-
-
Save aqsa326/ef9c425ef0e5edb0074cd3c9a4b8807f to your computer and use it in GitHub Desktop.
| https://github.com/aqsa326/fortress-public-launch-kit.git |
aqsa326
commented
Jun 3, 2025
Generate fully working dns_watchdog.py with .env support for API keys
import os
from pathlib import Path
Folder setup
project_root = "/mnt/data/fortress-dns-secure-auto"
os.makedirs(project_root, exist_ok=True)
Main script with .env support
watchdog_script = """
import os
import socket
import requests
from dotenv import load_dotenv
load_dotenv()
DOMAIN = "thefortressapp.pro"
ABUSE_API_KEY = os.getenv("ABUSEIPDB_API_KEY")
CF_ZONE_ID = os.getenv("CLOUDFLARE_ZONE_ID")
CF_API_TOKEN = os.getenv("CLOUDFLARE_API_TOKEN")
def check_blocklists():
try:
ip = socket.gethostbyname(DOMAIN)
print(f"π Checking blocklists for IP: {ip}")
headers = {
"Key": ABUSE_API_KEY,
"Accept": "application/json"
}
url = f"https://api.abuseipdb.com/api/v2/check?ipAddress={ip}"
r = requests.get(url, headers=headers)
data = r.json()
score = data.get("data", {}).get("abuseConfidenceScore", "N/A")
print(f"π‘οΈ AbuseIPDB Score: {score}")
except Exception as e:
print(f"β Blocklist check failed: {e}")
def check_nameservers():
import socket
def check_dns(hostname):
try:
ip = socket.gethostbyname(hostname)
print(f"β
DNS OK: {hostname} β {ip}")
except Exception as e:
print(f"β DNS FAILED: {hostname} β {e}")
def check_nameservers():
servers = [
"curitiba.ns.porkbun.com",
"fortaleza.ns.porkbun.com",
"salvador.ns.porkbun.com"
]
for ns in servers:
try:
socket.gethostbyname(ns)
print(f"β
NS OK: {ns}")
except Exception as e:
print(f"β NS FAILED: {ns} β {e}")
=== Run checks ===
print("π Fortress DNS Check Started")
check_nameservers()
check_dns("thefortressapp.pro")
def list_cloudflare_dns():
try:
print("π Fetching DNS from Cloudflare")
headers = {
"Authorization": f"Bearer {CF_API_TOKEN}",
"Content-Type": "application/json"
}
url = f"https://api.cloudflare.com/client/v4/zones/{CF_ZONE_ID}/dns_records"
r = requests.get(url, headers=headers)
for record in r.json().get("result", []):
print(f"{record['type']} {record['name']} β {record['content']}")
except Exception as e:
print(f"β Cloudflare DNS fetch failed: {e}")
if name == "main":
check_blocklists()
check_nameservers()
list_cloudflare_dns()
"""
.env.example
env_example = """\
π thefortressapp.pro
ABUSEIPDB_API_KEY=your_abuseipdb_key
CLOUDFLARE_ZONE_ID=your_zone_id_here
CLOUDFLARE_API_TOKEN=your_cloudflare_token_here
"""
README
readme = """\
Fortress DNS AI Core β Auto Secure Watchdog
This tool automatically monitors:
- AbuseIPDB blocklist score
- Name server reachability
- Cloudflare DNS zone records
π§ Setup
- Copy
.env.exampleβ.env - Fill in your real API credentials
β Usage
pip install -r requirements.txt
python dns_watchdog.pyπ Secrets Required
ABUSEIPDB_API_KEY: abuseipdb.comCLOUDFLARE_ZONE_ID: From your Cloudflare domain settingsCLOUDFLARE_API_TOKEN: Create token with DNS read permissions
"""
requirements.txt
requirements = "python-dotenv\nrequests\n"
Write files
Path(os.path.join(project_root, "dns_watchdog.py")).write_text(watchdog_script)
Path(os.path.join(project_root, ".env.example")).write_text(env_example)
Path(os.path.join(project_root, "README.md")).write_text(readme)
Path(os.path.join(project_root, "requirements.txt")).write_text(requirements)
Zip
zip_path = "/mnt/data/fortress-dns-secure-auto.zip"
shutil.make_archive(zip_path.replace(".zip", ""), 'zip', project_root)
zip_path
Fortress DNS Watchdog Automation
Overview
This project automates DNS, blocklist, and Cloudflare monitoring using a Python script, Discord alerting, and scheduled GitHub Actions. It is designed for security-first ops teams who want zero hardcoding, easy deployment, and real-time notifications.
How the Automation Works
1. Environment Setup
- All secrets/API keys are stored in a
.envfile (never hardcoded). .env.exampleis provided as a template.
2. Core Script (dns_watchdog.py)
- Checks IPs/domains against AbuseIPDB, Cloudflare DNS, and NS records.
- Computes anomaly scores to detect outliers.
- Sends Discord webhook alerts on failures or suspicious activity.
- Fully configurable via environment variables.
3. GitHub Actions Integration
- Workflow:
.github/workflows/dns-watchdog.yml - Runs automatically on a schedule (e.g., every hour).
- Installs dependencies, loads secrets from GitHub repository secrets, and executes the watchdog.
- Notifies you via Discord if anything fails or anomalous activity is detected.
4. AI-Powered Anomaly Detection
- The script tracks trends in abuse/blocklist scores.
- If a significant anomaly is detected, a smart alert is sent with context.
Quick Start
- Clone the repository
- Copy
.env.exampleto.envand fill in your API credentials - Install dependencies:
pip install -r requirements.txt
- Run manually:
python dns_watchdog.py
- (Optional): Push to GitHub. The workflow will run on schedule.
GitHub Actions Setup
-
Go to your repo Settings > Secrets and variables > Actions.
-
Add the following secrets:
ABUSEIPDB_API_KEYCLOUDFLARE_ZONE_IDCLOUDFLARE_API_TOKENDISCORD_WEBHOOK_URL
-
The workflow (
.github/workflows/dns-watchdog.yml) will automatically:- Check out code
- Install Python and dependencies
- Load environment variables from secrets
- Run
dns_watchdog.pyon the defined schedule
Discord Alerting
- Add your Discord webhook URL to
.envor as a secret. - Failure, anomaly, or blocklist trip = instant alert in your selected channel.
Customization & Expansion
- IPs/domains checked: Edit in
dns_watchdog.py(suggest loading from a config file or database for scaling). - Alert thresholds: Adjust anomaly/z-score logic as needed.
- Notification channels: Add more integrations (Slack, email, etc.) by extending the alert function.
Security & Ownership
- No API keys are ever hardcoded.
- All sensitive data is managed via environment variables and GitHub secrets.
- Designed for rapid deployment, portability, and secure operations.
Reference
Deploy with confidence. Fortress DNS Watchdog is built to expand, adapt, and keep you informedβsecurely.