theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: theraw/The-World-Is-Yours:v2.0
Branches Tags
theraw/The-World-Is-Yours:master theraw/The-World-Is-Yours:raweb-upcoming-release theraw/The-World-Is-Yours:ffs theraw/The-World-Is-Yours:v2-1 theraw/The-World-Is-Yours:pcre-fix theraw/The-World-Is-Yours:docker theraw/The-World-Is-Yours:v3.0 theraw/The-World-Is-Yours:v2 theraw/The-World-Is-Yours:v2.0
theraw/The-World-Is-Yours:v1.27.4 theraw/The-World-Is-Yours:v1.26.0 theraw/The-World-Is-Yours:0.0.1
..
compare: theraw/The-World-Is-Yours:915f5179ef6ba7446fbf40a09a90d54867b1506d
Branches Tags
theraw/The-World-Is-Yours:master theraw/The-World-Is-Yours:raweb-upcoming-release theraw/The-World-Is-Yours:ffs theraw/The-World-Is-Yours:v2-1 theraw/The-World-Is-Yours:pcre-fix theraw/The-World-Is-Yours:docker theraw/The-World-Is-Yours:v3.0 theraw/The-World-Is-Yours:v2 theraw/The-World-Is-Yours:v2.0
theraw/The-World-Is-Yours:v1.27.4 theraw/The-World-Is-Yours:v1.26.0 theraw/The-World-Is-Yours:0.0.1

30 Commits
v2.0 .. 915f5179ef

Author SHA1 Message Date
ƬHE ЯAW ☣ 915f5179ef Delete nginx-ban.conf 2020-06-16 19:21:21 +02:00
ƬHE ЯAW ☣ efbe8d1215 Delete install 2020-06-16 19:21:13 +02:00
ƬHE ЯAW ☣ dd42d12564 Delete jail.local 2020-06-16 19:21:05 +02:00
ƬHE ЯAW ☣ 9d09c37798 Delete rules 2020-06-16 19:20:59 +02:00
ƬHE ЯAW ☣ d0f207c1db Delete README.md 2020-06-16 19:20:51 +02:00
ƬHE ЯAW ☣ 080341b9f4 Delete nginx.service 2020-06-16 19:20:44 +02:00
ƬHE ЯAW ☣ a8741748ea Delete bot.conf 2020-06-16 19:20:33 +02:00
ƬHE ЯAW ☣ 238364533e Delete whitelist-ips.conf 2020-06-16 19:20:24 +02:00
ƬHE ЯAW ☣ 493bc739cb Delete install 2020-06-16 19:20:15 +02:00
ƬHE ЯAW ☣ d134f6ad1c Delete install 2020-06-16 19:20:02 +02:00
ƬHE ЯAW ☣ b38eefde23 Delete nginx.conf 2020-06-16 19:19:53 +02:00
ƬHE ЯAW ☣ d04d7dcd24 Delete nginx.service 2020-06-16 19:19:45 +02:00
ƬHE ЯAW ☣ c5887201b1 Delete config 2020-06-16 19:19:36 +02:00
ƬHE ЯAW ☣ 200200249f Delete install 2020-06-16 19:19:30 +02:00
ƬHE ЯAW ☣ f822528b2d Delete error-report.md 2020-06-16 19:19:21 +02:00
ƬHE ЯAW ☣ 5f2e8c867c Delete feature_request.md 2020-06-16 19:19:14 +02:00
ƬHE ЯAW ☣ 81fe187290 Delete config 2020-06-10 21:28:55 +02:00
ƬHE ЯAW ☣ 2ce209f3fd Delete install 2020-06-10 21:28:39 +02:00
ƬHE ЯAW ☣ 76401bbac8 Create setup 2020-06-10 21:28:29 +02:00
ƬHE ЯAW ☣ 96e90dac9a Update sysctl.conf 2020-05-20 22:23:14 +02:00
theraw c23274bd71 Delete FUNDING.yml 2019-11-17 11:29:01 +01:00
theraw d20c1b95f2 Update sysctl.conf 2019-07-11 04:48:25 +02:00
theraw 22dd775f52 Update README.md 2019-07-11 04:40:49 +02:00
theraw 51d1891976 Update install 2019-06-04 23:09:14 +02:00
theraw fcfead4725 Update install 2019-06-02 14:11:32 +02:00
theraw edab3852db Create FUNDING.yml 2019-05-24 00:39:29 +02:00
theraw 466973036b Update install 2019-05-23 23:54:56 +02:00
theraw 48af67f447 Update README.md 2019-05-07 12:18:07 +02:00
theraw 9731764613 Update install 2019-05-06 06:27:59 +02:00
theraw 81a224247e Update rules 2019-05-03 07:29:16 +02:00
15 changed files with 1474 additions and 109 deletions
Expand all files Collapse all files
README.md
+94 -36
View File
@@ -1,58 +1,116 @@
# Nginx L7 DDoS Protection! :boom: :zap:
*(Please Read Whole Page, All Things Are Important Then If You Want You Can Use IT.)*
# This is it!
There will be no other version of this PR, This is the only and one and the best that you can find for free where you can see/do/change anything on your will and not some encrypted piece of code! This is pure open source code as you can open any file and read anything, This script automatically compiles nginx from source with lots of modules helpful but mostly who play a big role in L7 Anti-DDoS, including the L7 nginx module which you can configure as simple as https://github.com/theraw/The-World-Is-Yours/issues/10#issuecomment-442579528 more then that consider a [Donate](https://github.com/theraw/The-World-Is-Yours/blob/master/.github/FUNDING.yml) and you can contact me for further support!
Summer is here, after that i may be working and i don't see having much of free time to play with nginx!
# To-Do
- [x] Nginx V. each 10th release, current 1.60.0, next repo release 1.70.0!
- [x] Support Ubuntu Bionic. (18.04)
- [x] Nginx Version, Always Latest.
- [x] Support Ubuntu Trusty. (14.04)
- [x] Support Ubuntu Xenial. (16.04)
- [x] Support Ubuntu Cosmic. (18.10)
- [x] Support Arch Linux.
- [x] ModSecurity Support.
- [x] Naxsi Support.
- [x] L7 Protection.
- [x] AutoBan System.
- [x] Integrate Fail2Ban > IpTables.
- [-] L7 Protection (TestCookie Module) Add Recaptcha!
- [-/x] [Suggestions](https://github.com/theraw/The-World-Is-Yours/issues)
# Q/A
-- Why are only latest distros supported and not some distro like Ubuntu 14.04?!
-- *Actually i'm a big fan of ubuntu 14.04 and some more old distros however, we should move with technology and be up to date, example for ubuntu 14.04 there are no security releases anymore furthermore one day it will be forgotten like ubuntu 12 or something else and so we should move with time*
-- What knowledge should i have to be able to run nginx L7 properly?!
-- *You should have at last basic knowledge about Nginx + Iptables and some docker, most of rules here will be premade that's why i'm creating a docker container so everything will come build-in and you'll not have to compile everything to avoid problems on set-up.*
-- How much can this set-up protect my website?
-- *This script is mostly meant for Layer 7 Attacks, However example if someone break some rule the ip from where this offence came will be banned by iptables for a perioid of time, now here is where your server provider plays a big role, when you ban a ip with iptables your provider should be able to handle that ban, there are many providers who claim that they can handle this but based on amount of attack not all can handle it so i've been using ovh all this time and i never had a problem about this.*
-- How much resources do i need for this?
-- *Actually that's based on kind of attack however i have run this setup even on a 1 Core 2.4Ghz, 4GB RAM, 40GB SSD, 100Mbps and everything has went well because i have the knowledge to optimize most of things and take care for everything, but i cannot deny that there were cases in big attacks where my webserver has went offline because of high cpu usage, so at that case i've shut down nginx i've filter and ban IPs from where attack came and i've been able to start nginx back all this happend in case of minutes... However as i said resources are more based on kind of attack because nginx uses multi-thread if you are using this setup for some company website or something really important i highly suggest you take someone who has really knowledge about those things so he/she can give you the best suggestion for how much resources you need and how to properly protect your website against L7 attacks*
-- Can i hire you?
-- *Yes, I can set this up however you want single server or load balancing + multi-backend, cache or no cache + varnish cache, company or a simple blog, I'm not that kind of person that just comes and says you "activate cloudflare" cloudflare claims to have protection against attack and maybe they do but i still see them only as a good DNS provider nothing else! And if i fail on it you'll not pay anything! raw@dope.al*
# Installation
For each new system ubuntu, centos or whatever your distro may be you need a update/upgrade then do one reboot! So outdates packages will be up to date your kernel will be up to date and not needed files will get removed.
X. **`Ubuntu`**
1. **`apt-get install build-essential libssl-dev curl nano wget zip unzip sudo git psmisc -y`**
1. **`apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y; shutdown -r now`**
2. **`git clone https://github.com/theraw/The-World-Is-Yours.git`**
2. **`apt-get install build-essential libssl-dev curl nano wget zip unzip sudo git psmisc -y`**
3. **`cd The-World-Is-Yours/; chmod +x *`**
3. **[Install Docker](https://docs.docker.com/install/linux/docker-ce/ubuntu/)**
4. **[Install Docker-Composer](https://github.com/docker/compose/releases) use latest version > execute provided cmds**
5. **`curl -s https:// > nginx.yml`**
6. **`docker-compose -f nginx.yml up -d`**
4. **`./install`**
# Informations.
**What if installation script fails?** - Check what was the problem source fix it (mostly should be for missing packages) then remove everything under /opt/ folder and just execute again ./install
```
=> /nginx/ = Nginx Path,
=> /nginx/live/ = Vhosts Config Files Dir,
=> /nginx/logs/ = Core Logs Files,
=> /nginx/modsecurity/ = ModSecurity Rules Dir,
=> /hostdata/ = Place to store your domain folders.
=> /hostdata/yourdomain.com/ = Ex of domain dir (private folder),
=> /hostdata/yourdomain.com/public_html/ = Ex of your domain webroot (public files only),
=> /hostdata/yourdomain.com/logs/ = Place where to store your Domains logs (access.log) (private folder),
=> /hostdata/yourdomain.com/ssl/ = Place where to store domain ssl/key (private folder),
=> /hostdata/yourdomain.com/cache/ = Place where to store site cache (private folder).
// Private Folder - Means this cannot be accessed by public.
// Public Folder - Means files into this folder can be accessed by public.
```
# Check.
1 . [L7 (Cookie Based Protection)](https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L15-L42) AND [Replace "proxy2.dope.. links with yours click here to find aes](https://github.com/theraw/The-World-Is-Yours/tree/master/static/vhost) which should be stored on a external link or in a place where L7 is disabled because it will not work if you put it in main site dir!.
2 . [Auto Ban System](https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L105-L111) based on [Connection for ip](https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L72-L73)
3 . [Auto Ban 444 Reqs](https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L113-L118) A day i've been under attack of multiple proxies, and even after they got banned they still was keep trying the same thing so when you ban someone when that ip tries to access your website that request will not go on `error.log` but in `access.log` so i created this rule to ban with iptables every request who have stauts `444` so nginx will not have to handle those.
4 . [Kernel Settings](https://github.com/theraw/The-World-Is-Yours/blob/master/static/sysctl.conf#L1-L34)
5 . [Naxsi Rules Included](https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L118)
6 . [Example of Naxsi](https://github.com/theraw/The-World-Is-Yours/blob/master/static/vhost/default#L22-L29)
7 . [Check Iptables rules](https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/rules) It will not be automatically enabled, because this changes based on providers in ovh it work in azure it doesn't work. so you need to manually activate iptables!
8 . ModSecurity is not loaded. However you need to set it up by yourself. you have a folder `/nginx/modsecurity/`
which ModSecurity rules are stored, open `/nginx/modsecurity/modsecurity.conf` add those
```bash
Include crs-setup.conf
Include rules/*.conf
```
ModSecurity is by default enabled as "detect only" you can turn it on always by doing this
```bash
SecRuleEngine On
```
Using modSecurity for your site
```bash
server {
.....
modsecurity on;
modsecurity_rules_file /nginx/modsecurity/modsecurity.conf;
location / {
.....
}
}
```
**Careful** Using modsec rules like
```
location / {
modsecurity_rules_file /nginx/modsecurity/modsecurity.conf;
}
```
it means that's enabled just for your main place `/` not for other dirs in your site ex `/admin/` (:
Test it!
`curl 'http://localhost/?q="><script>wanna hack</script>'`
```html
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
```
# Keep In Mind.
The **L7 Protection** is the same way which **cloudflare** have that banner "Under Attack" A.K.A Cookie based authorization. Most of bots from where attacks will come doesn't support cookies so it will fail to access your site. (Test it by yourself to "curl http://yoursite.com" before you activate L7 and after you start L7 so you will understand better.)
install
-38
View File
@@ -1,38 +0,0 @@
#!/bin/bash
case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
bionic)
if [ "$(whoami)" != "root" ]
then
echo "You should Login as root to use this script!";
echo "May you already have access for sudo, but this script has no sudo before his commands so please switch";
echo "sudo -i";
exit 1
fi
if [ -d "/nginx/" ]; then
echo "We've detect a folder '/nginx/' which means"
echo "Maybe you have use this script before!"
echo "You can fix this by executing!"
echo "./clean"
exit 1
fi
if [ -d "/etc/nginx" ]; then
echo "We've detect a folder '/etc/nginx' which means"
echo "May you've already installed nginx what's important is that for this installation we need port :80 free"
echo "So please remove nginx or disable it with"
echo "service nginx stop"
echo "systemctl disable nginx"
exit 1
fi
if [ -d "/etc/apache2" ]; then
echo "We've detect a folder '/etc/apache2/' which means"
echo "May you've already installed apache2 what's important is that for this installation we need port :80 free"
echo "So please remove apache2 or disable it with"
echo "service apache2 stop"
echo "systemctl disable apache2"
exit 1
fi
;;
esac
iptables/filter.d/nginx-limits.conf
+8
View File
@@ -0,0 +1,8 @@
# fail2ban filter configuration for nginx limit connection for ip.
[Definition]
failregex = ^.*client: <HOST>.*$
ignoreregex =
nginx-reverse.yml
-35
View File
@@ -1,35 +0,0 @@
version: '3.7'
services:
nginx:
container_name: nginx
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
image: "theraw/the-world-is-yours:nginx"
shm_size: '512MB'
privileged: true
restart: unless-stopped
networks:
nginx_net:
ipv4_address: 172.69.0.70
dns:
- "1.1.1.1"
- "1.1.0.0"
ulimits:
nproc: 65535
cap_add:
- "CAP_SYS_RESOURCE"
- "CAP_SYS_TIME"
volumes:
- /nginx:/nginx
- /hostdata:/hostdata
networks:
nginx_net:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
ipam:
driver: default
config:
- subnet: 172.69.0.0/16
setup
+61
View File
@@ -0,0 +1,61 @@
version: '3.7'
services:
nginx:
container_name: nginx
ports:
- "0.0.0.0:80-9000:80-9000"
image: ""
shm_size: '512MB'
privileged: true
restart: unless-stopped
networks:
nginx_net:
ipv4_address: 172.22.0.22
dns:
- "8.8.8.8"
- "8.8.4.4"
ulimits:
nproc: 65535
cap_add:
- "ALL"
volumes:
- /dopesrv/nginx:/nginx
- /dopesrv/etc:/etc
- /dopesrv/opt:/opt
- /dopesrv/home:/home
- /dopesrv/root:/root
- /dopesrv/var:/var
db:
container_name: db
image: 'mariadb:latest'
shm_size: '512MB'
privileged: true
restart: unless-stopped
ports:
- '3306:3306'
networks:
nginx_net:
ipv4_address: 172.22.0.33
dns:
- "8.8.8.8"
- "8.8.4.4"
ulimits:
nproc: 65535
cap_add:
- "ALL"
environment:
MYSQL_ROOT_PASSWORD: '67WxFgoz1M'
MYSQL_DATABASE: 'nginx'
MYSQL_USER: 'dopeuser'
MYSQL_PASSWORD: '67WxFgoz1M'
volumes:
- /dopesrv/var/lib/mysql:/var/lib/mysql
networks:
nginx_net:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
ipam:
driver: default
config:
- subnet: 172.22.0.0/16
static/GeoLite2-Country.mmdb
BIN
View File
Binary file not shown.
static/conf.d/banlist.conf
+195
View File
@@ -0,0 +1,195 @@
# ========================================
# Proxies used for brute force.
deny 185.145.200.0/22;
deny 175.139.192.0/18;
deny 160.16.128.0/17;
deny 35.190.128.0/19;
deny 34.192.0.0/12;
deny 123.30.174.0/24;
deny 58.82.144.0/21;
deny 92.63.96.0/21;
deny 109.68.150.0/24;
deny 171.248.0.0/13;
deny 196.220.97.0/24;
deny 185.145.202.171/32;
deny 123.30.174.151/32;
deny 47.90.87.225/32;
deny 204.12.155.201/32;
deny 168.90.224.75/32;
deny 47.52.231.140/32;
deny 47.90.72.227/32;
deny 47.91.139.78/32;
deny 62.109.14.242/32;
deny 118.193.26.18/32;
deny 159.224.176.205/32;
deny 74.217.93.206/32;
deny 27.111.43.178/32;
deny 47.206.51.67/32;
deny 194.190.17.23/32;
deny 50.233.136.254/32;
deny 62.133.191.113/32;
deny 80.95.11.139/32;
deny 37.99.214.45/32;
deny 103.74.246.161/32;
deny 69.85.70.37/32;
deny 187.58.213.116/32;
deny 85.30.219.24/32;
deny 34.200.213.29/32;
deny 92.63.103.226/32;
deny 181.196.50.238/32;
deny 36.73.121.24/32;
deny 74.217.93.211/32;
deny 81.22.54.60/32;
deny 36.73.159.128/32;
deny 2.138.24.102/32;
deny 188.244.185.94/32;
deny 89.255.94.111/32;
deny 74.217.93.208/32;
deny 58.82.151.37/32;
deny 74.217.93.207/32;
deny 74.217.93.209/32;
deny 74.217.93.212/32;
deny 24.155.93.123/32;
deny 74.217.93.204/32;
deny 74.217.93.210/32;
deny 117.6.161.118/32;
deny 154.119.50.246/32;
deny 74.217.93.205/32;
deny 37.76.234.230/32;
deny 176.122.251.56/32;
deny 113.254.33.38/32;
deny 185.145.202.171/32;
deny 175.139.252.193/32;
deny 5.188.10.8/32;
deny 5.199.130.127/32;
deny 185.220.101.10/32;
deny 192.160.102.169/32;
deny 185.220.101.9/32;
deny 216.218.134.12/32;
deny 144.217.245.23/32;
deny 185.220.101.22/32;
deny 104.192.0.58/32;
deny 91.195.158.95/32;
deny 51.15.72.211/32;
deny 185.220.101.30/32;
deny 185.100.87.206/32;
deny 104.218.63.72/32;
deny 185.38.14.171/32;
deny 65.19.167.130/32;
deny 185.220.101.29/32;
deny 65.19.167.131/32;
deny 216.218.222.12/32;
deny 204.85.191.30/32;
deny 196.220.97.1/32;
deny 193.90.12.119/32;
deny 54.36.222.37/32;
deny 163.172.171.163/32;
deny 51.15.143.28/32;
deny 84.141.66.143/32;
deny 93.115.95.207/32;
deny 62.210.105.116/32;
deny 193.90.12.116/32;
deny 185.220.101.24/32;
deny 51.254.208.245/32;
deny 37.187.94.86/32;
deny 185.220.101.21/32;
deny 51.15.64.39/32;
deny 91.250.241.241/32;
deny 188.214.104.146/32;
deny 172.104.252.154/32;
deny 77.247.181.162/32;
deny 176.10.104.243/32;
deny 192.36.27.4/32;
deny 93.115.86.4/32;
deny 149.202.170.60/32;
deny 144.217.60.239/32;
deny 185.220.101.1/32;
deny 185.11.167.4/32;
deny 185.10.68.114/32;
deny 109.201.133.100/32;
deny 171.25.193.77/32;
deny 5.79.86.15/32;
deny 172.104.29.241/32;
deny 163.172.41.228/32;
deny 163.172.160.182/32;
deny 94.100.6.27/32;
deny 185.220.101.28/32;
deny 176.31.180.157/32;
deny 5.135.158.101/32;
deny 185.195.25.111/32;
deny 185.220.101.25/32;
deny 62.210.110.181/32;
deny 193.90.12.115/32;
deny 195.22.126.147/32;
deny 84.53.65.151/32;
deny 104.218.63.74/32;
deny 144.217.245.243/32;
deny 178.17.170.156/32;
deny 46.182.106.190/32;
deny 84.209.48.106/32;
deny 185.117.118.234/32;
deny 185.220.101.44/32;
deny 192.99.247.1/32;
deny 163.172.174.24/32;
deny 46.101.128.0/18;
deny 192.36.27.6/32;
deny 185.129.62.63/32;
deny 104.223.123.98/32;
deny 193.90.12.117/32;
deny 171.25.193.235/32;
deny 51.15.64.212/32;
deny 166.70.207.2/32;
deny 216.218.222.14/32;
deny 176.223.113.26/32;
deny 178.63.97.34/32;
deny 176.10.99.200/32;
deny 37.233.103.114/32;
deny 78.109.23.1/32;
deny 185.165.168.229/32;
deny 109.228.51.164/32;
deny 170.250.140.52/32;
deny 176.107.188.11/32;
deny 185.220.101.6/32;
deny 185.220.101.46/32;
deny 146.185.177.103/32;
deny 64.113.32.29/32;
deny 95.128.43.164/32;
deny 37.220.35.202/32;
deny 5.196.66.162/32;
deny 5.254.112.154/32;
deny 31.171.155.131/32;
deny 93.115.95.206/32;
deny 185.220.101.15/32;
deny 185.220.101.4/32;
deny 185.100.85.101/32;
deny 185.222.209.32/32;
deny 185.227.82.9/32;
deny 85.93.218.204/32;
deny 93.115.95.205/32;
deny 87.118.92.43/32;
deny 51.15.56.204/32;
deny 66.70.217.179/32;
deny 185.100.87.207/32;
deny 185.220.101.32/32;
deny 176.8.24.228/32;
deny 51.15.209.128/32;
deny 193.90.12.118/32;
deny 52.224.48.30/32;
deny 62.210.37.82/32;
deny 80.127.116.96/32;
deny 122.183.242.53/32;
deny 93.115.95.204/32;
deny 165.227.39.194/32;
deny 144.217.60.211/32;
deny 176.126.252.12/32;
deny 178.165.72.177/32;
deny 185.38.14.215/32;
deny 27.124.124.126/32;
deny 185.165.168.77/32;
deny 185.220.101.26/32;
deny 217.147.169.75/32;
deny 185.169.43.68/32;
deny 185.220.101.8/32;
deny 144.217.45.37/32;
deny 65.19.167.132/32;
# ==========================================
static/conf.d/country.conf
+23
View File
@@ -0,0 +1,23 @@
map $geoip2_data_country_code $allowed_country {
default yes;
BD no;
IT no;
PL no;
CM no;
CA no;
TH no;
ZA no;
EC no;
HK no;
CZ no;
ID no;
BR no;
SA no;
FK no;
FM no;
EH no;
CN no;
VN no;
RU no;
TR no;
}
static/html/index.html
+5
View File
@@ -0,0 +1,5 @@
<html>
<center><h1>NGINX-AS-WEB-FIREWALL Default Page!?</h1></center>
<center><h2>If you can see this that means your installation was successful!</h2></center>
<center><h2>Thank You For Using This Project, For Issues or suggestion Post them on <a href="https://github.com/theraw/The-World-Is-Yours" target="_blank">(Github)</a></h2></center>
</html>
static/nbuild.sh
+50
View File
@@ -0,0 +1,50 @@
./configure \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/nginx/logs/error.log \
--http-log-path=/nginx/logs/access.log \
--with-pcre \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-ld-opt="-Wl,-rpath,/usr/local/lib/" \
--add-module=/opt/nginx/modules/ngx_devel_kit \
--add-module=/opt/nginx/modules/ngx_pagespeed-1.13.35.2-stable \
--add-module=/opt/nginx/modules/testcookie-nginx-module \
--add-module=/opt/nginx/modules/set-misc-nginx-module \
--add-module=/opt/nginx/modules/headers-more-nginx-module \
--add-module=/opt/nginx/modules/echo-nginx-module \
--add-module=/opt/nginx/modules/ngx_cache_purge \
--add-module=/opt/nginx/modules/ngx_http_geoip2_module \
--add-module=/opt/nginx/modules/lua-nginx-module \
--add-module=/opt/nginx/modules/ModSecurity-nginx \
--add-module=/opt/nginx/modules/encrypted-session-nginx-module \
--add-module=/opt/nginx/modules/naxsi/naxsi_src/ \
--add-module=/opt/nginx/modules/nginx-http-rdns
static/nginx.conf
+121
View File
@@ -0,0 +1,121 @@
# Suggestions? => https://github.com/theraw/The-World-Is-Yours/issues
# Problems? => https://github.com/theraw/The-World-Is-Yours/issues
# Errors? => https://github.com/theraw/The-World-Is-Yours/issues
user nginx;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
multi_accept on;
use epoll;
worker_connections 65535;
}
http {
# ////////////////////////////////////////////////////// #
# =================== START L7 ========================= #
# turn this 'on' if you want to use L7 For every domain hosted in your server
testcookie off;
testcookie_name DOPEHOSTING;
testcookie_secret random;
testcookie_session $remote_addr;
#testcookie_arg GO;
testcookie_httponly_flag on;
testcookie_max_attempts 3;
testcookie_secure_flag on;
testcookie_get_only on;
testcookie_p3p 'CP="CUR ADM OUR NOR STA NID", policyref="/w3c/p3p.xml"';
testcookie_fallback /cookies.html?backurl=$scheme://$host$request_uri;
# Those are some ip's whitelisted by me. mostly are search engines. But not everything!
testcookie_whitelist {
8.8.8.8/32;
127.0.0.1/32;
# I don't suggest using alot of IPs here as this whitelist can fail!.
}
testcookie_redirect_via_refresh on;
testcookie_refresh_encrypt_cookie on;
testcookie_refresh_encrypt_cookie_key random;
testcookie_refresh_encrypt_cookie_iv random;
testcookie_refresh_template '<html><head><meta http-equiv="refresh" content="0; $testcookie_nexturl"><title>Just a moment please...</title></head><body> </script><script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script type=\"text/javascript\" src="//proxy2.dopehosting.net/aes.min.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("$testcookie_enc_key"),b=toNumbers("$testcookie_enc_iv"),c=toNumbers("$testcookie_enc_set");document.cookie="DOPEHOSTING="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";</script></body></html>';
# ===================== END L7 ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== LOGS =========================== #
log_format main '$remote_addr |==| $status |==| $request |==| $time_local';
# -------------------------------------------------------#
log_format agent '$remote_addr |==| $status |==| $request |==| $http_user_agent';
# -------------------------------------------------------#
log_format full '$remote_addr |==| $remote_user |==| $time_local |==| $request |==| $status |==| $body_bytes_sent |==| $http_referer |==| $http_user_agent |==| $http_x_forwarded_for';
# =================== END LOGS ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== GEIP =========================== #
geoip2 /nginx/db/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=US country iso_code;
$geoip2_data_country_name country names en;
}
# EX Ban China!
#map $geoip2_data_country_code $allowed_country {
# default yes;
# CN no;
#}
# =================== END GEIP ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== EXTRA ========================== #
# Don't Go with "Nginx Can Handle Everything" !
limit_conn_zone $server_name zone=max:1m;
limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;
# =================== END EXTRA ======================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Example Of Backend
#upstream varnish {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
# =================== END BACKENDS ===================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== GENERAL ========================= #
client_body_buffer_size 1M;
client_header_buffer_size 1M;
client_body_timeout 90s;
client_header_timeout 90s;
client_max_body_size 2M;
keepalive_timeout 10s;
port_in_redirect off;
sendfile on;
server_names_hash_bucket_size 6969;
server_name_in_redirect off;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;
types_hash_max_size 2048;
resolver 8.8.8.8 8.8.4.4;
default_type application/octet-stream;
include /nginx/mime.types;
# =================== END GENERAL ====================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# =================== LOAD CONFIGS ===================== #
include /nginx/live/*;
include /nginx/conf.d/*;
include /nginx/naxsi_core.rules;
# =================== END CONFIGS ====================== #
# ////////////////////////////////////////////////////// #
}
static/raws/template
+55
View File
@@ -0,0 +1,55 @@
server {
listen 80;
root /hostdata/raws.com/public_html;
index index.html index.php;
server_name raws.com www.raws.com;
location / {
SecRulesEnabled;
LearningMode;
DeniedUrl "/denied/";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
access_log /hostdata/raws.com/logs/access.log main;
error_log /hostdata/raws.com/logs/error.log;
try_files $uri $uri/ =404;
}
location /denied/ {
return 444;
}
# =========================================
# PHPMYADMIN.
# =========================================
location /phpmyadmin {
root /hostdata/default/;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /hostdata/default/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /nginx/fastcgi_params;
}
}
# =========================================
# END PHPMYADMIN.
# =========================================
# =========================================
# PHP.
# =========================================
location ~ \.php {
try_files $uri /index.php =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /nginx/fastcgi_params;
}
# =========================================
# END PHP.
# =========================================
}
static/sysctl.conf
+24
View File
@@ -0,0 +1,24 @@
vm.nr_hugepages = 0
vm.vfs_cache_pressure = 100
fs.file-max = 1000000
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
kernel.randomize_va_space = 2
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.ip_local_port_range = 1024 64999
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_window_scaling = 1
net.core.somaxconn = 32768
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_fin_timeout = 90
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
kernel.sched_autogroup_enabled = 0
net.ipv4.tcp_max_orphans = 32768
static/vhost/aes.min.js
Vendored
+790
View File
@@ -0,0 +1,790 @@
/*
* aes.js: implements AES - Advanced Encryption Standard
* from the SlowAES project, http://code.google.com/p/slowaes/
*
* Copyright (c) 2008 Josh Davis ( http://www.josh-davis.org ),
* Mark Percival ( http://mpercival.com ),
*
* Ported from C code written by Laurent Haan ( http://www.progressive-coding.com )
*
* Licensed under the Apache License, Version 2.0
* http://www.apache.org/licenses/
*/
var slowAES = {
/*
* START AES SECTION
*/
aes:{
// structure of valid key sizes
keySize:{
SIZE_128:16,
SIZE_192:24,
SIZE_256:32
},
// Rijndael S-box
sbox:[
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 ],
// Rijndael Inverted S-box
rsbox:
[ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
, 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
, 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
, 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
, 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
, 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d ],
/* rotate the word eight bits to the left */
rotate:function(word)
{
var c = word[0];
for (var i = 0; i < 3; i++)
word[i] = word[i+1];
word[3] = c;
return word;
},
// Rijndael Rcon
Rcon:[
0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d,
0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab,
0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d,
0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25,
0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01,
0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d,
0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa,
0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a,
0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02,
0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f,
0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5,
0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33,
0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb ],
G2X: [
0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16,
0x18, 0x1a, 0x1c, 0x1e, 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e,
0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, 0x40, 0x42, 0x44, 0x46,
0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e,
0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76,
0x78, 0x7a, 0x7c, 0x7e, 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e,
0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e, 0xa0, 0xa2, 0xa4, 0xa6,
0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe,
0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6,
0xd8, 0xda, 0xdc, 0xde, 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee,
0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe, 0x1b, 0x19, 0x1f, 0x1d,
0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05,
0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d,
0x23, 0x21, 0x27, 0x25, 0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55,
0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45, 0x7b, 0x79, 0x7f, 0x7d,
0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65,
0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d,
0x83, 0x81, 0x87, 0x85, 0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5,
0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5, 0xdb, 0xd9, 0xdf, 0xdd,
0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5,
0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed,
0xe3, 0xe1, 0xe7, 0xe5
],
G3X: [
0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d,
0x14, 0x17, 0x12, 0x11, 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39,
0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21, 0x60, 0x63, 0x66, 0x65,
0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71,
0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d,
0x44, 0x47, 0x42, 0x41, 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9,
0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1, 0xf0, 0xf3, 0xf6, 0xf5,
0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1,
0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd,
0xb4, 0xb7, 0xb2, 0xb1, 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99,
0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81, 0x9b, 0x98, 0x9d, 0x9e,
0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a,
0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6,
0xbf, 0xbc, 0xb9, 0xba, 0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2,
0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea, 0xcb, 0xc8, 0xcd, 0xce,
0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda,
0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46,
0x4f, 0x4c, 0x49, 0x4a, 0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62,
0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a, 0x3b, 0x38, 0x3d, 0x3e,
0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a,
0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16,
0x1f, 0x1c, 0x19, 0x1a
],
G9X: [
0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53,
0x6c, 0x65, 0x7e, 0x77, 0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf,
0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, 0x3b, 0x32, 0x29, 0x20,
0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c,
0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8,
0xc7, 0xce, 0xd5, 0xdc, 0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49,
0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01, 0xe6, 0xef, 0xf4, 0xfd,
0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91,
0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e,
0x21, 0x28, 0x33, 0x3a, 0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2,
0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa, 0xec, 0xe5, 0xfe, 0xf7,
0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b,
0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f,
0x10, 0x19, 0x02, 0x0b, 0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8,
0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, 0x47, 0x4e, 0x55, 0x5c,
0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30,
0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9,
0xf6, 0xff, 0xe4, 0xed, 0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35,
0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d, 0xa1, 0xa8, 0xb3, 0xba,
0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6,
0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62,
0x5d, 0x54, 0x4f, 0x46
],
GBX: [
0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45,
0x74, 0x7f, 0x62, 0x69, 0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81,
0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, 0x7b, 0x70, 0x6d, 0x66,
0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12,
0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e,
0xbf, 0xb4, 0xa9, 0xa2, 0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7,
0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f, 0x46, 0x4d, 0x50, 0x5b,
0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f,
0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8,
0xf9, 0xf2, 0xef, 0xe4, 0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c,
0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54, 0xf7, 0xfc, 0xe1, 0xea,
0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e,
0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02,
0x33, 0x38, 0x25, 0x2e, 0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd,
0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5, 0x3c, 0x37, 0x2a, 0x21,
0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55,
0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44,
0x75, 0x7e, 0x63, 0x68, 0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80,
0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, 0x7a, 0x71, 0x6c, 0x67,
0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13,
0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f,
0xbe, 0xb5, 0xa8, 0xa3
],
GDX: [
0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f,
0x5c, 0x51, 0x46, 0x4b, 0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3,
0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, 0xbb, 0xb6, 0xa1, 0xac,
0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0,
0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14,
0x37, 0x3a, 0x2d, 0x20, 0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e,
0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, 0xbd, 0xb0, 0xa7, 0xaa,
0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6,
0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9,
0x8a, 0x87, 0x90, 0x9d, 0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25,
0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d, 0xda, 0xd7, 0xc0, 0xcd,
0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91,
0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75,
0x56, 0x5b, 0x4c, 0x41, 0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42,
0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a, 0xb1, 0xbc, 0xab, 0xa6,
0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa,
0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8,
0xeb, 0xe6, 0xf1, 0xfc, 0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44,
0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, 0x0c, 0x01, 0x16, 0x1b,
0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47,
0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3,
0x80, 0x8d, 0x9a, 0x97
],
GEX: [
0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62,
0x48, 0x46, 0x54, 0x5a, 0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca,
0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, 0xdb, 0xd5, 0xc7, 0xc9,
0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81,
0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59,
0x73, 0x7d, 0x6f, 0x61, 0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87,
0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, 0x4d, 0x43, 0x51, 0x5f,
0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17,
0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14,
0x3e, 0x30, 0x22, 0x2c, 0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc,
0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc, 0x41, 0x4f, 0x5d, 0x53,
0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b,
0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3,
0xe9, 0xe7, 0xf5, 0xfb, 0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0,
0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, 0x7a, 0x74, 0x66, 0x68,
0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20,
0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e,
0xa4, 0xaa, 0xb8, 0xb6, 0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26,
0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56, 0x37, 0x39, 0x2b, 0x25,
0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d,
0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5,
0x9f, 0x91, 0x83, 0x8d
],
// Key Schedule Core
core:function(word,iteration)
{
/* rotate the 32-bit word 8 bits to the left */
word = this.rotate(word);
/* apply S-Box substitution on all 4 parts of the 32-bit word */
for (var i = 0; i < 4; ++i)
word[i] = this.sbox[word[i]];
/* XOR the output of the rcon operation with i to the first part (leftmost) only */
word[0] = word[0]^this.Rcon[iteration];
return word;
},
/* Rijndael's key expansion
* expands an 128,192,256 key into an 176,208,240 bytes key
*
* expandedKey is a pointer to an char array of large enough size
* key is a pointer to a non-expanded key
*/
expandKey:function(key,size)
{
var expandedKeySize = (16*(this.numberOfRounds(size)+1));
/* current expanded keySize, in bytes */
var currentSize = 0;
var rconIteration = 1;
var t = []; // temporary 4-byte variable
var expandedKey = [];
for(var i = 0;i < expandedKeySize;i++)
expandedKey[i] = 0;
/* set the 16,24,32 bytes of the expanded key to the input key */
for (var j = 0; j < size; j++)
expandedKey[j] = key[j];
currentSize += size;
while (currentSize < expandedKeySize)
{
/* assign the previous 4 bytes to the temporary value t */
for (var k = 0; k < 4; k++)
t[k] = expandedKey[(currentSize - 4) + k];
/* every 16,24,32 bytes we apply the core schedule to t
* and increment rconIteration afterwards
*/
if(currentSize % size == 0)
t = this.core(t, rconIteration++);
/* For 256-bit keys, we add an extra sbox to the calculation */
if(size == this.keySize.SIZE_256 && ((currentSize % size) == 16))
for(var l = 0; l < 4; l++)
t[l] = this.sbox[t[l]];
/* We XOR t with the four-byte block 16,24,32 bytes before the new expanded key.
* This becomes the next four bytes in the expanded key.
*/
for(var m = 0; m < 4; m++) {
expandedKey[currentSize] = expandedKey[currentSize - size] ^ t[m];
currentSize++;
}
}
return expandedKey;
},
// Adds (XORs) the round key to the state
addRoundKey:function(state,roundKey)
{
for (var i = 0; i < 16; i++)
state[i] ^= roundKey[i];
return state;
},
// Creates a round key from the given expanded key and the
// position within the expanded key.
createRoundKey:function(expandedKey,roundKeyPointer)
{
var roundKey = [];
for (var i = 0; i < 4; i++)
for (var j = 0; j < 4; j++)
roundKey[j*4+i] = expandedKey[roundKeyPointer + i*4 + j];
return roundKey;
},
/* substitute all the values from the state with the value in the SBox
* using the state value as index for the SBox
*/
subBytes:function(state,isInv)
{
for (var i = 0; i < 16; i++)
state[i] = isInv?this.rsbox[state[i]]:this.sbox[state[i]];
return state;
},
/* iterate over the 4 rows and call shiftRow() with that row */
shiftRows:function(state,isInv)
{
for (var i = 0; i < 4; i++)
state = this.shiftRow(state,i*4, i,isInv);
return state;
},
/* each iteration shifts the row to the left by 1 */
shiftRow:function(state,statePointer,nbr,isInv)
{
for (var i = 0; i < nbr; i++)
{
if(isInv)
{
var tmp = state[statePointer + 3];
for (var j = 3; j > 0; j--)
state[statePointer + j] = state[statePointer + j-1];
state[statePointer] = tmp;
}
else
{
var tmp = state[statePointer];
for (var j = 0; j < 3; j++)
state[statePointer + j] = state[statePointer + j+1];
state[statePointer + 3] = tmp;
}
}
return state;
},
// galois multiplication of 8 bit characters a and b
galois_multiplication:function(a,b)
{
var p = 0;
for(var counter = 0; counter < 8; counter++)
{
if((b & 1) == 1)
p ^= a;
if(p > 0x100) p ^= 0x100;
var hi_bit_set = (a & 0x80); //keep p 8 bit
a <<= 1;
if(a > 0x100) a ^= 0x100; //keep a 8 bit
if(hi_bit_set == 0x80)
a ^= 0x1b;
if(a > 0x100) a ^= 0x100; //keep a 8 bit
b >>= 1;
if(b > 0x100) b ^= 0x100; //keep b 8 bit
}
return p;
},
// galois multipication of the 4x4 matrix
mixColumns:function(state,isInv)
{
var column = [];
/* iterate over the 4 columns */
for (var i = 0; i < 4; i++)
{
/* construct one column by iterating over the 4 rows */
for (var j = 0; j < 4; j++)
column[j] = state[(j*4)+i];
/* apply the mixColumn on one column */
column = this.mixColumn(column,isInv);
/* put the values back into the state */
for (var k = 0; k < 4; k++)
state[(k*4)+i] = column[k];
}
return state;
},
// galois multipication of 1 column of the 4x4 matrix
mixColumn:function(column,isInv)
{
var mult = [];
if(isInv)
mult = [14,9,13,11];
else
mult = [2,1,1,3];
var cpy = [];
for(var i = 0; i < 4; i++)
cpy[i] = column[i];
column[0] = this.galois_multiplication(cpy[0],mult[0]) ^
this.galois_multiplication(cpy[3],mult[1]) ^
this.galois_multiplication(cpy[2],mult[2]) ^
this.galois_multiplication(cpy[1],mult[3]);
column[1] = this.galois_multiplication(cpy[1],mult[0]) ^
this.galois_multiplication(cpy[0],mult[1]) ^
this.galois_multiplication(cpy[3],mult[2]) ^
this.galois_multiplication(cpy[2],mult[3]);
column[2] = this.galois_multiplication(cpy[2],mult[0]) ^
this.galois_multiplication(cpy[1],mult[1]) ^
this.galois_multiplication(cpy[0],mult[2]) ^
this.galois_multiplication(cpy[3],mult[3]);
column[3] = this.galois_multiplication(cpy[3],mult[0]) ^
this.galois_multiplication(cpy[2],mult[1]) ^
this.galois_multiplication(cpy[1],mult[2]) ^
this.galois_multiplication(cpy[0],mult[3]);
return column;
},
// applies the 4 operations of the forward round in sequence
round:function(state, roundKey)
{
state = this.subBytes(state,false);
state = this.shiftRows(state,false);
state = this.mixColumns(state,false);
state = this.addRoundKey(state, roundKey);
return state;
},
// applies the 4 operations of the inverse round in sequence
invRound:function(state,roundKey)
{
state = this.shiftRows(state,true);
state = this.subBytes(state,true);
state = this.addRoundKey(state, roundKey);
state = this.mixColumns(state,true);
return state;
},
/*
* Perform the initial operations, the standard round, and the final operations
* of the forward aes, creating a round key for each round
*/
main:function(state,expandedKey,nbrRounds)
{
state = this.addRoundKey(state, this.createRoundKey(expandedKey,0));
for (var i = 1; i < nbrRounds; i++)
state = this.round(state, this.createRoundKey(expandedKey,16*i));
state = this.subBytes(state,false);
state = this.shiftRows(state,false);
state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds));
return state;
},
/*
* Perform the initial operations, the standard round, and the final operations
* of the inverse aes, creating a round key for each round
*/
invMain:function(state, expandedKey, nbrRounds)
{
state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds));
for (var i = nbrRounds-1; i > 0; i--)
state = this.invRound(state, this.createRoundKey(expandedKey,16*i));
state = this.shiftRows(state,true);
state = this.subBytes(state,true);
state = this.addRoundKey(state, this.createRoundKey(expandedKey,0));
return state;
},
numberOfRounds:function(size)
{
var nbrRounds;
switch (size) /* set the number of rounds */
{
case this.keySize.SIZE_128:
nbrRounds = 10;
break;
case this.keySize.SIZE_192:
nbrRounds = 12;
break;
case this.keySize.SIZE_256:
nbrRounds = 14;
break;
default:
return null;
break;
}
return nbrRounds;
},
// encrypts a 128 bit input block against the given key of size specified
encrypt:function(input,key,size)
{
var output = [];
var block = []; /* the 128 bit block to encode */
var nbrRounds = this.numberOfRounds(size);
/* Set the block values, for the block:
* a0,0 a0,1 a0,2 a0,3
* a1,0 a1,1 a1,2 a1,3
* a2,0 a2,1 a2,2 a2,3
* a3,0 a3,1 a3,2 a3,3
* the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
*/
for (var i = 0; i < 4; i++) /* iterate over the columns */
for (var j = 0; j < 4; j++) /* iterate over the rows */
block[(i+(j*4))] = input[(i*4)+j];
/* expand the key into an 176, 208, 240 bytes key */
var expandedKey = this.expandKey(key, size); /* the expanded key */
/* encrypt the block using the expandedKey */
block = this.main(block, expandedKey, nbrRounds);
for (var k = 0; k < 4; k++) /* unmap the block again into the output */
for (var l = 0; l < 4; l++) /* iterate over the rows */
output[(k*4)+l] = block[(k+(l*4))];
return output;
},
// decrypts a 128 bit input block against the given key of size specified
decrypt:function(input, key, size)
{
var output = [];
var block = []; /* the 128 bit block to decode */
var nbrRounds = this.numberOfRounds(size);
/* Set the block values, for the block:
* a0,0 a0,1 a0,2 a0,3
* a1,0 a1,1 a1,2 a1,3
* a2,0 a2,1 a2,2 a2,3
* a3,0 a3,1 a3,2 a3,3
* the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
*/
for (var i = 0; i < 4; i++) /* iterate over the columns */
for (var j = 0; j < 4; j++) /* iterate over the rows */
block[(i+(j*4))] = input[(i*4)+j];
/* expand the key into an 176, 208, 240 bytes key */
var expandedKey = this.expandKey(key, size);
/* decrypt the block using the expandedKey */
block = this.invMain(block, expandedKey, nbrRounds);
for (var k = 0; k < 4; k++)/* unmap the block again into the output */
for (var l = 0; l < 4; l++)/* iterate over the rows */
output[(k*4)+l] = block[(k+(l*4))];
return output;
}
},
/*
* END AES SECTION
*/
/*
* START MODE OF OPERATION SECTION
*/
//structure of supported modes of operation
modeOfOperation:{
OFB:0,
CFB:1,
CBC:2
},
// get a 16 byte block (aes operates on 128bits)
getBlock: function(bytesIn,start,end,mode)
{
if(end - start > 16)
end = start + 16;
return bytesIn.slice(start, end);
},
/*
* Mode of Operation Encryption
* bytesIn - Input String as array of bytes
* mode - mode of type modeOfOperation
* key - a number array of length 'size'
* size - the bit length of the key
* iv - the 128 bit number array Initialization Vector
*/
encrypt: function (bytesIn, mode, key, iv)
{
var size = key.length;
if(iv.length%16)
{
throw 'iv length must be 128 bits.';
}
// the AES input/output
var byteArray = [];
var input = [];
var output = [];
var ciphertext = [];
var cipherOut = [];
// char firstRound
var firstRound = true;
if (mode == this.modeOfOperation.CBC)
this.padBytesIn(bytesIn);
if (bytesIn !== null)
{
for (var j = 0;j < Math.ceil(bytesIn.length/16); j++)
{
var start = j*16;
var end = j*16+16;
if(j*16+16 > bytesIn.length)
end = bytesIn.length;
byteArray = this.getBlock(bytesIn,start,end,mode);
if (mode == this.modeOfOperation.CFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (var i = 0; i < 16; i++)
ciphertext[i] = byteArray[i] ^ output[i];
for(var k = 0;k < end-start;k++)
cipherOut.push(ciphertext[k]);
input = ciphertext;
}
else if (mode == this.modeOfOperation.OFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (var i = 0; i < 16; i++)
ciphertext[i] = byteArray[i] ^ output[i];
for(var k = 0;k < end-start;k++)
cipherOut.push(ciphertext[k]);
input = output;
}
else if (mode == this.modeOfOperation.CBC)
{
for (var i = 0; i < 16; i++)
input[i] = byteArray[i] ^ ((firstRound) ? iv[i] : ciphertext[i]);
firstRound = false;
ciphertext = this.aes.encrypt(input, key, size);
// always 16 bytes because of the padding for CBC
for(var k = 0;k < 16;k++)
cipherOut.push(ciphertext[k]);
}
}
}
return cipherOut;
},
/*
* Mode of Operation Decryption
* cipherIn - Encrypted String as array of bytes
* originalsize - The unencrypted string length - required for CBC
* mode - mode of type modeOfOperation
* key - a number array of length 'size'
* size - the bit length of the key
* iv - the 128 bit number array Initialization Vector
*/
decrypt:function(cipherIn,mode,key,iv)
{
var size = key.length;
if(iv.length%16)
{
throw 'iv length must be 128 bits.';
}
// the AES input/output
var ciphertext = [];
var input = [];
var output = [];
var byteArray = [];
var bytesOut = [];
// char firstRound
var firstRound = true;
if (cipherIn !== null)
{
for (var j = 0;j < Math.ceil(cipherIn.length/16); j++)
{
var start = j*16;
var end = j*16+16;
if(j*16+16 > cipherIn.length)
end = cipherIn.length;
ciphertext = this.getBlock(cipherIn,start,end,mode);
if (mode == this.modeOfOperation.CFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (i = 0; i < 16; i++)
byteArray[i] = output[i] ^ ciphertext[i];
for(var k = 0;k < end-start;k++)
bytesOut.push(byteArray[k]);
input = ciphertext;
}
else if (mode == this.modeOfOperation.OFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (i = 0; i < 16; i++)
byteArray[i] = output[i] ^ ciphertext[i];
for(var k = 0;k < end-start;k++)
bytesOut.push(byteArray[k]);
input = output;
}
else if(mode == this.modeOfOperation.CBC)
{
output = this.aes.decrypt(ciphertext, key, size);
for (i = 0; i < 16; i++)
byteArray[i] = ((firstRound) ? iv[i] : input[i]) ^ output[i];
firstRound = false;
for(var k = 0;k < end-start;k++)
bytesOut.push(byteArray[k]);
input = ciphertext;
}
}
if(mode == this.modeOfOperation.CBC)
this.unpadBytesOut(bytesOut);
}
return bytesOut;
},
padBytesIn: function(data) {
var len = data.length;
var padByte = 16 - (len % 16);
for (var i = 0; i < padByte; i++) {
data.push(padByte);
}
},
unpadBytesOut: function(data) {
var padCount = 0;
var padByte = -1;
var blockSize = 16;
if(data.length > 16) {
for (var i = data.length - 1; i >= data.length-1 - blockSize; i--) {
if (data[i] <= blockSize) {
if (padByte == -1)
padByte = data[i];
if (data[i] != padByte) {
padCount = 0;
break;
}
padCount++;
} else
break;
if (padCount == padByte) {
break;
}
}
if (padCount > 0) {
data.splice(data.length - padCount, padCount);
}
}
}
/*
* END MODE OF OPERATION SECTION
*/
};
static/vhost/default
+48
View File
@@ -0,0 +1,48 @@
server {
listen 80 default_server;
root /hostdata/default/public_html;
index index.html;
server_name localhost;
# ================================================
# LIMIT CONNECTION FOR IP / IPs WILL BE AUTO BANNED IF YOU HAVE INSTALL IPTABLES/FAIL2BAN
limit_conn max 800;
limit_req zone=one burst=300 nodelay;
# ================================================
# ================================================
# 1. Don't put log files into location / {..} it will not work as you think. Use like this.
# 2. If you change their name or location make sure you also change those https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L105-L118
access_log /hostdata/default/logs/access.log main;
error_log /hostdata/default/logs/error.log;
# ================================================
# ================================================
location / {
SecRulesEnabled;
LearningMode;
DeniedUrl "/denied/";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
try_files $uri $uri/ =404;
}
# ================================================
location /denied/ {
return 444;
}
# ================================================
location ~ \.php {
try_files $uri /index.php =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# ================================================
}