GuardianUnivalle-Benito-Yucra 0.1.55__tar.gz → 0.1.57__tar.gz

{guardianunivalle_benito_yucra-0.1.55 → guardianunivalle_benito_yucra-0.1.57}/GuardianUnivalle_Benito_Yucra/detectores/detector_dos.py

@@ -26,9 +26,26 @@ if not logger.handlers:
 # =====================================================
 # URLs CONCEPTUALES de donde EXTRAERÍAS IPs/CIDR
 IP_BLACKLIST_SOURCES = [
-    "http://api.sitio_de_inteligencia.com/blacklist/ip_list", 
-    "http://otro_sitio.com/export_ips.txt",                 
-    "https://iplists.firehol.org/files/firehol_level1.netset", 
+    # 1. FireHOL (Agregador General de Nivel 1) - Ya funciona
+    "https://iplists.firehol.org/files/firehol_level1.netset",
+
+    # 2. Blocklist.de (Ataques Web) - Bruteforce contra Webservers
+    "http://lists.blocklist.de/lists/web.txt",
+
+    # 3. SANS DShield (Escaneo y Ataque de Alto Riesgo) - IPs más activas en las últimas 24h
+    "https://feeds.dshield.org/top20.txt",
+
+    # 4. Abuse.ch Feodo Tracker (Botnets C&C) - Hosts de C&C activos de troyanos
+    "https://feodotracker.abuse.ch/downloads/ipblocklist.txt",
+
+    # 5. Abuse.ch URLhaus (Hosts de Malware) - IPs que distribuyen malware
+    "https://urlhaus.abuse.ch/downloads/hostblocklist/",
+
+    # 6. Emerging Threats (Open) - IPs conocidas por actividad de ataque general
+    "https://rules.emergingthreats.net/fwrules/emerging-tor.txt",
+    
+    # 7. Tor Project (Nodos de Salida) - Bloquea usuarios que se conectan vía Tor Exit Nodes
+    "https://check.torproject.org/torbulkexitlist?ip=1.1.1.1" 
 ]
 
 # Cabeceras para simular un navegador
@@ -46,17 +63,20 @@ def fetch_and_parse_blacklists() -> Set[str]:
     """
     global_blacklist: Set[str] = set()
     # Patrón Regex para IPs (admite también rangos CIDR)
-    ip_pattern = re.compile(r'\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(/\d{1,2})?\b')
+
+    ip_pattern = re.compile(r'\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:/\d{1,2})?\b') 
 
     for url in IP_BLACKLIST_SOURCES:
         try:
             response = requests.get(url, headers=SCRAPING_HEADERS, timeout=15)
             response.raise_for_status()
             
-            found_ips = set(ip_pattern.findall(response.text))
+            found_ips = ip_pattern.findall(response.text)
             
             # Limpieza
-            cleaned_ips = {ip[0] for ip in found_ips if ip[0] not in ('0.0.0.0', '255.255.255.255')}
+            #cleaned_ips = {ip[0] for ip in found_ips if ip[0] not in ('0.0.0.0', '255.255.255.255')}
+            cleaned_ips = {ip for ip in found_ips if ip not in ('0.0.0.0', '255.255.255.255')}
+            
             
             global_blacklist.update(cleaned_ips)
             logger.info(f"[Threat Intel] Éxito al obtener {len(cleaned_ips)} IPs/CIDR de {url}")

{guardianunivalle_benito_yucra-0.1.55 → guardianunivalle_benito_yucra-0.1.57}/GuardianUnivalle_Benito_Yucra.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.55
+Version: 0.1.57
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.55 → guardianunivalle_benito_yucra-0.1.57}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.55
+Version: 0.1.57
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.55 → guardianunivalle_benito_yucra-0.1.57}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "GuardianUnivalle-Benito-Yucra"  # usar mayúsculas consistente
-version = "0.1.55"
+version = "0.1.57"
 description = "Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask"
 authors = [
     { name = "Andres Benito Calle Yucra", email = "benitoandrescalle035@gmail.com" }