somo 0.2.0

A human-friendly alternative to netstat or ss for socket monitoring with the ability to scan for malicious IP addresses.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96


use reqwest::{self};
use serde_json::{Value};
use std::{error::Error, env};
use crate::string_utils;


/// Requests an abuse score from the AbuseIPDB.com /check endpoint given an IP address.
/// The function expects that the environment variable `ABUSEIPDB_API_KEY` is set with an AbuseIPDB.com API key.
/// 
/// # Arguments
/// * `remote_address`: The address to be checked.
/// * `verbose`: Print information about the API request if set to `true`.
/// 
/// # Returns
/// If the request is successful the abuse sore is returned, if not `Some(None)` is returned.
pub async fn check_address_for_abuse(remote_address: &String, verbose: bool) -> Result<Option<i64>, Box<dyn Error>> {
    let abuseipdb_api_key: String = match env::var("ABUSEIPDB_API_KEY") {
        Ok(val) => val,
        Err(_e) => {
            if verbose {
                string_utils::pretty_print_warning(
                    "Couldn't find AbuseIPDB API key. If you want to use this feature make sure to put the API key into the environment variable `ABUSEIPDB_API_KEY`.*"
                );
            }
            return Ok(None);
        },
    };

    let client = reqwest::Client::new();
    let url = "https://api.abuseipdb.com/api/v2/check";
    let params = [
        ("ipAddress", remote_address),
        ("maxAgeInDays", &("40".to_string())),
    ];
    let response = client
        .get(url)
        .header("Key", abuseipdb_api_key)
        .header("Accept", "application/json")
        .query(&params)
        .send()
        .await?;

    // check if the request was successful
    if response.status().is_success() {
        let json_response: Value = response.json().await?;
        let abuse_confidence_score: Option<i64> = json_response["data"]["abuseConfidenceScore"].as_i64();

        Ok(abuse_confidence_score)
    }
    else {
        if verbose {
            string_utils::pretty_print_error(
                &format!("AbuseIPDB Request failed with status code: {}", response.status())
            );
        }
        Ok(None)
    }
}


/// Represents the type of an IP address.
///
/// # Variants
/// * `Localhost`: Represents the localhost/127.0.0.1 address.
/// * `Unspecified`: Represents an unspecified or wildcard address.
/// * `Extern`: Represents an external address.
#[derive(Debug)]
pub enum IPType {
    Localhost,
    Unspecified,
    Extern
}


/// Checks if a given IP address is either "unspecified", localhost or an extern address.
/// 
/// * `0.0.0.0` or `[::]` -> unspecified
/// * `127.0.0.1` or `[::1]` -> localhost
/// * else -> extern address
/// 
/// # Arguments
/// * `remote_address`: The address to be checked.
/// 
/// # Returns
/// The address-type as an IPType enum.
pub fn check_address_type(remote_address: &str) -> IPType {
    if remote_address == "127.0.0.1" || remote_address == "[::1]" {
        return IPType::Localhost;
    }
    else if remote_address == "0.0.0.0" || remote_address == "[::]" {
        return IPType::Unspecified;
    }
    IPType::Extern
}