feat: dnscrypt-proxy blocklists

- support names and IPs - https://github.com/DNSCrypt/dnscrypt-proxy
2021-07-18 09:55:58 +00:00 · 2021-07-18 09:55:58 +00:00 · 9fbb4b4686
parent f6e6f88e10
commit 9fbb4b4686
4 changed files with 5837 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -13,6 +13,7 @@ There are multiple formats available, refer to the appropriate section according
 - [Dnsmasq](#dnsmasq)
 - BIND -> BIND [zone](#bind) or [RPZ](#response-policy-zone)
 - [Unbound](#unbound)
+- [dnscrypt-proxy](#dnscrypt-proxy)
 - Internet Explorer -> [Tracking Protection List (IE)](#tracking-protection-list-ie)
 - [Snort2](#snort2)
 - [Snort3](#snort3)
@ -276,6 +277,53 @@ printf '\n  include: "/usr/local/etc/unbound/phishing-filter-unbound.conf"\n' >>

 </details>

+## dnscrypt-proxy
+
+### Install
+
+```
+# Create a new folder to store the blocklist
+mkdir -p /etc/dnscrypt-proxy/
+
+# Create a new cron job for daily update
+printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/phishing-filter-dnscrypt-blocked-names.txt" -o "/etc/dnscrypt-proxy/phishing-filter-dnscrypt-blocked-names.txt"\n' > /etc/cron.daily/phishing-filter
+printf '\ncurl -L "https://curben.gitlab.io/malware-filter/phishing-filter-dnscrypt-blocked-ips.txt" -o "/etc/dnscrypt-proxy/phishing-filter-dnscrypt-blocked-ips.txt"\n' >> /etc/cron.daily/phishing-filter
+
+# cron job requires execution permission
+chmod 755 /etc/cron.daily/phishing-filter
+```
+
+Configure dnscrypt-proxy to use the blocklist:
+
+``` diff
+[blocked_names]
+  blocked_names_file = '/etc/dnscrypt-proxy/phishing-filter-dnscrypt-blocked-names.txt'
+
+[blocked_ips]
+  blocked_ips_file = '/etc/dnscrypt-proxy/phishing-filter-dnscrypt-blocked-ips.txt'
+```
+
+- https://curben.gitlab.io/malware-filter/phishing-filter-dnscrypt-blocked-names.txt
+- https://curben.gitlab.io/malware-filter/phishing-filter-dnscrypt-blocked-ips.txt
+
+<details>
+<summary>Mirrors</summary>
+
+- https://cdn.statically.io/gl/curben/phishing-filter/master/dist/phishing-filter-dnscrypt-blocked-names.txt
+- https://glcdn.githack.com/curben/phishing-filter/raw/master/dist/phishing-filter-dnscrypt-blocked-names.txt
+- https://raw.githubusercontent.com/curbengh/phishing-filter/master/dist/phishing-filter-dnscrypt-blocked-names.txt
+- https://cdn.statically.io/gh/curbengh/phishing-filter/master/dist/phishing-filter-dnscrypt-blocked-names.txt
+- https://gitcdn.xyz/repo/curbengh/phishing-filter/master/dist/phishing-filter-dnscrypt-blocked-names.txt
+- https://cdn.jsdelivr.net/gh/curbengh/phishing-filter/dist/phishing-filter-dnscrypt-blocked-names.txt
+
+- https://cdn.statically.io/gl/curben/phishing-filter/master/dist/phishing-filter-dnscrypt-blocked-ips.txt
+- https://glcdn.githack.com/curben/phishing-filter/raw/master/dist/phishing-filter-dnscrypt-blocked-ips.txt
+- https://raw.githubusercontent.com/curbengh/phishing-filter/master/dist/phishing-filter-dnscrypt-blocked-ips.txt
+- https://cdn.statically.io/gh/curbengh/phishing-filter/master/dist/phishing-filter-dnscrypt-blocked-ips.txt
+- https://gitcdn.xyz/repo/curbengh/phishing-filter/master/dist/phishing-filter-dnscrypt-blocked-ips.txt
+- https://cdn.jsdelivr.net/gh/curbengh/phishing-filter/dist/phishing-filter-dnscrypt-blocked-ips.txt
+</details>
+
 ## Tracking Protection List (IE)

 This blocklist includes domains only.
--- a/dist/phishing-filter-dnscrypt-blocked-ips.txt
+++ b/dist/phishing-filter-dnscrypt-blocked-ips.txt
@ -0,0 +1,98 @@
+# Title: Phishing IPs Blocklist
+# Updated: Sun, 18 Jul 2021 09:13:23 +0000
+# Expires: 1 day (update frequency)
+# Homepage: https://gitlab.com/curben/phishing-filter
+# License: https://gitlab.com/curben/phishing-filter#license
+# Source: https://www.phishtank.com/ & https://openphish.com/
+
+# Notice: https://curben.gitlab.io/phishing-filter-mirror is moved to https://curben.gitlab.io/malware-filter
+101.32.192.174
+103.114.16.4
+104.168.173.244
+104.168.173.248
+104.197.255.241
+104.223.119.229
+106.12.192.247
+107.172.198.119
+111.90.150.108
+113.125.21.66
+113.161.144.143
+119.28.91.122
+124.156.136.189
+124.156.151.122
+130.211.30.154
+13.66.1.3
+13.66.28.137
+141.164.55.136
+14.63.195.13
+148.66.129.253
+149.210.143.165
+155.138.154.116
+155.94.135.223
+155.94.141.123
+155.94.170.167
+156.248.77.119
+157.240.18.15
+157.240.18.35
+157.240.194.18
+157.240.194.35
+157.240.22.35
+157.245.101.68
+159.203.115.201
+159.65.133.234
+165.22.103.235
+172.217.21.162
+173.212.239.242
+174.138.56.138
+176.121.14.53
+179.43.140.164
+180.76.109.139
+185.177.54.1
+185.177.54.2
+185.177.54.9
+187.152.2.50
+188.166.237.0
+192.210.243.179
+193.135.153.242
+200.107.61.17
+20.151.216.110
+20.48.251.175
+205.204.101.13
+206.189.185.85
+206.189.85.218
+20.63.80.141
+20.63.81.229
+208.82.115.230
+209.97.188.25
+212.235.52.24
+2.136.95.251
+221.150.115.216
+222.231.3.128
+2.58.69.78
+31.13.71.1
+34.64.135.19
+34.88.141.84
+35.186.228.86
+35.199.84.117
+35.211.157.248
+35.215.37.51
+35.239.207.217
+40.86.214.195
+45.32.17.16
+45.32.48.158
+45.40.130.40
+45.76.70.34
+45.76.76.126
+47.99.172.49
+51.255.64.58
+52.229.89.27
+66.42.59.83
+66.49.196.115
+68.178.252.133
+70.15.255.150
+74.220.202.158
+78.108.89.240
+78.143.96.35
+79.110.52.245
+8.135.99.111
+82.165.27.36
--- a/dist/phishing-filter-dnscrypt-blocked-names.txt
+++ b/dist/phishing-filter-dnscrypt-blocked-names.txt
--- a/src/script.sh
+++ b/src/script.sh
@ -245,6 +245,20 @@ sed '1 i\'"$COMMENT"'' | \
 sed "1s/Blocklist/Unbound Blocklist/" > "../dist/phishing-filter-unbound.conf"


+## dnscrypt-proxy blocklists
+# name-based
+cat "phishing-notop-hosts.txt" | \
+sed '1 i\'"$COMMENT"'' | \
+sed "1s/Domains/Names/" > "../dist/phishing-filter-dnscrypt-blocked-names.txt"
+
+# IPv4-based
+cat "phishing-notop-domains.txt" | \
+sort | \
+grep -E "^([0-9]{1,3}[\.]){3}[0-9]{1,3}$" | \
+sed '1 i\'"$COMMENT"'' | \
+sed "1s/Domains/IPs/" > "../dist/phishing-filter-dnscrypt-blocked-ips.txt"
+
+
 set +x

 ## Snort & Suricata rulesets