dc-325.pointtoserver.com', 'dc-598.pointtoserver.com', 'dc-641.pointtoserver.com', 'dc-663.pointtoserver.com', 'dc-530.ptoserver.com', 'dc-282.ptoserver.com', 'dc-621.pointtoserver.com', 'dc-90.pointtoserver.com', 'dc-635.pointtoserver.com', 'dc-283.pointtoserver.com', 'dc-613.pointtoserver.com', 'dc-306.pointtoserver.com', 'dc-668.pointtoserver.com', 'dc-623.pointtoserver.com', 'dc-272.pointtoserver.com', 'dc-222.ptoserver.com', 'dc-104.pointtoserver.com', 'dc-311.pointtoserver.com', 'dc-595.pointtoserver.com', 'dc-510.pointtoserver.com', 'dc-344.pointtoserver.com', 'dc-632.pointtoserver.com', 'dc-359.pointtoserver.com', 'dc-510.ptoserver.com', 'dc-619.pointtoserver.com', 'dc-364.pointtoserver.com', 'dc-108.ptoserver.com', 'dc-696.pointtoserver.com', 'dc-585.ptoserver.com', 'dc-651.pointtoserver.com', 'dc-652.pointtoserver.com', 'dc-677.pointtoserver.com', 'dc-587.pointtoserver.com', 'dc-631.pointtoserver.com', 'dc-667.pointtoserver.com', 'dc-260.pointtoserver.com', 'dc-689.pointtoserver.com', 'dc-405.pointtoserver.com', 'dc-291.pointtoserver.com', 'dc-235.pointtoserver.com', 'dc-568.pointtoserver.com', 'dc-201.pointtoserver.com', 'dc-357.pointtoserver.com', 'dc-556.pointtoserver.com', 'dc-570.pointtoserver.com', 'dc-584.pointtoserver.com', 'dc-624.pointtoserver.com', 'dc-240.ptoserver.com', 'dc-597.ptoserver.com', 'dc-609.pointtoserver.com', 'dc-675.pointtoserver.com', 'dc-338.ptoserver.com', 'dc-611.pointtoserver.com', 'dc-338.pointtoserver.com', 'dc-346.pointtoserver.com', 'dc-643.pointtoserver.com', 'dc-645.pointtoserver.com', 'dc-573.pointtoserver.com', 'dc-207.pointtoserver.com', 'dc-208.pointtoserver.com', 'dc-505.pointtoserver.com', 'dc-547.pointtoserver.com', 'dc-295.ptoserver.com', 'dc-594.pointtoserver.com', 'dc-500.pointtoserver.com', 'dc-660.pointtoserver.com', 'dc-691.pointtoserver.com', 'dc-610.pointtoserver.com', 'dc-333.pointtoserver.com', 'dc-476.pointtoserver.com', 'dc-547.ptoserver.com', 'dc-295.pointtoserver.com', 'dc-506.pointtoserver.com', 'dc-554.pointtoserver.com', 'dc-626.pointtoserver.com', 'dc-271.pointtoserver.com', 'dc-20.pointtoserver.com', 'dc-688.pointtoserver.com', 'dc-555.pointtoserver.com', 'dc-186.pointtoserver.com', 'dc-321.pointtoserver.com', 'dc-320.pointtoserver.com', 'dc-35.pointtoserver.com', 'dc-239.pointtoserver.com', 'dc-107.pointtoserver.com', 'dc-549.pointtoserver.com', 'dc-527.ptoserver.com', 'dc-194.pointtoserver.com', 'dc-661.pointtoserver.com', 'dc-686.pointtoserver.com', 'dc-692.pointtoserver.com', 'dc-487.pointtoserver.com', 'dc-634.pointtoserver.com', 'dc-537.pointtoserver.com', 'dc-672.pointtoserver.com', 'dc-498.pointtoserver.com', 'dc-669.pointtoserver.com', 'dc-553.pointtoserver.com', 'dc-602.pointtoserver.com', 'dc-234.ptoserver.com', 'dc-277.ptoserver.com', 'dc-694.pointtoserver.com', 'dc-363.pointtoserver.com', 'dc-285.pointtoserver.com', 'dc-278.pointtoserver.com', 'dc-571.ptoserver.com', 'dc-488.ptoserver.com', 'dc-504.pointtoserver.com', 'dc-653.pointtoserver.com', 'dc-239.ptoserver.com', 'dc-606.ptoserver.com', 'dc-264.pointtoserver.com', 'dc-298.ptoserver.com', 'dc-572.pointtoserver.com', 'dc-658.pointtoserver.com', 'dc-655.pointtoserver.com', 'dc-552.pointtoserver.com', 'dc-664.pointtoserver.com', 'dc-569.pointtoserver.com', 'dc-591.pointtoserver.com', 'dc-627.pointtoserver.com', 'sx013333-ikev.ptoserver.com', 'dc-283.ptoserver.com', 'dc-543.ptoserver.com', 'dc-102.ptoserver.com', 'dc-690.pointtoserver.com', 'dc-574.pointtoserver.com', 'dc-659.pointtoserver.com', 'dc-21.ptoserver.com', 'dc-525.ptoserver.com', 'dc-561.ptoserver.com', 'dc-194.ptoserver.com', 'dc-288.ptoserver.com', 'dc-476.ptoserver.com', 'dc-666.pointtoserver.com', 'dc-564.ptoserver.com', 'dc-551.pointtoserver.com', 'dc-590.pointtoserver.com', 'dc-532.pointtoserver.com', 'dc-523.ptoserver.com', 'dc-144.ptoserver.com', 'dc-599.ptoserver.com', 'dc-340.pointtoserver.com', 'dc-249.ptoserver.com', 'dc-291.ptoserver.com', 'dc-566.ptoserver.com', 'dc-342.ptoserver.com', 'dc-176.ptoserver.com', 'dc-235.ptoserver.com', 'dc-231.ptoserver.com', 'dc-272.ptoserver.com', 'dc-278.ptoserver.com', 'dc-281.ptoserver.com', 'dc-588.ptoserver.com', 'usut2-auto-udp-obf.ptoserver.com', 'dc-607.ptoserver.com', 'dc-612.ptoserver.com', 'dc-504.ptoserver.com', 'dc-271.ptoserver.com', 'dc-609.ptoserver.com', 'dc-20.ptoserver.com', 'dc-684.pointtoserver.com', 'dc-484.ptoserver.com', 'dc-344.ptoserver.com', 'dc-682.pointtoserver.com', 'dc-604.ptoserver.com', 'dc-105.ptoserver.com', 'dc-570.ptoserver.com', 'dc-649.pointtoserver.com', 'dc-657.pointtoserver.com', 'dc-491.ptoserver.com', 'dc-357.ptoserver.com', 'dc-592.ptoserver.com', 'dc-264.ptoserver.com', 'dc-275.ptoserver.com', 'dc-534.ptoserver.com', 'dc-554.ptoserver.com', 'prox-usla.pointtoserver.com', 'dc-320.ptoserver.com', 'dc-650.pointtoserver.com', 'prox-us.pointtoserver.com', 'dc-314.ptoserver.com', 'dc-204.ptoserver.com', 'dc-584.ptoserver.com', 'dc-538.ptoserver.com', 'dc-201.ptoserver.com', 'dc-502.ptoserver.com', 'dc-23.ptoserver.com', 'dc-29.ptoserver.com', 'dc-17.ptoserver.com', 'dc-186.ptoserver.com', 'dc-556.ptoserver.com', 'sx1730163-ikev.ptoserver.com', 'dc-605.ptoserver.com', 'dc-284.ptoserver.com', 'dc-333.ptoserver.com', 'dc-171.ptoserver.com', 'dc-313.ptoserver.com', 'dc-207.ptoserver.com', 'dc-360.ptoserver.com', 'usut2-auto-ikev.ptoserver.com', 'dc-329.ptoserver.com', 'dc-600.ptoserver.com', 'dc-202.ptoserver.com', 'dc-150.ptoserver.com', 'dc-569.ptoserver.com', 'dc-391.ptoserver.com', 'dc-553.ptoserver.com', 'dc-531.ptoserver.com', 'dc-591.ptoserver.com', 'dc-572.ptoserver.com', 'dc-680.pointtoserver.com', 'dc-21.pointtoserver.com', 'dc-646.pointtoserver.com', 'dc-490.ptoserver.com', 'dc-508.ptoserver.com', 'dc-501.ptoserver.com', 'dc-590.ptoserver.com', 'dc-408.ptoserver.com', 'dc-589.ptoserver.com', 'dc-602.ptoserver.com', 'prox-ph.pointtoserver.com', 'dc-482.ptoserver.com', 'dc-558.pointtoserver.com', 'dc-315.ptoserver.com', 'dc-505.ptoserver.com', 'dc-598.ptoserver.com', 'prox-lu.pointtoserver.com', 'dc-552.ptoserver.com', 'dc-297.ptoserver.com', 'dc-323.ptoserver.com', 'dc-628.pointtoserver.com', 'sx0110916-wg.pointtoserver.com', 'prox-lt.pointtoserver.com', 'dc-610.ptoserver.com', 'dc-497.ptoserver.com', 'prox-usny.pointtoserver.com', 'dc-316.ptoserver.com', 'dc-97.ptoserver.com', 'prox-mx.pointtoserver.com', 'prox-usut.pointtoserver.com', 'dc-11.ptoserver.com', 'us2-auto-ikev.dns2use.com', 'prox-jp.pointtoserver.com', 'prox-ae.pointtoserver.com', 'us2-auto-udp-obf.ptoserver.com', 'prox-vudu.pointtoserver.com', 'dc-500.ptoserver.com', 'dc-340.ptoserver.com', 'us2-auto-ikev.ptoserver.com', 'dc-208.ptoserver.com', 'prox-us.ptoserver.com', 'dc-573.ptoserver.com', 'dc-364.ptoserver.com', 'dc-341.ptoserver.com', 'us2-obf-udp.ptoserver.com', 'sx013365-wg.pointtoserver.com', 'dc-611.ptoserver.com', 'dc-506.ptoserver.com', 'dc-311.ptoserver.com', 'dc-489.ptoserver.com', 'dc-551.ptoserver.com', 'dc-285.ptoserver.com', 'dc-499.ptoserver.com', 'dc-265.ptoserver.com', 'sx0160146-ikev.ptoserver.com', 'ae2-auto-udp-obf.ptoserver.com', 'sx710617-wg.pointtoserver.com', 'sx013396-ikev.ptoserver.com', 'dc-296.ptoserver.com', 'dc-617.ptoserver.com', 'prox-de.pointtoserver.com', 'dc-529.ptoserver.com', 'dc-516.ptoserver.com', 'dc-363.ptoserver.com', 'dc-603.ptoserver.com', 'dc-562.ptoserver.com', 'dc-558.ptoserver.com', 'dc-292.ptoserver.com', 'dc-587.ptoserver.com', 'sx016069-ikev.ptoserver.com', 'dc-479.ptoserver.com', 'dc-28.ptoserver.com', 'dc-161.ptoserver.com', 'dc-528.ptoserver.com', 'dc-154.ptoserver.com', 'sx0140122-wg.pointtoserver.com', 'dc-382.ptoserver.com', 'dc-537.ptoserver.com', 'dc-515.ptoserver.com', 'dc-580.ptoserver.com', 'sx050159-wg.pointtoserver.com', 'dc-583.ptoserver.com', 'dc-279.ptoserver.com', 'dc-603.pointtoserver.com', 'dc-79.ptoserver.com', 'dc-107.ptoserver.com', 'dc-204.pointtoserver.com', 'dc-178.ptoserver.com', 'dc-555.ptoserver.com', 'dc-325.ptoserver.com', 'dc-638.pointtoserver.com', 'dc-594.ptoserver.com', 'dc-342.pointtoserver.com', 'dc-557.ptoserver.com', 'dc-84.ptoserver.com', 'it2-auto-ikev.ptoserver.com', 'dc-536.ptoserver.com', 'sx0160131-wg.pointtoserver.com', 'dc-522.ptoserver.com', 'sx013365-ikev.ptoserver.com', 'dc-604.pointtoserver.com', 'sx023071-ikev.ptoserver.com', 'dc-151.ptoserver.com', 'us2-udp-obf.ptoserver.com', 'dc-665.pointtoserver.com', 'dc-531.pointtoserver.com', 'dc-695.pointtoserver.com', 'prox-nflus.pointtoserver.com', 'px0110402.pointtoserver.com', 'usphx2-auto-udp-obf.ptoserver.com', 'usga2-auto-ikev.ptoserver.com', 'sx016069-wg.pointtoserver.com', 'sx013396-wg.pointtoserver.com', 'sx0225204-ikev.ptoserver.com', 'sx0224177-ikev.ptoserver.com', 'ru2-auto-udp-obf.dns2use.com', 'sx043064-wg.pointtoserver.com',] - self.vpn_detector.save_to_knowledgebase(object_type='domain', object_list=object_list, - vpn_service_name='ivacyvpn', plugin_id=3, - plugin_name='ivacyvpn', output_filename='ivacyvpn_servername_builtin.csv', confidence='confirmed') + self.vpn_detector.save_results(object_type='domain', object_list=object_list, + vpn_service_name='ivacyvpn', plugin_id=3, + plugin_name='ivacyvpn', output_filename='ivacyvpn_servername_builtin.csv', confidence='confirmed') # object_list = ['atl-b58.vpn.ipvanish.com', 'dxb-c08.vpn.ipvanish.com', 'hkg-a03.vpn.ipvanish.com', 'lis-c12.vpn.ipvanish.com', 'scl-c02.vpn.ipvanish.com', 'adl-c03.vpn.ipvanish.com', 'iad-a65.vpn.ipvanish.com', 'ath-c09.vpn.ipvanish.com', 'bhx-c20.vpn.ipvanish.com', 'bos-a63.vpn.ipvanish.com', 'osl-c05.vpn.ipvanish.com', 'par-a15.vpn.ipvanish.com', 'yul-c26.vpn.ipvanish.com', 'syd-a18.vpn.ipvanish.com', 'syd-a17.vpn.ipvanish.com', 'vlc-c04.vpn.ipvanish.com', 'pnq-c03.vpn.ipvanish.com', 'fra-a15.vpn.ipvanish.com', 'bhx-c08.vpn.ipvanish.com', 'hkg-a11.vpn.ipvanish.com', 'mel-b19.vpn.ipvanish.com', 'msy-c31.vpn.ipvanish.com', 'syd-a20.vpn.ipvanish.com', 'bog-c06.vpn.ipvanish.com', 'bog-c11.vpn.ipvanish.com', 'bod-c04.vpn.ipvanish.com', 'bne-c06.vpn.ipvanish.com', 'bos-a29.vpn.ipvanish.com', 'bod-c08.vpn.ipvanish.com', 'bos-a11.vpn.ipvanish.com', 'otp-c06.vpn.ipvanish.com', 'chi-a50.vpn.ipvanish.com', 'gdl-c02.vpn.ipvanish.com', 'gla-c04.vpn.ipvanish.com', 'hkg-a15.vpn.ipvanish.com', 'lon-a30.vpn.ipvanish.com', 'rix-c11.vpn.ipvanish.com', 'sea-a05.vpn.ipvanish.com', 'stl-a14.vpn.ipvanish.com', 'sto-a05.vpn.ipvanish.com', 'msp-a09.vpn.ipvanish.com', 'tia-c02.vpn.ipvanish.com', 'sin-a10.vpn.ipvanish.com', 'ams-a47.vpn.ipvanish.com', 'stl-a07.vpn.ipvanish.com', 'hou-c46.vpn.ipvanish.com', 'jnb-c02.vpn.ipvanish.com', 'dtw-a10.vpn.ipvanish.com', 'bog-c07.vpn.ipvanish.com', 'bos-a02.vpn.ipvanish.com', 'chi-a13.vpn.ipvanish.com', 'chi-b18.vpn.ipvanish.com', 'lon-a50.vpn.ipvanish.com', 'mad-a07.vpn.ipvanish.com', 'lax-b12.vpn.ipvanish.com', 'mia-a04.vpn.ipvanish.com', 'mia-a41.vpn.ipvanish.com', 'msp-a13.vpn.ipvanish.com', 'yul-c21.vpn.ipvanish.com', 'bos-a23.vpn.ipvanish.com', 'tor-b02.vpn.ipvanish.com', 'waw-a09.vpn.ipvanish.com', 'gla-c01.vpn.ipvanish.com', 'tlv-c16.vpn.ipvanish.com', 'zrh-c09.vpn.ipvanish.com', 'bud-c03.vpn.ipvanish.com', 'tpe-c02.vpn.ipvanish.com', 'osl-c06.vpn.ipvanish.com', 'syd-a21.vpn.ipvanish.com', 'zag-c10.vpn.ipvanish.com', 'bne-c03.vpn.ipvanish.com', 'hel-c02.vpn.ipvanish.com', 'bru-c24.vpn.ipvanish.com', 'msp-a21.vpn.ipvanish.com', 'per-c05.vpn.ipvanish.com', 'bog-c09.vpn.ipvanish.com', 'bts-c06.vpn.ipvanish.com', 'chi-b62.vpn.ipvanish.com', 'dtw-a14.vpn.ipvanish.com', 'ams-a04.vpn.ipvanish.com', 'iad-b03.vpn.ipvanish.com', 'beg-c04.vpn.ipvanish.com', 'bud-c04.vpn.ipvanish.com', 'bud-c02.vpn.ipvanish.com', 'per-c03.vpn.ipvanish.com', 'vie-c10.vpn.ipvanish.com', 'ams-a23.vpn.ipvanish.com', 'sel-a04.vpn.ipvanish.com', 'atl-a80.vpn.ipvanish.com', 'dxb-c05.vpn.ipvanish.com', 'fra-a16.vpn.ipvanish.com', 'gla-c05.vpn.ipvanish.com', 'man-c16.vpn.ipvanish.com', 'iad-a07.vpn.ipvanish.com', 'beg-c01.vpn.ipvanish.com', 'bhx-c19.vpn.ipvanish.com', 'bne-c05.vpn.ipvanish.com', 'cph-c37.vpn.ipvanish.com', 'ams-a17.vpn.ipvanish.com', 'bod-c07.vpn.ipvanish.com', 'eze-c04.vpn.ipvanish.com', 'kiv-c02.vpn.ipvanish.com', 'cvg-b19.vpn.ipvanish.com', 'beg-c02.vpn.ipvanish.com', 'akl-c04.vpn.ipvanish.com', 'ath-c05.vpn.ipvanish.com', 'lax-a26.vpn.ipvanish.com', 'lim-c01.vpn.ipvanish.com', 'akl-c01.vpn.ipvanish.com', 'adl-c01.vpn.ipvanish.com', 'ams-a34.vpn.ipvanish.com', 'cvg-b06.vpn.ipvanish.com', 'eze-c03.vpn.ipvanish.com', 'per-c02.vpn.ipvanish.com', 'tlv-c15.vpn.ipvanish.com', 'tor-b20.vpn.ipvanish.com', 'lju-c06.vpn.ipvanish.com', 'lux-c05.vpn.ipvanish.com', 'lim-c02.vpn.ipvanish.com', 'msy-c33.vpn.ipvanish.com', 'mad-a17.vpn.ipvanish.com', 'nrt-a18.vpn.ipvanish.com', 'phx-a13.vpn.ipvanish.com', 'dal-a24.vpn.ipvanish.com', 'kiv-c01.vpn.ipvanish.com', 'den-a08.vpn.ipvanish.com', 'lju-c03.vpn.ipvanish.com', 'lon-a11.vpn.ipvanish.com', 'sof-c06.vpn.ipvanish.com', 'sto-a28.vpn.ipvanish.com', 'tia-c07.vpn.ipvanish.com', 'tor-b04.vpn.ipvanish.com', 'vlc-c02.vpn.ipvanish.com', 'prg-c10.vpn.ipvanish.com', 'sin-a15.vpn.ipvanish.com', 'vlc-c01.vpn.ipvanish.com', 'adl-c04.vpn.ipvanish.com', 'bhx-c11.vpn.ipvanish.com', 'bru-c25.vpn.ipvanish.com', 'gla-c02.vpn.ipvanish.com', 'ist-c06.vpn.ipvanish.com', 'las-c33.vpn.ipvanish.com', 'man-c18.vpn.ipvanish.com', 'zrh-c02.vpn.ipvanish.com', 'nyc-b49.vpn.ipvanish.com', 'par-a13.vpn.ipvanish.com', 'mia-a34.vpn.ipvanish.com', 'stl-a06.vpn.ipvanish.com', 'sea-a18.vpn.ipvanish.com', 'gru-c06.vpn.ipvanish.com', 'sof-c01.vpn.ipvanish.com', 'akl-c03.vpn.ipvanish.com', 'bod-c05.vpn.ipvanish.com', 'bru-c23.vpn.ipvanish.com', 'bod-c02.vpn.ipvanish.com', 'bod-c03.vpn.ipvanish.com', 'yul-c27.vpn.ipvanish.com', 'lux-c09.vpn.ipvanish.com', 'lux-c06.vpn.ipvanish.com', 'nyc-a59.vpn.ipvanish.com', 'cph-c25.vpn.ipvanish.com', 'cph-c35.vpn.ipvanish.com', 'ist-c01.vpn.ipvanish.com', 'jnb-c01.vpn.ipvanish.com', 'lux-c07.vpn.ipvanish.com', 'akl-c02.vpn.ipvanish.com', 'rix-c13.vpn.ipvanish.com', 'sto-a26.vpn.ipvanish.com', 'bru-c26.vpn.ipvanish.com', 'man-c11.vpn.ipvanish.com', 'sto-a20.vpn.ipvanish.com', 'sel-a02.vpn.ipvanish.com', 'vie-c11.vpn.ipvanish.com', 'tpe-c01.vpn.ipvanish.com', 'ams-a19.vpn.ipvanish.com', 'atl-a15.vpn.ipvanish.com', 'mad-a23.vpn.ipvanish.com', 'lax-a28.vpn.ipvanish.com', 'bos-a18.vpn.ipvanish.com', 'mia-a51.vpn.ipvanish.com', 'dxb-c01.vpn.ipvanish.com', 'vlc-c08.vpn.ipvanish.com', 'mel-b07.vpn.ipvanish.com', 'dtw-a12.vpn.ipvanish.com', 'lim-c04.vpn.ipvanish.com', 'lax-b21.vpn.ipvanish.com', 'gdl-c05.vpn.ipvanish.com', 'lax-a13.vpn.ipvanish.com', 'lon-a38.vpn.ipvanish.com', 'yul-c18.vpn.ipvanish.com', 'rix-c09.vpn.ipvanish.com', 'sjo-c04.vpn.ipvanish.com', 'sel-a03.vpn.ipvanish.com', 'kul-c19.vpn.ipvanish.com', 'gru-c03.vpn.ipvanish.com', 'stl-a28.vpn.ipvanish.com', 'zrh-c07.vpn.ipvanish.com', 'mad-a21.vpn.ipvanish.com', 'msy-c27.vpn.ipvanish.com', 'lis-c14.vpn.ipvanish.com', 'gru-c09.vpn.ipvanish.com', 'nrt-a08.vpn.ipvanish.com', 'bhx-c04.vpn.ipvanish.com', 'bhx-c12.vpn.ipvanish.com', 'tll-c09.vpn.ipvanish.com', 'bru-c21.vpn.ipvanish.com', 'iad-b12.vpn.ipvanish.com', 'eze-c02.vpn.ipvanish.com', 'mrs-c08.vpn.ipvanish.com', 'mrs-c07.vpn.ipvanish.com', 'nyc-a52.vpn.ipvanish.com', 'dub-c21.vpn.ipvanish.com', 'kul-c20.vpn.ipvanish.com', 'las-c04.vpn.ipvanish.com', 'mia-a42.vpn.ipvanish.com', 'msp-a03.vpn.ipvanish.com', 'otp-c01.vpn.ipvanish.com', 'chi-b32.vpn.ipvanish.com', 'dub-c16.vpn.ipvanish.com', 'chi-b12.vpn.ipvanish.com', 'cph-c21.vpn.ipvanish.com', 'chi-a64.vpn.ipvanish.com', 'bhx-c17.vpn.ipvanish.com', 'mad-a10.vpn.ipvanish.com', 'man-c06.vpn.ipvanish.com', 'hel-c13.vpn.ipvanish.com', 'kul-c14.vpn.ipvanish.com', 'ams-a18.vpn.ipvanish.com', 'otp-c03.vpn.ipvanish.com', 'cvg-b09.vpn.ipvanish.com', 'dtw-a15.vpn.ipvanish.com', 'fra-a02.vpn.ipvanish.com', 'kul-c11.vpn.ipvanish.com', 'msy-c36.vpn.ipvanish.com', 'nyc-b19.vpn.ipvanish.com', 'rkv-c02.vpn.ipvanish.com', 'syd-a05.vpn.ipvanish.com', 'tlv-c19.vpn.ipvanish.com', 'tor-b11.vpn.ipvanish.com', 'yvr-c13.vpn.ipvanish.com', 'msy-c19.vpn.ipvanish.com', 'nyc-a26.vpn.ipvanish.com', 'cvg-b07.vpn.ipvanish.com', 'prg-c12.vpn.ipvanish.com', 'adl-c05.vpn.ipvanish.com', 'nyc-a70.vpn.ipvanish.com', 'osl-c04.vpn.ipvanish.com', 'rix-c08.vpn.ipvanish.com', 'tia-c05.vpn.ipvanish.com', 'yvr-c15.vpn.ipvanish.com', 'pnq-c01.vpn.ipvanish.com', 'pnq-c04.vpn.ipvanish.com', 'zag-c09.vpn.ipvanish.com', 'msp-a11.vpn.ipvanish.com', 'par-a18.vpn.ipvanish.com', 'par-a14.vpn.ipvanish.com', 'syd-a09.vpn.ipvanish.com', 'den-a19.vpn.ipvanish.com', 'iad-b10.vpn.ipvanish.com', 'ath-c07.vpn.ipvanish.com', 'lax-a08.vpn.ipvanish.com', 'den-a24.vpn.ipvanish.com', 'sjo-c05.vpn.ipvanish.com', 'ams-a05.vpn.ipvanish.com', 'lju-c02.vpn.ipvanish.com', 'mel-b16.vpn.ipvanish.com', 'lin-a33.vpn.ipvanish.com', 'msy-c30.vpn.ipvanish.com', 'par-a08.vpn.ipvanish.com', 'phx-a09.vpn.ipvanish.com', 'rkv-c01.vpn.ipvanish.com', 'stl-a04.vpn.ipvanish.com', 'iad-a11.vpn.ipvanish.com', 'kul-c15.vpn.ipvanish.com', 'bod-c09.vpn.ipvanish.com', 'bog-c10.vpn.ipvanish.com', 'bhx-c03.vpn.ipvanish.com', 'mia-a06.vpn.ipvanish.com', 'msp-a07.vpn.ipvanish.com', 'msp-a24.vpn.ipvanish.com', 'par-a20.vpn.ipvanish.com', 'atl-a04.vpn.ipvanish.com', 'dub-c23.vpn.ipvanish.com', 'dub-c25.vpn.ipvanish.com', 'fra-a09.vpn.ipvanish.com', 'phx-a06.vpn.ipvanish.com', 'atl-a13.vpn.ipvanish.com', 'iad-a69.vpn.ipvanish.com', 'atl-a43.vpn.ipvanish.com', 'clt-c18.vpn.ipvanish.com', 'den-a21.vpn.ipvanish.com', 'hkg-a16.vpn.ipvanish.com', 'prg-c17.vpn.ipvanish.com', 'sjc-a20.vpn.ipvanish.com', 'sea-a06.vpn.ipvanish.com', 'tll-c10.vpn.ipvanish.com', 'tor-b12.vpn.ipvanish.com', 'man-c05.vpn.ipvanish.com', 'las-c02.vpn.ipvanish.com', 'lju-c05.vpn.ipvanish.com', 'lon-a18.vpn.ipvanish.com', 'mad-a22.vpn.ipvanish.com', 'phx-a30.vpn.ipvanish.com', 'den-a32.vpn.ipvanish.com', 'stl-a11.vpn.ipvanish.com', 'chi-a04.vpn.ipvanish.com', 'fra-a33.vpn.ipvanish.com', 'tll-c07.vpn.ipvanish.com', 'iad-a14.vpn.ipvanish.com', 'cvg-b20.vpn.ipvanish.com', 'adl-c06.vpn.ipvanish.com', 'ath-c04.vpn.ipvanish.com', 'atl-a87.vpn.ipvanish.com', 'waw-a16.vpn.ipvanish.com', 'chi-a09.vpn.ipvanish.com', 'chi-a60.vpn.ipvanish.com', 'lax-a51.vpn.ipvanish.com', 'mrs-c05.vpn.ipvanish.com', 'bhx-c16.vpn.ipvanish.com', 'chi-a39.vpn.ipvanish.com', 'dxb-c06.vpn.ipvanish.com', 'osl-c02.vpn.ipvanish.com', 'sof-c05.vpn.ipvanish.com', 'beg-c03.vpn.ipvanish.com', 'dtw-a28.vpn.ipvanish.com', 'iad-b20.vpn.ipvanish.com', 'ath-c06.vpn.ipvanish.com', 'bne-c02.vpn.ipvanish.com', 'cph-c22.vpn.ipvanish.com', 'hel-c05.vpn.ipvanish.com', 'mad-a29.vpn.ipvanish.com', 'lon-a51.vpn.ipvanish.com', 'sjo-c03.vpn.ipvanish.com', 'ams-a10.vpn.ipvanish.com', 'bos-a41.vpn.ipvanish.com', 'bru-c20.vpn.ipvanish.com', 'sea-a19.vpn.ipvanish.com', 'iad-b27.vpn.ipvanish.com', 'bts-c07.vpn.ipvanish.com', 'bud-c01.vpn.ipvanish.com', 'clt-c21.vpn.ipvanish.com', 'hkg-a14.vpn.ipvanish.com', 'lis-c10.vpn.ipvanish.com', 'nyc-a16.vpn.ipvanish.com', 'prg-c19.vpn.ipvanish.com', 'tor-b17.vpn.ipvanish.com', 'cph-c26.vpn.ipvanish.com', 'hou-c48.vpn.ipvanish.com', 'las-c42.vpn.ipvanish.com', 'scl-c01.vpn.ipvanish.com', 'yul-c20.vpn.ipvanish.com', 'sea-a04.vpn.ipvanish.com', 'waw-a15.vpn.ipvanish.com', 'sin-a05.vpn.ipvanish.com', 'vlc-c03.vpn.ipvanish.com', 'lin-a28.vpn.ipvanish.com', 'zrh-c08.vpn.ipvanish.com', 'mia-a39.vpn.ipvanish.com', 'sin-a27.vpn.ipvanish.com', 'sto-a09.vpn.ipvanish.com', 'kiv-c03.vpn.ipvanish.com', 'dtw-a04.vpn.ipvanish.com', 'las-c46.vpn.ipvanish.com', 'sea-a28.vpn.ipvanish.com', 'las-c35.vpn.ipvanish.com', 'kul-c17.vpn.ipvanish.com', 'prg-c18.vpn.ipvanish.com', 'sjo-c02.vpn.ipvanish.com', 'gru-c05.vpn.ipvanish.com', 'tor-b14.vpn.ipvanish.com', 'waw-a07.vpn.ipvanish.com', 'sin-a21.vpn.ipvanish.com', 'iad-a70.vpn.ipvanish.com', 'par-a11.vpn.ipvanish.com', 'par-a04.vpn.ipvanish.com', 'dal-b16.vpn.ipvanish.com', 'dal-b38.vpn.ipvanish.com', 'dtw-a13.vpn.ipvanish.com', 'bru-c16.vpn.ipvanish.com', 'atl-b60.vpn.ipvanish.com', 'mad-a15.vpn.ipvanish.com', 'bos-a38.vpn.ipvanish.com', 'chi-b30.vpn.ipvanish.com', 'lin-a23.vpn.ipvanish.com', 'man-c13.vpn.ipvanish.com', 'lis-c13.vpn.ipvanish.com', 'yul-c22.vpn.ipvanish.com', 'mia-a35.vpn.ipvanish.com', 'lin-a20.vpn.ipvanish.com', 'msy-c34.vpn.ipvanish.com', 'cph-c31.vpn.ipvanish.com', 'per-c06.vpn.ipvanish.com', 'gru-c11.vpn.ipvanish.com', 'kul-c12.vpn.ipvanish.com', 'lin-a35.vpn.ipvanish.com', 'yvr-c10.vpn.ipvanish.com', 'sto-a27.vpn.ipvanish.com', 'scl-c03.vpn.ipvanish.com', 'nrt-a04.vpn.ipvanish.com', 'bhx-c13.vpn.ipvanish.com', 'nyc-b30.vpn.ipvanish.com', 'osl-c01.vpn.ipvanish.com', 'sof-c04.vpn.ipvanish.com', 'msy-c13.vpn.ipvanish.com', 'dal-b40.vpn.ipvanish.com', 'dal-a22.vpn.ipvanish.com', 'las-c41.vpn.ipvanish.com', 'las-c40.vpn.ipvanish.com', 'stl-a22.vpn.ipvanish.com', 'fra-c08.vpn.ipvanish.com', 'tlv-c13.vpn.ipvanish.com', 'dxb-c07.vpn.ipvanish.com', 'hel-c04.vpn.ipvanish.com', 'mia-b06.vpn.ipvanish.com', 'ams-a24.vpn.ipvanish.com', 'mia-a33.vpn.ipvanish.com', 'atl-a82.vpn.ipvanish.com', 'msy-c29.vpn.ipvanish.com', 'ams-a46.vpn.ipvanish.com', 'atl-a20.vpn.ipvanish.com', 'chi-b17.vpn.ipvanish.com', 'man-c03.vpn.ipvanish.com', 'syd-a16.vpn.ipvanish.com', 'den-a26.vpn.ipvanish.com', 'hou-c19.vpn.ipvanish.com', 'lin-a24.vpn.ipvanish.com', 'phx-a14.vpn.ipvanish.com', 'zrh-c04.vpn.ipvanish.com', 'yvr-c12.vpn.ipvanish.com', 'lux-c04.vpn.ipvanish.com', 'bos-a17.vpn.ipvanish.com', 'bts-c05.vpn.ipvanish.com', 'gla-c06.vpn.ipvanish.com', 'hkg-a08.vpn.ipvanish.com', 'msp-a15.vpn.ipvanish.com', 'atl-a22.vpn.ipvanish.com', 'phx-a18.vpn.ipvanish.com', 'mad-a05.vpn.ipvanish.com', 'mel-b02.vpn.ipvanish.com', 'chi-a47.vpn.ipvanish.com', 'hel-c14.vpn.ipvanish.com', 'mia-b09.vpn.ipvanish.com', 'den-a13.vpn.ipvanish.com', 'dtw-a03.vpn.ipvanish.com', 'dtw-a20.vpn.ipvanish.com', 'dal-b03.vpn.ipvanish.com', 'man-c07.vpn.ipvanish.com', 'dub-c22.vpn.ipvanish.com', 'cvg-b01.vpn.ipvanish.com', 'lax-a14.vpn.ipvanish.com', 'mel-b15.vpn.ipvanish.com', 'stl-a20.vpn.ipvanish.com', 'dal-a48.vpn.ipvanish.com', 'gdl-c01.vpn.ipvanish.com', 'waw-a13.vpn.ipvanish.com', 'gdl-c03.vpn.ipvanish.com', 'hel-c03.vpn.ipvanish.com', 'mia-b02.vpn.ipvanish.com', 'lon-a28.vpn.ipvanish.com', 'prg-c23.vpn.ipvanish.com', 'phx-a34.vpn.ipvanish.com', 'sjc-a03.vpn.ipvanish.com', 'gru-c08.vpn.ipvanish.com', 'waw-a03.vpn.ipvanish.com', 'zrh-c10.vpn.ipvanish.com', 'nrt-b10.vpn.ipvanish.com'] # self.vpn_detector.save_to_knowledgebase(object_type='domain', object_list=object_list, @@ -33,11 +33,21 @@ class TestVpnDetector(unittest.TestCase): for line in f.readlines(): object_list.append(line.strip()) - self.vpn_detector.save_to_knowledgebase(object_type='ip', object_list=object_list, vpn_service_name='surfsharkvpn', - plugin_name='surfsharkvpn', plugin_id=0, output_filename='surfsharkvpn-ip_2024-02-07_18_serverip_builtin.csv', confidence='confirmed') + self.vpn_detector.save_results(object_type='ip', object_list=object_list, vpn_service_name='surfsharkvpn', + plugin_name='surfsharkvpn', plugin_id=0, output_filename='surfsharkvpn-ip_2024-02-07_18_serverip_builtin.csv', confidence='confirmed') def test_resolve_dns_for_domain_list(self): object_list = ['dc-615.pointtoserver.com', 'dc-207.pointtoserver.com', 'dc-660.pointtoserver.com', 'dc-108.pointtoserver.com', 'dc-664.pointtoserver.com', 'dc-599.pointtoserver.com', 'dc-291.pointtoserver.com', 'dc-673.pointtoserver.com', 'dc-235.pointtoserver.com', 'dc-346.pointtoserver.com', 'dc-625.pointtoserver.com', 'dc-555.pointtoserver.com', 'dc-186.pointtoserver.com', 'dc-573.pointtoserver.com', 'dc-35.pointtoserver.com', 'dc-655.pointtoserver.com', 'dc-408.pointtoserver.com', 'dc-642.pointtoserver.com', 'dc-532.pointtoserver.com', 'dc-321.pointtoserver.com', 'dc-208.pointtoserver.com', 'dc-644.pointtoserver.com', 'dc-610.pointtoserver.com', 'dc-23.pointtoserver.com', 'dc-646.pointtoserver.com', 'dc-568.pointtoserver.com', 'dc-585.pointtoserver.com', 'dc-364.pointtoserver.com', 'dc-249.pointtoserver.com', 'dc-592.pointtoserver.com', 'dc-651.pointtoserver.com', 'dc-659.pointtoserver.com', 'dc-607.pointtoserver.com', 'dc-551.pointtoserver.com', 'dc-239.pointtoserver.com', 'dc-621.pointtoserver.com', 'dc-282.pointtoserver.com', 'dc-677.pointtoserver.com', 'dc-295.pointtoserver.com', 'dc-278.pointtoserver.com', 'dc-588.pointtoserver.com', 'dc-104.pointtoserver.com', 'dc-681.pointtoserver.com', 'dc-668.pointtoserver.com', 'dc-636.pointtoserver.com', 'dc-20.pointtoserver.com', 'dc-620.pointtoserver.com', 'dc-550.pointtoserver.com', 'dc-498.pointtoserver.com', 'dc-676.pointtoserver.com', 'dc-283.pointtoserver.com', 'dc-506.pointtoserver.com', 'dc-661.pointtoserver.com', 'dc-271.pointtoserver.com', 'dc-487.pointtoserver.com', 'dc-669.pointtoserver.com', 'dc-684.pointtoserver.com', 'dc-595.pointtoserver.com', 'dc-194.pointtoserver.com', 'dc-611.pointtoserver.com', 'dc-584.pointtoserver.com', 'dc-201.pointtoserver.com', 'dc-569.pointtoserver.com', 'dc-647.pointtoserver.com', 'dc-619.pointtoserver.com', 'dc-537.pointtoserver.com', 'dc-171.pointtoserver.com', 'dc-656.pointtoserver.com', 'dc-528.pointtoserver.com', 'dc-405.pointtoserver.com', 'dc-658.pointtoserver.com', 'dc-333.pointtoserver.com', 'dc-572.pointtoserver.com', 'dc-602.pointtoserver.com', 'dc-84.pointtoserver.com', 'dc-597.pointtoserver.com', 'dc-654.pointtoserver.com', 'dc-643.pointtoserver.com', 'dc-320.pointtoserver.com', 'dc-600.pointtoserver.com', 'dc-510.pointtoserver.com', 'dc-306.pointtoserver.com', 'dc-502.pointtoserver.com', 'dc-672.pointtoserver.com', 'dc-554.pointtoserver.com', 'dc-624.pointtoserver.com', 'dc-323.pointtoserver.com', 'dc-616.pointtoserver.com', 'dc-609.pointtoserver.com', 'dc-594.pointtoserver.com', 'dc-161.pointtoserver.com', 'dc-657.pointtoserver.com', 'dc-497.pointtoserver.com', 'dc-627.pointtoserver.com', 'dc-501.pointtoserver.com', 'dc-344.pointtoserver.com', 'dc-671.pointtoserver.com', 'dc-293.pointtoserver.com', 'dc-516.pointtoserver.com', 'dc-666.pointtoserver.com'] - print(self.vpn_detector.resolve_dns_for_domain_list(object_list, max_workers=10, max_calls_per_second=100))
\ No newline at end of file + print(self.vpn_detector.resolve_dns_for_domain_list(object_list, max_workers=10, max_calls_per_second=100)) + + + + + # test function save_to_knowledgebase + def test_save_to_knowledgebase(self): + object_list = ['atl-b58.vpn.ipvanish.com', 'dxb-c08.vpn.ipvanish.com', 'hkg-a03.vpn.ipvanish.com', 'lis-c12.vpn.ipvanish.com', 'scl-c02.vpn.ipvanish.com', 'adl-c03.vpn.ipvanish.com', 'iad-a65.vpn.ipvanish.com', 'ath-c09.vpn.ipvanish.com', 'bhx-c20.vpn.ipvanish.com', 'bos-a63.vpn.ipvanish.com', 'osl-c05.vpn.ipvanish.com', 'par-a15.vpn.ipvanish.com', 'yul-c26.vpn.ipvanish.com', 'syd-a18.vpn.ipvanish.com', 'syd-a17.vpn.ipvanish.com', 'vlc-c04.vpn.ipvanish.com', 'pnq-c03.vpn.ipvanish.com', 'fra-a15.vpn.ipvanish.com', 'bhx-c08.vpn.ipvanish.com', 'hkg-a11.vpn.ipvanish.com', 'mel-b19.vpn.ipvanish.com', 'msy-c31.vpn.ipvanish.com', 'syd-a20.vpn.ipvanish.com', 'bog-c06.vpn.ipvanish.com', 'bog-c11.vpn.ipvanish.com', 'bod-c04.vpn.ipvanish.com', 'bne-c06.vpn.ipvanish.com', 'bos-a29.vpn.ipvanish.com', 'bod-c08.vpn.ipvanish.com', 'bos-a11.vpn.ipvanish.com', 'otp-c06.vpn.ipvanish.com', 'chi-a50.vpn.ipvanish.com', 'gdl-c02.vpn.ipvanish.com', 'gla-c04.vpn.ipvanish.com', 'hkg-a15.vpn.ipvanish.com', 'lon-a30.vpn.ipvanish.com', 'rix-c11.vpn.ipvanish.com', 'sea-a05.vpn.ipvanish.com', 'stl-a14.vpn.ipvanish.com', 'sto-a05.vpn.ipvanish.com', 'msp-a09.vpn.ipvanish.com', 'tia-c02.vpn.ipvanish.com'] + self.vpn_detector.save_results(object_type='domain', object_list=object_list, + vpn_service_name='ipvanishvpn', plugin_id='c7ef715a-4ee0-4ac7-b30e-49f337fc8fb8', + plugin_name='ipvanishvpn', output_filename='ivacyvpn_servername_builtin.csv', confidence='confirmed') |