{"id":14638079,"url":"https://github.com/SecAegis/SecAutoBan","last_synced_at":"2025-09-07T06:32:25.508Z","repository":{"id":242317590,"uuid":"809249861","full_name":"sec-report/SecAutoBan","owner":"sec-report","description":"恶意IP全自动封禁平台。支持收集如下安全设备告警：长亭WAF社区版（SafeLine）、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁：RouterOS、OPNsense、CheckPoint、奇安信防火墙、旁路阻断（无需设备配合）","archived":false,"fork":false,"pushed_at":"2024-12-30T14:23:19.000Z","size":27804,"stargazers_count":161,"open_issues_count":0,"forks_count":34,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-01T02:08:38.388Z","etag":null,"topics":["docker","firewall","hids","sec","security","security-tools","waf","web-security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sec-report.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-02T06:32:21.000Z","updated_at":"2024-12-30T14:23:22.000Z","dependencies_parsed_at":"2024-06-08T10:36:57.741Z","dependency_job_id":"6ced5c0b-330f-44f8-861c-46ea4ed989e6","html_url":"https://github.com/sec-report/SecAutoBan","commit_stats":null,"previous_names":["sec-report/secautoban"],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sec-report%2FSecAutoBan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sec-report%2FSecAutoBan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sec-report%2FSecAutoBan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sec-report%2FSecAutoBan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sec-report","download_url":"https://codeload.github.com/sec-report/SecAutoBan/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":232183059,"owners_count":18484727,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","firewall","hids","sec","security","security-tools","waf","web-security"],"created_at":"2024-09-10T02:01:42.383Z","updated_at":"2025-09-07T06:32:25.474Z","avatar_url":"https://github.com/sec-report.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# SecAutoBan\n\n安全设备告警IP全自动封禁平台，支持百万IP秒级分析处理。\n\n[文档中心](https://secaegis.com/)\n\n![](./img/index.gif)\n\n封禁流水：\n\n![](./img/dashboard.gif)\n\n\u003e 以上演示过程中出现的攻击IP均为随机生成，不构成任何威胁建议。\n\n# 开始使用\n\n平台分为三大模块，分别为：告警日志解析处理模块、核心处理模块、IP封禁/解禁模块。\n\n其中，告警模块处理的IP会传入核心模块，核心模块会对IP进行去重过滤等处理，处理后IP会发送到封禁模块进行封禁。\n\n具体流程思维导图如下：\n\n![](./img/mind.jpg)\n\n## 社区版私有部署方案\n\n\u003e 单机版仅供社区交流学习，禁止任何商业/OEM行为，商业版请联系邮箱[secaegis@outlook.com](mailto:secaegis@outlook.com)。\n\n### 安装 \u0026\u0026 运行\n\n```shell\nmkdir SecAutoBan \u0026\u0026 cd SecAutoBan\nwget https://raw.githubusercontent.com/SecAegis/SecAutoBan/main/run.sh\nchmod +x run.sh\n./run.sh\n```\n\n\u003e [run.sh 命令介绍](#runsh-命令介绍)\n\nDocker全部运行后访问 [http://127.0.0.1/](http://127.0.0.1/) 访问管理后台，初始化管理员账号\n\n### 激活\n\n关注微信公众号: `信息安全报告`，点击公众号菜单栏`激活码`-`SecAutoBan`，获取激活码。\n\n\u003cimg width=\"250\" src=\"./img/mp_wx.jpg\"\u003e\n\n获取到激活码后，请在后台: `系统设置` - `证书管理`，进行绑定。\n\n## 告警模块使用\n首先在管理后台添加告警设备：\n\n![](./img/alarm1.jpg)\n\n添加设备后，复制设备连接Key。（注意：设备连接Key仅显示一次，请妥善保存）\n\n![](./img/alarm2.jpg)\n\n使用获得的设备Key运行告警模块，具体使用详情请跳转至：[device/alarm](./device/alarm) 查看。\n\n目前仓库中仅有少量模版，未适配的设备只需手动实现一个函数。对于通用类设备，欢迎适配后提起PR推送至`device/alarm`目录，方便其他人使用。\n\n## 封禁模块使用\n首先在管理后台添加封禁设备：\n\n![](./img/block1.jpg)\n\n添加设备后，复制设备连接Key。（注意：设备连接Key仅显示一次，请妥善保存）\n\n![](./img/block2.jpg)\n\n使用获得的设备Key运行封禁模块，具体使用详情请跳转至：[device/block](./device/block) 查看。\n\n目前仓库中仅有少量模版，未适配的设备只需手动实现两个函数。对于通用类设备，欢迎适配后提起PR推送至`device/block`目录，方便其他人使用。\n\n## 告警/封禁模块列表\n\n\u003e 现有模块如下，实时更新中\n\n| 告警模块  | 封禁模块 |\n| ------------- | -------- |\n| [长亭WAF社区版](./device/alarm/chaitin_waf_ce) | [旁路阻断](./device/block/tcp_reset) |\n| [微步蜜罐HFish](./device/alarm/threatbook_hfish) | [OPNsense](./device/block/opnsense) |\n| [奇安信天眼](./device/alarm/qianxin_skyeye) |[RouterOS](./device/block/router_os) |\n| [奇安信椒图](./device/alarm/qianxin_jowtolock) | [CheckPoint](./device/block/check_point) |\n| [绿盟WAF](./device/alarm/nsfocus_waf) | [奇安信防火墙](./device/block/qianxin_firewall) |\n| [科来网络安全分析审计系统](./device/alarm/kelai_wangluoanquanfenxishenjixitong) | [钉钉告警通知](./device/block/dingtalk_robot) |\n| [深信服态势感知](./device/alarm/sangfor_sip) | [BGP封禁](./device/block/bgp) |\n| [启明星辰全网安全态势感知系统](./device/alarm/venustech_qwaqtsgzxt) | [天融信防火墙](./device/block/topsec_firewall) |\n| [天融信WAF](./device/alarm/topsec_waf) | [深信服防火墙](./device/block/sangfor_firewall) |\n\n## 黑/白名单说明\n\n* 黑名单就是已经封禁的IP，已封禁的IP都可以在该列表查询到。如果设置了有效期，到期后会自动解禁、删除。\n* 新增白名单时会回溯一遍已经封禁的IP，若IP已经封禁会立即封禁，并从黑名单中删除。\n* 手动添加IP至黑名单时，会自动对IP进行：格式校验、去重、对比白名单等操作。若添加IP后，平台提示新增的IP比实际填写的IP数量少，属于正常情况，可能已被过滤。\n\n## 网络连接说明\n\n* 核心模块：核心模块不会主动发起TCP连接，只需模块和管理机器能访问Web端口即可。\n* 告警模块：如需监听Syslog请打开安全设备到告警模块对应UDP端口，同时告警模块需要正向访问核心模块Web端口（`WebSocket`通讯）。\n* 封禁模块：封禁模块无需监听任何端口，只需要正向访问核心模块Web端口（`WebSocket`通讯），及需要连接的封禁设备即可。\n\n## 沟通群\n\n\u003e 请加好友并备注：`SecAutoBan加群`\n\n\u003cimg width=\"250\" src=\"./img/wx.jpg\"\u003e\n\n## run.sh 命令介绍\n\n```shell\n# 启动服务\n./run.sh\n\n# 停止服务\n./run.sh stop\n\n# 更新平台\n./run.sh update\n\n# 修改用户密码\n./build.sh exec changeUserPassword -username admin -password xxx\n```\n\n## 其他作品\n\n[SecReport](https://github.com/SecAegis/SecReport)：ChatGPT加持的，多人在线协同信息安全报告编写平台。\n\n## Star History\n\n\u003ca href=\"https://github.com/SecAegis/SecAutoBan/stargazers\"\u003e\n    \u003cimg width=\"500\" alt=\"Star History Chart\" src=\"https://api.star-history.com/svg?repos=SecAegis/SecAutoBan\u0026type=Date\"\u003e\n\u003c/a\u003e \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSecAegis%2FSecAutoBan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSecAegis%2FSecAutoBan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSecAegis%2FSecAutoBan/lists"}