Search blocklist (shell)

Suggest Edits

We've provided a shell script that you can utilize to fetch the blocklist from the Netography REST API.

Simply copy and configure the script below and update the following variables (located at the top of the file) accordingly:

  • USERNAME
  • PASSWORD

Usage: ./neto-fetch-blocklist.sh

#!/bin/bash

# Copyright (c) 2022 Netography, Inc. All rights reserved.

# A bash script to fetch the Netography Blocklist via REST API Services
# Requries curl and jq
# Usage:  $ ./api-user-search-blocks.sh

# ~~ BEGIN Configuration ~~~ #

# Authentication Credentials used to login to the Netography Fusion Portal
# Note: it is recommended to create a new user specifically for API and integration purposes
USERNAME="CHANGEME"
PASSWORD="CHANGEME"

# Base URL
API_BASE_URL="https://api.netography.com/api"
CACHE_FILE="/tmp/neto-apiat"

# ~~ END Configuration ~~~ #

# Endpoints
ACCESS_TOKEN_URL="$API_BASE_URL/auth/bearer/token"
BLOCKLIST_URL="$API_BASE_URL/v1/search/block"
BLOCKLIST_PAYLOAD='{"start":-2592000,"end":0,"sort":{"field":"timestamp","order":"desc"},"search":"active == true"}'

if [ "$1" == "-h" ]; then
  echo "Usage: ./$(basename "$0")"
  exit 0
fi

if [ -z "${USERNAME}" ] || [ $USERNAME == "CHANGEME" ]; then
  echo "USERNAME variable is required to be configured."
  exit 1
fi

if [ -z "${PASSWORD}" ] || [ $PASSWORD == "CHANGEME" ]; then
  echo "PASSWORD variable is required to be configured."
  exit 1
fi

if ! type "curl" > /dev/null; then
  echo "curl command required.  https://curl.haxx.se/download.html"
  exit 1
fi

if ! type "jq" > /dev/null; then
  echo "jq command required.  https://stedolan.github.io/jq/"
  exit 1
fi

if uname | grep -q "Darwin"; then
  mod_time_fmt="-f %m"
else
  mod_time_fmt="-c %Y"
fi

# Cache token and re-use if not expired
JWT_VALID=false
if [[ -s $CACHE_FILE ]]; then
  AUTH_RESPONSE=$(cat "$CACHE_FILE")
  ACCESS_TOKEN=$(echo "$AUTH_RESPONSE" | jq -r '.access_token')
  EXPIRES_IN=$(echo "$AUTH_RESPONSE" | jq -r '.expires_in')
  TOKEN_DATE=$(stat "$mod_time_fmt" "$CACHE_FILE")
  NOW_DATE=$(date +%s)
  EXPIRE_TIMESTAMP=$(( TOKEN_DATE + EXPIRES_IN - 60 )) # account for some clock skew
  # EXPIRE_DATE=$(date -r "$EXPIRE_TIMESTAMP")
  # echo "JWT expires at $EXPIRE_DATE"

  if [ "$NOW_DATE" -lt "$EXPIRE_TIMESTAMP" ]; then
    JWT_VALID=true
  fi
fi

if [ "$JWT_VALID" = false ]; then
  touch $CACHE_FILE
  AUTH_RESPONSE=$(curl -s --data-urlencode "username=$USERNAME" --data-urlencode "password=$PASSWORD" -H "Content-Type: application/x-www-form-urlencoded" -X "POST" $ACCESS_TOKEN_URL)
  AUTH_MESSAGE=$(echo "$AUTH_RESPONSE" | jq -r '.message')
  if [ "$AUTH_MESSAGE" != "null" ]; then
    echo "$AUTH_MESSAGE"
    exit 1
  fi
  ACCESS_TOKEN=$(echo "$AUTH_RESPONSE" | jq -r '.access_token')
  echo "$ACCESS_RESPONSE" > $CACHE_FILE
fi

BLOCKLIST=$(curl -s -X POST -H 'Accept: application/json' -H "Content-type: application/json" -H "Authorization: Bearer $ACCESS_TOKEN" --data "$BLOCKLIST_PAYLOAD" $BLOCKLIST_URL | jq -r '.data')

SRCIPS_RAW=$(echo "$BLOCKLIST" | jq -r '[.[] | {srcip}] | map(.srcip) | .[]')
#echo "$SRCIPS_RAW"

SRCIPS=$(echo "$SRCIPS_RAW" | sort | uniq | tr ' ' '\n')
echo "$SRCIPS"

exit 0

Updated 7 months ago