IP Blocklist to Cisco ASA access-list VBscript

**This article is old, see new Blocklist2ACL 2.0 project.**


Hi folks! A little script I wrote with VBscript that pulls in IP blocklists from different third party URLs and converts them in to well-formatted Cisco ASA access-lists.  The idea stemed from the old days of running PeerGuardian and Moblock to inhibit known malicious or unwanted IP address from attempting to connect and stopping them right then and there on your computer’s firewall. It is similar to URL Blocklists that focus on URLs and Domain Names, but instead filering is done by IPs only. I wanted to take this IP Blocklist concept that has primarly been done at the Desktop Fireweall layer and abstract it to the Network Firewall. In this case a Cisco ASA that way all traffic that any connection that crosses the Firewall will be filtered by this list.

The script is fairly straightforward and the source code is below so you may look through it. Feel free to improve upon it and share it with others. I have a few years of writing vbscripts, but am in no way a professional coder. Also, if you by any chance know Linux Shell or Qt and could potentially port this to Linux or even better JAVA for platform independence, let me know!! That would be sweet.

Video Tutorial

Screenshot


The Blocklists

Each blocklist is sourced by a third party maintainer, and distributed by them. I take no responsibilities for their content or any ownership of the content. Please review their usage terms.

Some blocklists require conversion from their native format to CIDR format for easy processing into the access-list format. To accomplish this, my script utilizes a web based Form hosted by Bluetrack, located here.(http://www.bluetack.co.uk/converter/).

Another shout out is to the writer of the following scripts on CDIR and subnet conversion, located here (http://www.indented.co.uk/2008/10/21/vbscript-subnet-math/) THANK YOU!!

GZIP Requirement

Lastly, you will need gzip.exe to un-gzip some of the blocklists that are downloaded as gzipped files. Luckly gzip is a GNU Free Software Foundation and can be downloaded via http://gnuwin32.sourceforge.net/packages/gzip.htm. Click on the Binaries ZIP link to download it from SourceForge. Look for the gzip.exe executable in the bin folder of the ZIP file. Copy this into the same directory as the HTA file.
ACLfolder

Source Code: Blocklist2ACL-v3.hta

;

Blocklist2ACL by thejimmahknows<script>// <![CDATA[
		 Sub Window_onLoad
			window.resizeTo 675,875
		End Sub 
		Sub Sleep(Msecs)
			'needed cause no Wscript object for HTA files
			Set SleepFSO = CreateObject("Scripting.FileSystemObject")
			If SleepFSO.FileExists("sleeper.vbs")=False Then
				Set objOutputSleeperFile = SleepFSO.CreateTextFile("sleeper.vbs", True)
				objOutputSleeperFile.Write "wscript.sleep Wscript.Arguments(0)"
				objOutputSleeperFile.Close
			End If
			CreateObject("Wscript.Shell").run "sleeper.vbs " & Msecs,1 , True
		
		
		End Sub
	
		Set WshShell = CreateObject("WScript.Shell")
		currPath = WshShell.CurrentDirectory
		'currPath =  CreateObject("Scripting.FileSystemObject").GetParentFolderName(WScript.ScriptFullName)
		

		'constants and URLs
		Const ForReading = 1
		Const ForWriting = 2
		Const emergingURL = "http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt"
		Const level1URL = "http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz"
		Const sigmaprojectsURL = "http://blocklist.sigmaprojects.org/api.cfc?method=getlist&lists=webexploit,spyware,anti-infringement,spammers"
		Const dshieldURL  = "http://feeds.dshield.org/block.txt"

		Dim outFile : outFile = currPath & "test_output.txt"
		Dim emergingFile : emergingFile = currPath & "emergingIPs.txt"
		Dim level1FileGZ : level1FileGZ = currPath & "level1.txt.gz"
		Dim level1File : level1File = currPath & "level1.txt"
		Dim sigmaprojectsFileGZ: sigmaprojectsFileGZ = currPath & "sigmaprojectsIPs.txt.gz" 
		Dim sigmaprojectsFile: sigmaprojectsFile = currPath & "sigmaprojectsIPs.txt" 
		Dim dshieldFile: dshieldFile = currPath & "dshieldIPs.txt"
		Dim mainOutputStr, ACL_NAME, logSuffix

		Sub WGET(URL, DownloadLocation)
			dim xHttp: Set xHttp = createobject("MSXML2.ServerXMLHTTP.6.0")
			dim bStrm: Set bStrm = createobject("Adodb.Stream")
			xHttp.Open "GET", URL , False
			xHttp.Send

			with bStrm
				.type = 1 '//binary
				.open
				.write xHttp.responseBody
				.savetofile DownloadLocation, 2 '//overwrite
			end with

		End Sub

		Sub unGZ(filePathGZ, filePath)
				Set objFSO = CreateObject("Scripting.FileSystemObject")
				execPath = chr(34) & currPath & "gzip.exe" & chr(34) & "-dqf " & chr(34) & filePathGZ &  chr(34)
				
				'run gzip uncompress
				WshShell.Run execPath 
				
				'loop until file exists from previous call
				fileExist = False
				Do Until fileExists = True
					If objFSO.fileExists (filePath) Then
						fileExists = True
					Else
						Sleep(2000)
					End If
				Loop
		End Sub

		Function TrimFile(file)
			Set objFSO = CreateObject("Scripting.FileSystemObject")
			Set objFile = objFSO.OpenTextFile(file, ForReading)

			Do Until objFile.AtEndOfStream
				strLine = objFile.Readline
				strLine = Trim(strLine)
				If Len(strLine) > 0 Then
					strNewContents = strNewContents & strLine & vbCrLf
				End If
			Loop

			objFile.Close

			Set objFile = objFSO.OpenTextFile(file, ForWriting)
			objFile.Write strNewContents
			objFile.Close
		End Function

		Function BlueTrackConverterPG2CIDR(inLine) 'only for P2P format blocklist files
			Dim  objIE, sourceItem
			
			sourceItem = inLine
			
			Set objIE = CreateObject("InternetExplorer.Application")
			objIE.visible = False
			objIE.Navigate "http://www.bluetack.co.uk/converter/"

			Do Until objIE.readyState = 4 : Sleep(200) : Loop

			objIE.Document.getElementByID("fromformat").value = "pg"
			objIE.Document.getElementByID("toformat").value = "shorewall"
			objIE.Document.getElementByID("denyonly").value = "yes"
			objIE.Document.getElementByID("listCleaning").value = "mergeoverlaps"
			objIE.Document.getElementByID("sortBy").value = "IP"
			
			'paste in IE forum
			objIE.Document.getElementByID("sfrom").value = sourceItem
			Sleep(200)

				For Each INPUT in objIE.Document.getElementsByTagName("input")
					If INPUT.Value = "Convert" Then
						INPUT.Click
						Exit For
					End If
				Next
			
			'return value
			Sleep(200)
			BlueTrackConverterPG2CIDR = objIE.Document.getElementByID("sto").value 
			
			objIE.Quit
			Set objIE = Nothing
		End Function


		Function BlueTrackConverterDSHIELD2CIDR(inStr) 'only for DSHIELD conversions
			Dim  objIE, runStr
			
			Set objIE = CreateObject("InternetExplorer.Application")
			objIE.visible = False
			objIE.Navigate "http://www.bluetack.co.uk/converter/"

			Do Until objIE.readyState = 4 : Sleep(200) : Loop

			objIE.Document.getElementByID("fromformat").value = "dshield"
			objIE.Document.getElementByID("toformat").value = "shorewall"
			objIE.Document.getElementByID("denyonly").value = "yes"
			objIE.Document.getElementByID("listCleaning").value = "mergeoverlaps"
			objIE.Document.getElementByID("sortBy").value = "IP"
			
			
				'paste in IE forum
				objIE.Document.getElementByID("sfrom").value = inStr

				For Each INPUT in objIE.Document.getElementsByTagName("input")
					If INPUT.Value = "Convert" Then
						INPUT.Click
						Exit For
					End If
				Next
			
			'return outputStr
			BlueTrackConverterDSHIELD2CIDR =  objIE.Document.getElementByID("sto").value
			
			objIE.Quit
			Set objIE = Nothing
		End Function

		Function MaskLengthToIP(intMask)
		  ' Converts a mask length to the decimal format mask
		 
		  Dim arrOctets(3)
		  Dim intFullOctets : intFullOctets = (intMask - (intMask Mod 8)) / 8
		  Dim i
		  For i = 0 To (intFullOctets - 1)
			arrOctets(i) = "255"
		  Next
		 
		  Dim intPartialOctetLen : intPartialOctetLen = intMask Mod 8
		  Dim j
		  If intPartialOctetLen > 0 Then
			Dim intOctet
			For j = 0 To (intPartialOctetLen - 1)
			  intOctet = intOctet + 2^(7 - j)
			Next
			arrOctets(i) = intOctet : i = i + 1
		  End If
		 
		  For j = i To 3
			arrOctets(j) = "0"
		  Next
		 
		  MaskLengthToIP = Join(arrOctets, ".")
		End Function

		Function CIDR2ACL(strLine, aclNameStr)
			'check for blank line
			If  Trim(strLine) <> "" Then
				If InStr(strLine, "/")  > 0  Then
						pos_start = InStr(strLine, "/") 
						
						'get ip only
						tmpLen = Len(strLine)
						tmpIP = Mid(strLine, 1, pos_start - 1)
						
						'need to convert slash to netmask
						subStr = Mid(strLine, pos_start +1 )
						maskInt = CInt(subStr)
						subMaskStr = MaskLengthToIP(maskInt)
						
						'return values
						CIDR2ACL = "access-list" & " " & aclNameStr & " " & "deny ip" & " " & tmpIP & " " & subMaskStr & " " & "any" & logSuffix & vbCrLf
				Else
						tmpIP = strLine
						subMaskStr = "255.255.255.255"
						
						'return values
						CIDR2ACL = "access-list" & " " & aclNameStr & " " & "deny ip" & " " & tmpIP & " " & subMaskStr & " " & "any" & logSuffix & vbCrLf
				End If
			End If

		End Function

		Sub dshieldSUB
			Set objFSO = CreateObject("Scripting.FileSystemObject")
			Set objFile = objFSO.OpenTextFile(dshieldFile, ForReading)

			'readall from file
			Dim tStr, strText
			strText = ""
			tStr = BlueTrackConverterDSHIELD2CIDR(objFile.ReadAll)

			arrLines = Split(tStr, vbCrLf)
				For Each line in arrLines
					strText = strText & CIDR2ACL(line, ACL_NAME)
				Next

			mainOutputStr = mainOutputStr & strText 
			objFile.Close
		End Sub

		Sub emergingSUB()
			Set objFSO = CreateObject("Scripting.FileSystemObject")
			Set objFile = objFSO.OpenTextFile(emergingFile, ForReading)
			'
			Do Until objFile.AtEndOfStream
				strText = objFile.ReadLine
				If strText = chr(127) Then
					'do nothing
				ElseIf InStr(strText, "#") > 0 Then
					'do nothing
				Else
					'convert CIDR
					strText = CIDR2ACL(strText, ACL_NAME)
					
					mainOutputStr = mainOutputStr & strText 
				End If

			Loop
			objFile.Close
		End Sub

		Sub sigmaprojectsSUB()
			Set objFSO = CreateObject("Scripting.FileSystemObject")
			Set objFile = objFSO.OpenTextFile(sigmaprojectsFile, ForReading)
			
			Do Until objFile.AtEndOfStream
				strText = objFile.ReadLine
				strText = CIDR2ACL(strText, ACL_NAME)
				mainOutputStr = mainOutputStr & strText 
			Loop

		End Sub

		Sub level1SUB()
			Dim tStr, strTextLine, arrLines, runningStr, c
			Set objFSO = CreateObject("Scripting.FileSystemObject")
			Set objTextFile = objFSO.OpenTextFile(level1File, ForReading)
			c = 0
			
			Do Until objTextFile.AtEndOfStream
			
				strTextLine = objTextFile.ReadLine
				
				If InStr(strTextLine, "#") > 0 Then
					'do nothing
				ElseIf  InStr(strTextLine, " ")  > 0  Then
					'do nothing
				ElseIf  InStr(strTextLine, "")  > 0  Then
					'do nothing
				Else
					
					If c > 7500 Then
						'execute 100 items at a time
						tStr = tStr & BlueTrackConverterPG2CIDR(runningStr) & vbCrLf
						'reset counter
						c=0
						runningStr = ""
					ElseIf  objTextFile.AtEndOfStream = True Then
						tStr = tStr & BlueTrackConverterPG2CIDR(runningStr) & vbCrLf
						msgbox(tStr)	
					Else
						runningStr = runningStr & strTextLine & vbCrLf
						'increment counter	
						c = c + 1
					End If
				End If
			Loop
			

			arrLines = Split(tStr, vbCrLf)
			For Each line in arrLines
				strText = strText & CIDR2ACL(line, ACL_NAME)
			Next
			
			
			
			mainOutputStr = mainOutputStr & strText 
			'clean up
			objTextFile.Close
			
		End Sub

	Sub cleanUP()
		'dump to file
		Set objFSO = CreateObject("Scripting.FileSystemObject")
		'Set objOutputFile = objFSO.CreateTextFile(outFile)
		'objOutputFile.Write mainOutputStr
		
		'clear and output access-lists
		document.GetElementById("outputTextarea").Value = mainOutputStr
			

		'objOutputFile.Close

		'delete files dshieldIPs.txt , sigmaprojects.txt , emergingIPs
		Set delFSO = CreateObject("Scripting.FileSystemObject")

		If delFSO.FileExists(dshieldFile) Then
			delFSO.DeleteFile dshieldFile
		End If
		If delFSO.FileExists(sigmaprojectsFile) Then
			delFSO.DeleteFile sigmaprojectsFile
		End If
		If delFSO.FileExists(emergingFile) Then
			delFSO.DeleteFile emergingFile
		End If
		If delFSO.FileExists(level1File) Then
			delFSO.DeleteFile level1File
		End If
	
		'remove sleeper.vbs
		If delFSO.FileExists("sleeper.vbs") Then
			delFSO.DeleteFile "sleeper.vbs"
		End If
	End Sub




	Sub runMe()
		'clear mainOutputStr
		mainOutputStr = ""
		
		'get ACL Name
		ACL_NAME = document.GetElementById("acl_textbox").value
		
		'check log checkbox
		If document.GetElementById("log_checkbox").Checked Then
			logSuffix = " log"
		Else
			logSuffix = ""
		End If
		
		'check checkboxes checked
		If document.GetElementById("emerging_checkbox").Checked Then
			'execute Subs
			Call WGET(emergingURL, emergingFile)
			Call TrimFile(emergingFile)
			Call emergingSUB()
			
		End If
		If document.GetElementById("dshield_checkbox").Checked Then
			'execute Subs
			Call WGET(dshieldURL, dshieldFile)
			Call TrimFile(dshieldFile)
			Call dshieldSUB()
			
		End If
		If document.GetElementById("sigmaprojects_checkbox").Checked Then
			'execute Subs
			Call WGET(sigmaprojectsURL, sigmaprojectsFileGZ)
			Call unGZ(sigmaprojectsFileGZ, sigmaprojectsFile) 
			Call sigmaprojectsSUB()

		
		End If
		If document.GetElementById("bluetrack1_checkbox").Checked Then
			'execute Subs
			Call WGET(level1URL, level1FileGZ)
			Call unGZ(level1FileGZ, level1File)
			Call level1SUB()
			Call TrimFile(level1File)
		
		End If
		
	'execute cleanup
	Call cleanUP()
	End Sub
	
	Sub ClearMe	
		document.GetElementById("acl_textbox").value = "MyACL"
		document.GetElementById("log_checkbox").Checked = False
		document.GetElementById("emerging_checkbox").Checked = False
		 document.GetElementById("dshield_checkbox").Checked = False
		document.GetElementById("sigmaprojects_checkbox").Checked = False
		document.GetElementById("bluetrack1_checkbox").Checked = False
		
		'clear textarea
		document.GetElementById("outputTextarea").Value = "The access-list will appear here."
		
	End Sub
	
// ]]></script>
<center>
<h2>Blocklist to Cisco ASA ACL converter</h2>
 
<h4>Select Blocklist Sources to Convert</h4>
</center>
<form action=""><b>ACL Name:</b> <input id="acl_textbox" name="acl_textbox" type="textbox" value="MyACL" />
<input id="emerging_checkbox" name="emerging_checkbox" type="checkbox" /><a href="http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt" target="_blank">Emerging Threats</a>
<input id="dshield_checkbox" name="dshield_checkbox" type="checkbox" /><a href="http://feeds.dshield.org/block.txt" target="_blank">Dshield</a>
<input id="sigmaprojects_checkbox" name="sigmaprojects_checkbox" type="checkbox" /><a href="https://blocklist.sigmaprojects.org/" target="_blank">Sigma Projects</a>
<input id="bluetrack1_checkbox" name="bluetrack1_checkbox" type="checkbox" /><a href="https://www.iblocklist.com/list.php?list=bt_level1" target="_blank"> Bluetrack Level1</a>

<b>Add log suffix to each ACL</b>
<input id="log_checkbox" name="log_checkbox" type="checkbox" /> Log ACL

<input name="runMeButton" type="button" value="Run Script" /> <input name="ClearMeButton" type="button" value="Clear" /></form><textarea id="outputTextarea" cols="75" rows="30">The access-list will appear here.</textarea>

Sources:

There are 14 comments left Go To Comment

  1. Steve C /

    Kudos! This is an excellent tool. Something I’ve been looking at doing for YEARS, but far too lazy to do. I’ve used/Frankensteined other peoples scripts, etc for nearly 20 years, but this was the first time I felt compelled to comment/complement them. Good job and thanks!!!

    1. Jim / Post Author

      Thank you for the kind words Steve. I hope the tool comes in handy!

  2. Aaron /

    This looks like a very handy tool that will save me a lot of extra work , so I thank you. When I run the script I am getting a script error. It is saying Line 53 char 4 access denied.

  3. Aaron /

    The app was being blocked on my system and once that was cleared the script error stopped occurring. Any chance you could make a second version that would be supported on a router using the reverse mask? We do not have any ASA firewalls but this would be handy on a couple of our edge routers.

    1. Jim / Post Author

      I’ve added new code with a Wildcard Notation checkbox. Let me know if it works for you. Thanks
      https://www.dropbox.com/s/samyplr4wp5ee9l/Blocklist2ACL-v2.hta?dl=0

  4. Adesh /

    hello ,
    I have a cisco switch , I really want to implement ur work but is this easier or the same thing ?

    http://jebaird.com/2012/12/21/hosts-to-ip-host-generating-blocked-hosts-from-a-host-file-for-a-cisco-router.html

    1. Jim / Post Author

      I would recommend doing this on something like a Firewall or an ASR. You run into hardware limitations on the list size. With an ASA you have the option of more RAM. Good luck!

  5. Gerry /

    THis looks really nice. I tried to download the script, but it is no longer available on dropbox. Do you have another link available for download? I tried copying the source into a file named the same thins, but that didn’t work.

    1. Gerry /

      When I double click on the .hta file it opens up to display the code

      1. thejimmahknows / Post Author
        1. Gerry /

          That link worked, thanks Jim!

  6. Gerry /

    Jim,

    Whenever I select Dsheild, I get:
    error: line 147, Char 4, Object required: ‘obje.Document.Getelementbyid(..)’,Code: 0,

    1. thejimmahknows / Post Author

      Hey Gerry, seeing how many people were having issues with Internet Explorer compatiblity, I went ahead and ported the entire project over to Java. All you need is JRE 1.7+ and you can get it from the post I just published. I hope this works for you. Cheers!

  7. Pingback: Blocklist2ACL 2.0 Released!! | thejimmahknows /

Leave a Reply

↓