tornados 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 13eb9528e80a18cb172286e4749182fd19663212d2ec526f05ff2154e1ddd28e
-  data.tar.gz: 482688eb7fb599ab85e3f3ac90052dafc40c8a7529bf8febbfc89629a70c58e2
+  metadata.gz: db771b465f7959bd5544df4738b70261ee53ac2424924495ca32f99ab0f3c844
+  data.tar.gz: 350485c2fc597319c63fb8b3f815310e82f31aa41a4b5e44585ee67dea29ca7c
 SHA512:
-  metadata.gz: 143bfa20ed022819bc2eb70deb4f3f31814bc8b4a1c5cee31f2fa3549d85da82cb7e23e0817a45ac04655646a46a8c010fafa5077e8c2e6c04ae84f8c85160d2
-  data.tar.gz: 1c01490c41ede9f8a7b1bf11c23283025fd54c6265c3fb4198c534d1eb7086585006d2451f96cf8bd0079ce098162437f770a5977669caeb843aaff8bd2a1caa
+  metadata.gz: 9b8f5f3b8f0ef2ccfd67cccc49eab4af0651e51d4724245b8bc3f0db7cdc727186a4ae10401be7ecce1a50ae66d8728cc0cef93abbf37727b51cc1ab1b937ae1
+  data.tar.gz: e70bb40a3d8c955807188c47ea6877232cc2d6c8fea710175f479b847b76cf7405a6fe39100cccb5ee54d2c7d87fab14d6ed1ed0a7a8f169618284bbd67605e8

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    tornados (0.1.0)
+    tornados (0.1.1)
       faraday (~> 2.2.0)
       maxmind-geoip2 (~> 1.1.0)
 

data/README.md

@@ -14,14 +14,21 @@ To install
 ```bash
 gem install tornados
 ```
-
-To use
+To use (-k - is a MaxMind secret key):
+```bash
+tornados -k key
+```
+or (MaxMind keys as environmet variable and -i key define what country nodes to include into result):
 ```bash
-tornados
+GEO_API_DATABASE_LICENSE_KEY=key tornados -i RU
 ```
 After this, tor_exit_nodes_list.csv will be created in current directory.
 
 You can use this file in SIEM, for example, to detection malicious network traffic.
+To display help info:
+```ruby
+tornados -h
+```
 
 ## Library
 
@@ -47,7 +54,7 @@ returns array of arrays whith next format
 ### Tornados::MaxDbFetcher
 
 ```ruby
-Tornados::MaxDbFetcher.call
+Tornados::MaxDbFetcher.call(key)
 ```
 download to disk max db file and return path to it
 

data/lib/tornados/cli_client.rb

@@ -1,37 +1,29 @@
 # frozen_string_literal: true
 
+require "optparse"
+
 module Tornados
   class CliClient
+    private
+
+    attr_reader :options
+    
+    public
+    
     def start
-      user_args = args
-      if user_args.empty?
-        print_prompt
-      else
-        print_prompt_with_input
-      end
-      prepare_result(user_args)
+      prepare_options
+      print_prompt
+      prepare_result
       print_finish_message
     end
 
     private
 
-    def print_prompt
-      puts <<~TEXT
-        Example of usage:
-        GEO_API_KEY=key tornado <uri>, <result file>
-        Runs with default args:
-        tor nodes URI = #{Tornados::NodesFetcher.default_url}
-        result_file = #{Tornados::FileWriter.default_result_file}
-      TEXT
-    end
-
-    def print_prompt_with_input
+    def print_prompt()
       puts <<~TEXT
-        Example of usage:
-        GEO_API_KEY=key tornado <uri>, <result file>
         Runs with args:
-        tor nodes URI = #{args[:uri]}
-        result_file = #{args[:file]}
+        tor nodes URI = #{options[:nodes_list] || Tornados::NodesFetcher.default_url}
+        result_file = #{options[:result_file] || Tornados::FileWriter.default_result_file}
       TEXT
     end
 
@@ -39,18 +31,55 @@ module Tornados
       puts "Work done. See result in #{Tornados::FileWriter.default_result_file}. Bye!"
     end
 
-    def args
-      result = ARGV
-      return {} if result.empty?
-      {uri: result.first, file: result.last}
+    def prepare_result
+      tor_exit_nodes = Tornados::NodesFetcher.call(options[:exit_nodes_uri])
+      geobase_file_path = Tornados::MaxDbFetcher.call(options[:max_mind_key] || ENV["GEO_API_DATABASE_LICENSE_KEY"])
+      enriched_tor_exit_nodes = Tornados::GeoEnrich.call(tor_exit_nodes, geobase_file_path, filter)
+      csv_enriched_tor_exit_nodes = Tornados::CsvFormater.call(enriched_tor_exit_nodes)
+      Tornados::FileWriter.call(csv_enriched_tor_exit_nodes, options[:result_file])
     end
+    
+    def filter
+      return nil unless options[:included_iso_codes]
 
-    def prepare_result(args)
-      tor_exit_nodes = Tornados::NodesFetcher.call(args[:uri])
-      geobase_file_path = Tornados::MaxDbFetcher.call
-      enriched_tor_exit_nodes = Tornados::GeoEnrich.call(tor_exit_nodes, geobase_file_path)
-      csv_enriched_tor_exit_nodes = Tornados::CsvFormater.call(enriched_tor_exit_nodes)
-      Tornados::FileWriter.call(csv_enriched_tor_exit_nodes, args[:file])
+      l = -> (checked_value) { options[:included_iso_codes].include?(checked_value) }
+      Tornados::Filter.new(l) 
+    end
+
+    def prepare_options
+      @options = {}
+      optparse = OptionParser.new do |opts|
+        opts.banner = usage_example_message
+
+        opts.on( '-h', '--help', 'Display this screen' ) do
+          puts opts
+          exit
+        end
+
+        opts.on("-u", "--uri <URI>", "Uri with tor exit nodes list") do |v|
+          @options[:exit_nodes_uri] = v
+        end
+
+        opts.on("-f", "--file <file>", "Result file with path") do |v|
+          @options[:result_file] = v
+        end
+
+        opts.on("-k", "--key <file>", "MaxMind API key") do |v|
+          puts 111
+          puts ENV["GEO_API_DATABASE_LICENSE_KEY"]
+          @options[:max_mind_key] = v
+        end
+
+        opts.on("-i", "--include <ISO code1, ISO codeN>", "Include only ip with this iso codes") do |v|
+          @options[:included_iso_codes] = v.split(",").map(&:strip)
+        end
+      end
+
+      optparse.parse!
+    end
+    
+    def usage_example_message
+      "GEO_API_KEY=key tornado -u <exit nodes uri> -f <result file> -i <ip country iso codes>"
     end
   end
 end

data/lib/tornados/filter.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Tornados
+  class Filter
+      private
+
+      attr_reader :condition
+
+      public
+
+    def initialize(lambda)
+      @condition = lambda
+    end
+    
+    def accept?(checked_value)
+      condition.call(checked_value)
+    end
+  end
+end

data/lib/tornados/geo_enrich.rb

@@ -6,26 +6,33 @@ module Tornados
   class GeoEnrich < Service
     private
 
-    attr_reader :ip_list, :reader
+    attr_reader :ip_list, :filter, :reader
     
     public
 
-    def initialize(ip_list, max_db_file_path)
-        @ip_list = ip_list
-        @reader = MaxMind::GeoIP2::Reader.new(database: max_db_file_path)
+    def initialize(ip_list, max_db_file_path, filter = nil)
+      @filter = filter
+      @ip_list = ip_list
+      @reader = MaxMind::GeoIP2::Reader.new(database: max_db_file_path)
     end
     
     private
 
     def execute
-        ip_list.map do |arr|
-           [arr.first, *country_code_by_ip(arr.first)]
+      ip_list.each_with_object([]) do |arr, result|
+        ip = arr.first
+        iso_code, name = *country_code_by_ip(ip)
+        if filter
+          result << [ip, iso_code, name] if filter.accept?(iso_code)
+        else
+          result << [ip, iso_code, name]
         end
+      end
     end
     
     def country_code_by_ip(ip)
-         record = reader.country(ip)
-         [record.country.iso_code, record.country.name]
+      record = reader.country(ip)
+      [record.country.iso_code, record.country.name]
     end
   end
 end

data/lib/tornados/max_db_fetcher.rb

@@ -21,11 +21,12 @@ module Tornados
 
     private
 
-    attr_accessor :max_db_file_path
+    attr_accessor :key, :max_db_file_path
 
     public
 
-    def initialize(max_db_storage = nil)
+    def initialize(key, max_db_storage = nil)
+      @key = key
       max_db_storage = max_db_storage || MAX_DB_STORAGE
       @max_db_file_path = File.join(max_db_storage, MAX_DB_FILE_NAME)
     end
@@ -47,9 +48,9 @@ module Tornados
     end
 
     def license_key_option
-      raise MaxDbKeyNotFoundError unless ENV["GEO_API_DATABASE_LICENSE_KEY"]
+      raise MaxDbKeyNotFoundError unless key
 
-      {license_key: ENV["GEO_API_DATABASE_LICENSE_KEY"]}
+      {license_key: key}
     end
 
     def extract_tar_gz_file(file)

data/lib/tornados/nodes_fetcher.rb

@@ -2,7 +2,7 @@
 
 module Tornados
   TOR_NODES_LIST_URI = "https://raw.githubusercontent.com"
-  TOR_NODES_LIST_PATH ="SecOps-Institute/Tor-IP-Addresses/master/tor-nodes.lst"
+  TOR_NODES_LIST_PATH = "SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst"
 
   # Service for download exit tor nodes IP list.
   # Result is array of arrays:

data/lib/tornados/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Tornados
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

data/lib/tornados.rb

@@ -13,6 +13,7 @@ require_relative "tornados/file_writer"
 require_relative "tornados/http_client"
 require_relative "tornados/nodes_fetcher"
 require_relative "tornados/max_db_fetcher"
+require_relative "tornados/filter"
 require_relative "tornados/geo_enrich"
 require_relative "tornados/cli_client"
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tornados
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Alexey Slivka
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-04-03 00:00:00.000000000 Z
+date: 2022-04-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -116,6 +116,7 @@ files:
 - lib/tornados/csv_formater.rb
 - lib/tornados/errors.rb
 - lib/tornados/file_writer.rb
+- lib/tornados/filter.rb
 - lib/tornados/formater.rb
 - lib/tornados/geo_enrich.rb
 - lib/tornados/http_client.rb