VBscript — IP Blocklist to Cisco ASA access-list

**This article is old, see new Blocklist2ACL 2.0 project.**


Hi folks! A little script I wrote with VBscript that pulls in IP blocklists from different third party URLs and converts them in to well-formatted Cisco ASA access-lists.  The idea stemed from the old days of running PeerGuardian and Moblock to inhibit known malicious or unwanted IP address from attempting to connect and stopping them right then and there on your computer’s firewall. It is similar to URL Blocklists that focus on URLs and Domain Names, but instead filering is done by IPs only. I wanted to take this IP Blocklist concept that has primarly been done at the Desktop Fireweall layer and abstract it to the Network Firewall. In this case a Cisco ASA that way all traffic that any connection that crosses the Firewall will be filtered by this list.

The script is fairly straightforward and the source code is below so you may look through it. Feel free to improve upon it and share it with others. I have a few years of writing vbscripts, but am in no way a professional coder. Also, if you by any chance know Linux Shell or Qt and could potentially port this to Linux or even better JAVA for platform independence, let me know!! That would be sweet.

Video Tutorial

Screenshot


The Blocklists

Each blocklist is sourced by a third party maintainer, and distributed by them. I take no responsibilities for their content or any ownership of the content. Please review their usage terms.

Some blocklists require conversion from their native format to CIDR format for easy processing into the access-list format. To accomplish this, my script utilizes a web based Form hosted by Bluetrack, located here.(http://www.bluetack.co.uk/converter/).

Another shout out is to the writer of the following scripts on CDIR and subnet conversion, located here (http://www.indented.co.uk/2008/10/21/vbscript-subnet-math/) THANK YOU!!

GZIP Requirement

Lastly, you will need gzip.exe to un-gzip some of the blocklists that are downloaded as gzipped files. Luckly gzip is a GNU Free Software Foundation and can be downloaded via http://gnuwin32.sourceforge.net/packages/gzip.htm. Click on the Binaries ZIP link to download it from SourceForge. Look for the gzip.exe executable in the bin folder of the ZIP file. Copy this into the same directory as the HTA file.

Source Code: Blocklist2ACL-v3

<!--written by thejimmahknows-->;

Blocklist2ACL by thejimmahknows&lt;script&gt;// &lt;![CDATA[
         Sub Window_onLoad
            window.resizeTo 675,875
        End Sub 
        Sub Sleep(Msecs)
            'needed cause no Wscript object for HTA files
            Set SleepFSO = CreateObject("Scripting.FileSystemObject")
            If SleepFSO.FileExists("sleeper.vbs")=False Then
                Set objOutputSleeperFile = SleepFSO.CreateTextFile("sleeper.vbs", True)
                objOutputSleeperFile.Write "wscript.sleep Wscript.Arguments(0)"
                objOutputSleeperFile.Close
            End If
            CreateObject("Wscript.Shell").run "sleeper.vbs " &amp; Msecs,1 , True
        
        
        End Sub
    
        Set WshShell = CreateObject("WScript.Shell")
        currPath = WshShell.CurrentDirectory
        'currPath =  CreateObject("Scripting.FileSystemObject").GetParentFolderName(WScript.ScriptFullName)
        

        'constants and URLs
        Const ForReading = 1
        Const ForWriting = 2
        Const emergingURL = "http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt"
        Const level1URL = "http://list.iblocklist.com/?list=bt_level1&amp;fileformat=p2p&amp;archiveformat=gz"
        Const sigmaprojectsURL = "http://blocklist.sigmaprojects.org/api.cfc?method=getlist&amp;lists=webexploit,spyware,anti-infringement,spammers"
        Const dshieldURL  = "http://feeds.dshield.org/block.txt"

        Dim outFile : outFile = currPath &amp; "test_output.txt"
        Dim emergingFile : emergingFile = currPath &amp; "emergingIPs.txt"
        Dim level1FileGZ : level1FileGZ = currPath &amp; "level1.txt.gz"
        Dim level1File : level1File = currPath &amp; "level1.txt"
        Dim sigmaprojectsFileGZ: sigmaprojectsFileGZ = currPath &amp; "sigmaprojectsIPs.txt.gz" 
        Dim sigmaprojectsFile: sigmaprojectsFile = currPath &amp; "sigmaprojectsIPs.txt" 
        Dim dshieldFile: dshieldFile = currPath &amp; "dshieldIPs.txt"
        Dim mainOutputStr, ACL_NAME, logSuffix

        Sub WGET(URL, DownloadLocation)
            dim xHttp: Set xHttp = createobject("MSXML2.ServerXMLHTTP.6.0")
            dim bStrm: Set bStrm = createobject("Adodb.Stream")
            xHttp.Open "GET", URL , False
            xHttp.Send

            with bStrm
                .type = 1 '//binary
                .open
                .write xHttp.responseBody
                .savetofile DownloadLocation, 2 '//overwrite
            end with

        End Sub

        Sub unGZ(filePathGZ, filePath)
                Set objFSO = CreateObject("Scripting.FileSystemObject")
                execPath = chr(34) &amp; currPath &amp; "gzip.exe" &amp; chr(34) &amp; "-dqf " &amp; chr(34) &amp; filePathGZ &amp;  chr(34)
                
                'run gzip uncompress
                WshShell.Run execPath 
                
                'loop until file exists from previous call
                fileExist = False
                Do Until fileExists = True
                    If objFSO.fileExists (filePath) Then
                        fileExists = True
                    Else
                        Sleep(2000)
                    End If
                Loop
        End Sub

        Function TrimFile(file)
            Set objFSO = CreateObject("Scripting.FileSystemObject")
            Set objFile = objFSO.OpenTextFile(file, ForReading)

            Do Until objFile.AtEndOfStream
                strLine = objFile.Readline
                strLine = Trim(strLine)
                If Len(strLine) &gt; 0 Then
                    strNewContents = strNewContents &amp; strLine &amp; vbCrLf
                End If
            Loop

            objFile.Close

            Set objFile = objFSO.OpenTextFile(file, ForWriting)
            objFile.Write strNewContents
            objFile.Close
        End Function

        Function BlueTrackConverterPG2CIDR(inLine) 'only for P2P format blocklist files
            Dim  objIE, sourceItem
            
            sourceItem = inLine
            
            Set objIE = CreateObject("InternetExplorer.Application")
            objIE.visible = False
            objIE.Navigate "http://www.bluetack.co.uk/converter/"

            Do Until objIE.readyState = 4 : Sleep(200) : Loop

            objIE.Document.getElementByID("fromformat").value = "pg"
            objIE.Document.getElementByID("toformat").value = "shorewall"
            objIE.Document.getElementByID("denyonly").value = "yes"
            objIE.Document.getElementByID("listCleaning").value = "mergeoverlaps"
            objIE.Document.getElementByID("sortBy").value = "IP"
            
            'paste in IE forum
            objIE.Document.getElementByID("sfrom").value = sourceItem
            Sleep(200)

                For Each INPUT in objIE.Document.getElementsByTagName("input")
                    If INPUT.Value = "Convert" Then
                        INPUT.Click
                        Exit For
                    End If
                Next
            
            'return value
            Sleep(200)
            BlueTrackConverterPG2CIDR = objIE.Document.getElementByID("sto").value 
            
            objIE.Quit
            Set objIE = Nothing
        End Function


        Function BlueTrackConverterDSHIELD2CIDR(inStr) 'only for DSHIELD conversions
            Dim  objIE, runStr
            
            Set objIE = CreateObject("InternetExplorer.Application")
            objIE.visible = False
            objIE.Navigate "http://www.bluetack.co.uk/converter/"

            Do Until objIE.readyState = 4 : Sleep(200) : Loop

            objIE.Document.getElementByID("fromformat").value = "dshield"
            objIE.Document.getElementByID("toformat").value = "shorewall"
            objIE.Document.getElementByID("denyonly").value = "yes"
            objIE.Document.getElementByID("listCleaning").value = "mergeoverlaps"
            objIE.Document.getElementByID("sortBy").value = "IP"
            
            
                'paste in IE forum
                objIE.Document.getElementByID("sfrom").value = inStr

                For Each INPUT in objIE.Document.getElementsByTagName("input")
                    If INPUT.Value = "Convert" Then
                        INPUT.Click
                        Exit For
                    End If
                Next
            
            'return outputStr
            BlueTrackConverterDSHIELD2CIDR =  objIE.Document.getElementByID("sto").value
            
            objIE.Quit
            Set objIE = Nothing
        End Function

        Function MaskLengthToIP(intMask)
          ' Converts a mask length to the decimal format mask
         
          Dim arrOctets(3)
          Dim intFullOctets : intFullOctets = (intMask - (intMask Mod 8)) / 8
          Dim i
          For i = 0 To (intFullOctets - 1)
            arrOctets(i) = "255"
          Next
         
          Dim intPartialOctetLen : intPartialOctetLen = intMask Mod 8
          Dim j
          If intPartialOctetLen &gt; 0 Then
            Dim intOctet
            For j = 0 To (intPartialOctetLen - 1)
              intOctet = intOctet + 2^(7 - j)
            Next
            arrOctets(i) = intOctet : i = i + 1
          End If
         
          For j = i To 3
            arrOctets(j) = "0"
          Next
         
          MaskLengthToIP = Join(arrOctets, ".")
        End Function

        Function CIDR2ACL(strLine, aclNameStr)
            'check for blank line
            If  Trim(strLine) &lt;&gt; "" Then
                If InStr(strLine, "/")  &gt; 0  Then
                        pos_start = InStr(strLine, "/") 
                        
                        'get ip only
                        tmpLen = Len(strLine)
                        tmpIP = Mid(strLine, 1, pos_start - 1)
                        
                        'need to convert slash to netmask
                        subStr = Mid(strLine, pos_start +1 )
                        maskInt = CInt(subStr)
                        subMaskStr = MaskLengthToIP(maskInt)
                        
                        'return values
                        CIDR2ACL = "access-list" &amp; " " &amp; aclNameStr &amp; " " &amp; "deny ip" &amp; " " &amp; tmpIP &amp; " " &amp; subMaskStr &amp; " " &amp; "any" &amp; logSuffix &amp; vbCrLf
                Else
                        tmpIP = strLine
                        subMaskStr = "255.255.255.255"
                        
                        'return values
                        CIDR2ACL = "access-list" &amp; " " &amp; aclNameStr &amp; " " &amp; "deny ip" &amp; " " &amp; tmpIP &amp; " " &amp; subMaskStr &amp; " " &amp; "any" &amp; logSuffix &amp; vbCrLf
                End If
            End If

        End Function

        Sub dshieldSUB
            Set objFSO = CreateObject("Scripting.FileSystemObject")
            Set objFile = objFSO.OpenTextFile(dshieldFile, ForReading)

            'readall from file
            Dim tStr, strText
            strText = ""
            tStr = BlueTrackConverterDSHIELD2CIDR(objFile.ReadAll)

            arrLines = Split(tStr, vbCrLf)
                For Each line in arrLines
                    strText = strText &amp; CIDR2ACL(line, ACL_NAME)
                Next

            mainOutputStr = mainOutputStr &amp; strText 
            objFile.Close
        End Sub

        Sub emergingSUB()
            Set objFSO = CreateObject("Scripting.FileSystemObject")
            Set objFile = objFSO.OpenTextFile(emergingFile, ForReading)
            '
            Do Until objFile.AtEndOfStream
                strText = objFile.ReadLine
                If strText = chr(127) Then
                    'do nothing
                ElseIf InStr(strText, "#") &gt; 0 Then
                    'do nothing
                Else
                    'convert CIDR
                    strText = CIDR2ACL(strText, ACL_NAME)
                    
                    mainOutputStr = mainOutputStr &amp; strText 
                End If

            Loop
            objFile.Close
        End Sub

        Sub sigmaprojectsSUB()
            Set objFSO = CreateObject("Scripting.FileSystemObject")
            Set objFile = objFSO.OpenTextFile(sigmaprojectsFile, ForReading)
            
            Do Until objFile.AtEndOfStream
                strText = objFile.ReadLine
                strText = CIDR2ACL(strText, ACL_NAME)
                mainOutputStr = mainOutputStr &amp; strText 
            Loop

        End Sub

        Sub level1SUB()
            Dim tStr, strTextLine, arrLines, runningStr, c
            Set objFSO = CreateObject("Scripting.FileSystemObject")
            Set objTextFile = objFSO.OpenTextFile(level1File, ForReading)
            c = 0
            
            Do Until objTextFile.AtEndOfStream
            
                strTextLine = objTextFile.ReadLine
                
                If InStr(strTextLine, "#") &gt; 0 Then
                    'do nothing
                ElseIf  InStr(strTextLine, " ")  &gt; 0  Then
                    'do nothing
                ElseIf  InStr(strTextLine, "")  &gt; 0  Then
                    'do nothing
                Else
                    
                    If c &gt; 7500 Then
                        'execute 100 items at a time
                        tStr = tStr &amp; BlueTrackConverterPG2CIDR(runningStr) &amp; vbCrLf
                        'reset counter
                        c=0
                        runningStr = ""
                    ElseIf  objTextFile.AtEndOfStream = True Then
                        tStr = tStr &amp; BlueTrackConverterPG2CIDR(runningStr) &amp; vbCrLf
                        msgbox(tStr)	
                    Else
                        runningStr = runningStr &amp; strTextLine &amp; vbCrLf
                        'increment counter	
                        c = c + 1
                    End If
                End If
            Loop
            

            arrLines = Split(tStr, vbCrLf)
            For Each line in arrLines
                strText = strText &amp; CIDR2ACL(line, ACL_NAME)
            Next
            
            
            
            mainOutputStr = mainOutputStr &amp; strText 
            'clean up
            objTextFile.Close
            
        End Sub

    Sub cleanUP()
        'dump to file
        Set objFSO = CreateObject("Scripting.FileSystemObject")
        'Set objOutputFile = objFSO.CreateTextFile(outFile)
        'objOutputFile.Write mainOutputStr
        
        'clear and output access-lists
        document.GetElementById("outputTextarea").Value = mainOutputStr
            

        'objOutputFile.Close

        'delete files dshieldIPs.txt , sigmaprojects.txt , emergingIPs
        Set delFSO = CreateObject("Scripting.FileSystemObject")

        If delFSO.FileExists(dshieldFile) Then
            delFSO.DeleteFile dshieldFile
        End If
        If delFSO.FileExists(sigmaprojectsFile) Then
            delFSO.DeleteFile sigmaprojectsFile
        End If
        If delFSO.FileExists(emergingFile) Then
            delFSO.DeleteFile emergingFile
        End If
        If delFSO.FileExists(level1File) Then
            delFSO.DeleteFile level1File
        End If
    
        'remove sleeper.vbs
        If delFSO.FileExists("sleeper.vbs") Then
            delFSO.DeleteFile "sleeper.vbs"
        End If
    End Sub




    Sub runMe()
        'clear mainOutputStr
        mainOutputStr = ""
        
        'get ACL Name
        ACL_NAME = document.GetElementById("acl_textbox").value
        
        'check log checkbox
        If document.GetElementById("log_checkbox").Checked Then
            logSuffix = " log"
        Else
            logSuffix = ""
        End If
        
        'check checkboxes checked
        If document.GetElementById("emerging_checkbox").Checked Then
            'execute Subs
            Call WGET(emergingURL, emergingFile)
            Call TrimFile(emergingFile)
            Call emergingSUB()
            
        End If
        If document.GetElementById("dshield_checkbox").Checked Then
            'execute Subs
            Call WGET(dshieldURL, dshieldFile)
            Call TrimFile(dshieldFile)
            Call dshieldSUB()
            
        End If
        If document.GetElementById("sigmaprojects_checkbox").Checked Then
            'execute Subs
            Call WGET(sigmaprojectsURL, sigmaprojectsFileGZ)
            Call unGZ(sigmaprojectsFileGZ, sigmaprojectsFile) 
            Call sigmaprojectsSUB()

        
        End If
        If document.GetElementById("bluetrack1_checkbox").Checked Then
            'execute Subs
            Call WGET(level1URL, level1FileGZ)
            Call unGZ(level1FileGZ, level1File)
            Call level1SUB()
            Call TrimFile(level1File)
        
        End If
        
    'execute cleanup
    Call cleanUP()
    End Sub
    
    Sub ClearMe	
        document.GetElementById("acl_textbox").value = "MyACL"
        document.GetElementById("log_checkbox").Checked = False
        document.GetElementById("emerging_checkbox").Checked = False
         document.GetElementById("dshield_checkbox").Checked = False
        document.GetElementById("sigmaprojects_checkbox").Checked = False
        document.GetElementById("bluetrack1_checkbox").Checked = False
        
        'clear textarea
        document.GetElementById("outputTextarea").Value = "The access-list will appear here."
        
    End Sub
    
// ]]&gt;
&lt;/script&gt;
&lt;!--break line --&gt;
&lt;center&gt;
&lt;h2&gt;Blocklist to Cisco ASA ACL converter&lt;/h2&gt;
 
&lt;h4&gt;Select Blocklist Sources to Convert&lt;/h4&gt;
&lt;/center&gt;
&lt;form action=""&gt;&lt;b&gt;ACL Name:&lt;/b&gt; &lt;input id="acl_textbox" name="acl_textbox" type="textbox" value="MyACL" /&gt;
&lt;input id="emerging_checkbox" name="emerging_checkbox" type="checkbox" /&gt;&lt;a href="http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt" target="_blank"&gt;Emerging Threats&lt;/a&gt;
&lt;input id="dshield_checkbox" name="dshield_checkbox" type="checkbox" /&gt;&lt;a href="http://feeds.dshield.org/block.txt" target="_blank"&gt;Dshield&lt;/a&gt;
&lt;input id="sigmaprojects_checkbox" name="sigmaprojects_checkbox" type="checkbox" /&gt;&lt;a href="https://blocklist.sigmaprojects.org/" target="_blank"&gt;Sigma Projects&lt;/a&gt;
&lt;input id="bluetrack1_checkbox" name="bluetrack1_checkbox" type="checkbox" /&gt;&lt;a href="https://www.iblocklist.com/list.php?list=bt_level1" target="_blank"&gt; Bluetrack Level1&lt;/a&gt;

&lt;b&gt;Add log suffix to each ACL&lt;/b&gt;
&lt;input id="log_checkbox" name="log_checkbox" type="checkbox" /&gt; Log ACL

&lt;input name="runMeButton" type="button" value="Run Script" /&gt; &lt;input name="ClearMeButton" type="button" value="Clear" /&gt;&lt;/form&gt;&lt;textarea id="outputTextarea" cols="75" rows="30"&gt;The access-list will appear here.&lt;/textarea&gt;

 

Sources: