{"id":22283793,"url":"https://github.com/veaba/attack-ip","last_synced_at":"2025-07-29T23:34:53.489Z","repository":{"id":104582130,"uuid":"199130153","full_name":"veaba/attack-ip","owner":"veaba","description":"记录用于非法行为的ip，包括mongo日志和redis日志的攻击可视化。https://datav.ai","archived":false,"fork":false,"pushed_at":"2019-07-30T09:46:25.000Z","size":81,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-25T19:53:27.212Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/veaba.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-07-27T07:10:15.000Z","updated_at":"2019-07-30T09:46:27.000Z","dependencies_parsed_at":null,"dependency_job_id":"1d25546b-b600-453d-be05-43233a25ec84","html_url":"https://github.com/veaba/attack-ip","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/veaba/attack-ip","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veaba%2Fattack-ip","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veaba%2Fattack-ip/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veaba%2Fattack-ip/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veaba%2Fattack-ip/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/veaba","download_url":"https://codeload.github.com/veaba/attack-ip/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veaba%2Fattack-ip/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267780324,"owners_count":24143202,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-29T02:00:12.549Z","response_time":2574,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-03T16:42:18.553Z","updated_at":"2025-07-29T23:34:53.461Z","avatar_url":"https://github.com/veaba.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 关注网络IP安全行为\n\n欢迎大家把这些IP都添加为黑名单\n\n\n## 统计（来自个人的真实的mongodb数据库统计）\n\n截止2017-10-30 ——2019年7月29日\n\n- 一共遭受6093 ip 攻击/访问\n\n![attack-mongo-ip-list](attack-mongo/images/attack-mongo-ip.png)\n\n- 涉及来源的端口 10920个！端口 攻击/访问\n\n![attack-mongo-port-list](attack-mongo/images/attack-mongo-port.png)\n## 添加黑名单方式 TODO\n\n## 涉嫌Mongodb 攻击 TODO\n\n## cc攻击 TODO\n\n## APT攻击 TODO\n\n## DDOS TODO\n\n## 关于网络安全防范 TODO\n\n### Mongodb  TODO\n### Redis TODO\n### Nginx  TODO\n\n## 工具  TODO\n\n## docker 查看mongodb日志\n\n### datav.io 提供mongodb 受攻击日志\n\ndocker logs -f containerId | grep from   \u003e\u003e mongo.log \n\n\n将文件导入到https://datav.ai/tools/mognodb  (TODO 尚未开搞)即可列出手工具的数据\n\n\u003e【注】： 该工具只会文本的正则方式解析被的ip名单，不会记录用户的任何信息。\n\n### 手动的方式，公布正则表达式\n\n- nodejs\n\n- python\n\n测试版Python代码，todo，后续增加多维度统计。2019年7月29日10:54:56\n\n**封装版python3.0脚本解析mongo日志释出**\n见[mongo-log-parser.py](attack-mongo/python/mongo-log-parser.py)\n\n```shell\n\n# 解析ip.yml 和port.yml 文件\npython mongo-log-parser.py mongo.log  \n\n# 如果带参数`-all` 则全部解析出来，不去重\npython mongo-log-parser.py mongo.log  --all\n\n```\n\n**单机版python脚本解析mongo日志释出：**\n\n```python\nimport re\nip_list=[] #ip list\nport_list=[]\n\n# 解析mongo.log 单行的数据，得到ip、port\ndef _findall(line):\n    pattern_ip_port = re.compile(r'^.*from (.+?) \\(\\d .*$')  # ['1.202.68.84:40992 #6238']\n    ip_port = pattern_ip_port.findall(line)\n    str_ip_port = ''.join(ip_port)\n    str_ip = re.sub(r':.*$', \"\", str_ip_port)  # 1.202.68.84\n    str_port = re.sub(r'^.*:(.+?) #', '', str_ip_port)  # 40992\n    ip_list.append(str_ip)\n    port_list.append(str_port)\n\n# 读写mongo日志，并写入\ndef parser_mongo_log():\n    with open(\"file/aliyun-mongo.log\", \"r\", errors='ignore') as f:\n        for line in f:\n            _findall(line)\n    set_ip_list = list(set(ip_list))\n    set_port_list = list(set(port_list))\n\n    print(\"ip列表：\", set_ip_list)\n    print(\"端口列表：\", set_port_list)\n\n    # 不去重\n    with open('file/aliyun_ip_list_all.yml', 'w') as f:\n        for ip in ip_list:\n            if len(ip) != 0:\n                f.write(ip + '\\n')\n    with open('file/aliyun_port_list_all.yml', 'w') as f:\n        for port in port_list:\n            if len(port) != 0:\n                f.write(port + '\\n')\n    # 写到一个文件里面去,去重\n    with open('file/aliyun_ip_list.yml', 'w') as f:\n        for ip in set_ip_list:\n            f.write(ip + '\\n')\n    with open('file/aliyun_port_list.yml', 'w') as f:\n        for port in set_port_list:\n            f.write(port + '\\n')\n\nparser_mongo_logo()\n```\n- java\n\n- rust\n\n- shell\n\n-\n也可以通过","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fveaba%2Fattack-ip","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fveaba%2Fattack-ip","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fveaba%2Fattack-ip/lists"}