-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathdiscordalerts.sh
105 lines (99 loc) · 3.36 KB
/
discordalerts.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
echo -e "Discord-VPN-DDoS-Attack-Alerts Software coded by GunGameOG"
echo
echo "If you need any assistence configuring or adding the notify message GunGameOG#9082 on discord for help."
echo
echo -e "033[97mPackets/s \033[36m{}\n\033[97mBytes/s \033[36m{}\n\033[97mKbp/s \033[36m{}\n\033[97mGbp/s \033[36m{}\n\033[97mMbp/s \033[36m{}"
interface=eth0
dumpdir=/root/dumps
url='WEBHOOK HERE' ## Change this to your Webhook URL
while /bin/true; do
old_b=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $1 }'`
old_ps=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
sleep 1
new_b=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $1 }'`
new_ps=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
##Defining Packets/s
pps=$(( $new_ps - $old_ps ))
##Defining Bytes/s
byte=$(( $new_b - $old_b ))
gigs=$(( $byte/1024 ** 3 ))
mbps=$(( $byte/1024 ** 2 ))
kbps=$(( $byte/1024 ** 1 ))
echo -ne "\r$pps packets/s\033[0K"
tcpdump -n -s0 -c 1500 -w $dumpdir/capture.`date +"%Y%m%d-%H%M%S"`.pcap
echo "`date` Detecting Attack Packets."
sleep 1
if [ $pps -gt 10000 ]; then ## Attack alert will display after incoming traffic reach 30000 PPS
echo " Attack Detected Monitoring Incoming Traffic"
curl -H "Content-Type: application/json" -X POST -d '{
"embeds": [{
"inline": false,
"title": "Attack Detected On",
"username": "Attack Alerts",
"color": 15158332,
"thumbnail": {
"url": "https://imgur.com/a/cZAa3Pu"
},
"footer": {
"text": "Our system is attempting to mitigate the attack and automatic packet dumping has been activated.",
"icon_url": "https://cdn.countryflags.com/thumbs/united-states-of-america/flag-800.png"
},
"description": "Detection of an attack ",
"fields": [
{
"name": "**Server Provider**",
"value": "OVH LLC",
"inline": false
},
{
"name": "**IP Address**",
"value": "x.x.x.x",
"inline": false
},
{
"name": "**Incoming Packets**",
"value": " '$pps' Pps ",
"inline": false
}
]
}]
}' $url
echo "Paused for."
sleep 120 && pkill -HUP -f /usr/sbin/tcpdump ## The "Attack no longer detected" alert will display in 220 seconds
## echo "Traffic Attack Packets Scrubbed"
echo -ne "\r$mbps megabytes/s\033[97"
curl -H "Content-Type: application/json" -X POST -d '{
"embeds": [{
"inline": false,
"title": "Attack Stopped",
"username": " Attack Alerts",
"color": 3066993,
"thumbnail": {
"url": "https://imgur.com/a/1YNwLCo.gif"
},
"footer": {
"text": "Our system has mitigated the attack and automatic packet dumping has been deactivated.",
"icon_url": "https://cdn.countryflags.com/thumbs/united-states-of-america/flag-800.png"
},
"description": "End of attack",
"fields": [
{
"name": "**Server Provider**",
"value": "OVH LLC",
"inline": false
},
{
"name": "**IP Address**",
"value": "x.x.x.x",
"inline": false
},
{
"name": "**Packets**",
"value": "'$mbps' Mbps ",
"inline": false
}
]
}]
}' $url
fi
done