Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- .SYNOPSIS
- Check whether ip address is blocked
- .DESCRIPTION
- Check whether ip address is within one of specifised subnet cidrs
- .PARAMETER addresses
- List of ips or dns names or http addresses to check
- .PARAMETER strict
- Whether to throw an exception when [resolved] ip address is in blocked cidr
- .EXAMPLE
- blocked site.com
- # check whether site.com is blocked
- .EXAMPLE
- blocked http://site2.com/qwerty?asd=wer
- # check whether site2.com is blocked
- .EXAMPLE
- blocked 1.2.3.4
- # check whether 1.2.3.4 is blocked
- .EXAMPLE
- blocked 5.6.7.8 -strict
- # check whether 5.6.7.8 is within one of blocked networks and throw an exception if it is
- .EXAMPLE
- blocked 11.12.13.14 15.16.17.18 google.com
- # check whether either of [11.12.13.14, 15.16.17.18, google.com] is within one of blocked networks.
- #>
- Param (
- [Parameter(ValueFromRemainingArguments = $true)][string[]]$addresses,
- [switch]$strict
- )
- $blocked_networks = @(
- "103.246.200.0/22",
- "109.239.140.0/24",
- "128.199.0.0/16",
- "13.125.0.0/16",
- "13.230.0.0/15",
- "13.56.0.0/14",
- "149.154.160.0/20",
- "149.154.164.0/22",
- "149.154.168.0/22",
- "149.154.172.0/22",
- "159.122.128.0/18",
- "159.203.0.0/16",
- "159.65.0.0/16",
- "159.89.0.0/16",
- "165.227.0.0/16",
- "167.99.0.0/16",
- "174.138.0.0/17",
- "176.67.169.0/24",
- "178.239.88.0/21",
- "178.63.0.0/16",
- "18.130.0.0/16",
- "18.144.0.0/16",
- "18.204.0.0/14",
- "18.218.0.0/16",
- "18.236.0.0/15",
- "185.166.212.0/23",
- "185.229.227.0/24",
- "188.166.0.0/17",
- "195.154.0.0/17",
- "203.104.128.0/20",
- "203.104.144.0/21",
- "203.104.152.0/22",
- "206.189.0.0/16",
- "34.240.0.0/13",
- "34.248.0.0/13",
- "35.176.0.0/15",
- "35.178.0.0/15",
- "35.180.0.0/16",
- "45.76.82.0/23",
- "46.101.128.0/17",
- "51.136.0.0/15",
- "52.32.0.0/16",
- "52.56.0.0/16",
- "52.57.0.0/16",
- "54.212.0.0/15",
- "54.228.0.0/15",
- "64.137.0.0/17",
- "68.171.224.0/19",
- "74.82.64.0/19",
- "91.108.12.0/22",
- "91.108.16.0/22",
- "91.108.20.0/22",
- "91.108.24.0/23",
- "91.108.33.0/24",
- "91.108.36.0/23",
- "91.108.38.0/23",
- "91.108.4.0/22",
- "91.108.56.0/22",
- "91.108.8.0/22",
- "94.177.224.0/21",
- "98.158.176.0/20"
- )
- Function CheckAddress($address) {
- $ips = @()
- if ($address -match "^([\d\.]+)$") {
- $ips += $address
- } else {
- $address = $address -replace "^(\w+://)?([^/]+).*?$", '$2'
- [System.Net.Dns]::GetHostAddresses($address) | % {
- $ips += $_.IPAddressToString
- }
- }
- $ips | % {
- if ($blocked = IsIpBlocked -ip $_) {
- $message = "IP $_ is within blocked network $blocked"
- if ($strict) {
- throw $message
- } else {
- Write-Host $message -ForegroundColor Red
- }
- } else {
- Write-Host "IP $_ is not within blocked networks" -ForegroundColor Green
- }
- }
- }
- Function IsIpBlocked($ip) {
- $blocked = $null
- if (!$ip) { return $blocked }
- $blocked_networks | % {
- if (IsIpWithinCidr -ip $ip -cidr $_) {
- $blocked = $_
- }
- }
- return $blocked
- }
- Function IsIpWithinCidr($ip, $cidr) {
- if (!($ip -is [System.Net.IPAddress])) {
- $ip = [System.Net.IPAddress]::Parse($ip)
- }
- $parts = $cidr.Split('/');
- $subnet_ip = [System.Net.IPAddress]::Parse($parts[0])
- $subnet_bits = [int]$parts[1]
- $ip_int = [BitConverter]::ToInt32($ip.GetAddressBytes(), 0)
- $subnet_ip_int = [BitConverter]::ToInt32($subnet_ip.GetAddressBytes(), 0)
- $subnet_mask_int = [System.Net.IPAddress]::HostToNetworkOrder(-1 -shl (32 - $subnet_bits))
- return (($ip_int -band $subnet_mask_int) -eq ($subnet_ip_int -band $subnet_mask_int))
- }
- if ($addresses.Count -gt 0) {
- $addresses | % { CheckAddress -address $_ }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement