mirror of
https://github.com/hotyue/IP-Sentinel.git
synced 2026-06-26 11:51:36 +08:00
Compare commits
7 Commits
v3.3.2
...
v3.3.0-leg
| Author | SHA1 | Date | |
|---|---|---|---|
|
fe2d38a6e5 | ||
|
|
ca0c13c11a | ||
|
|
f29f21f274 | ||
|
|
d5f1850dbf | ||
|
|
50da8352d4 | ||
|
|
a55d362be6 | ||
|
|
044c7a9937 |
44
.github/workflows/daily_keywords.yml
vendored
44
.github/workflows/daily_keywords.yml
vendored
@@ -1,44 +0,0 @@
|
||||
name: Daily Trends Factory
|
||||
|
||||
on:
|
||||
schedule:
|
||||
# 每天 UTC 18:00 运行 (北京时间凌晨 02:00)
|
||||
- cron: '0 18 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
update-trends:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Code
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.10'
|
||||
|
||||
- name: Execute Trends Engine
|
||||
run: python scripts/fetch_trends.py
|
||||
|
||||
- name: Commit and Push
|
||||
run: |
|
||||
git config --global user.name "github-actions[bot]"
|
||||
git config --global user.email "github-actions[bot]@users.noreply.github.com"
|
||||
|
||||
git add data/keywords/
|
||||
|
||||
# 防御机制:如果没有新数据,就静默退出,不产生空提交
|
||||
if git diff --staged --quiet; then
|
||||
echo "No changes, skipping."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# 策略:放弃危险的 amend 强制覆盖,采用带日期的标准安全提交
|
||||
git commit -m "chore(data): 🤖 自动机兵:刷新全战区热点词库 [$(date +'%Y-%m-%d')]"
|
||||
git push origin main
|
||||
10
README.md
10
README.md
@@ -18,13 +18,9 @@
|
||||
|
||||
- 🏭 **自动化指纹兵工厂 (Automated UA Factory)**:依托 GitHub Actions CI/CD 流水线,每月 1 日无人值守全自动生成 4000+ 带绝对物理分区的真实终端设备数据。配合边缘节点的守护进程静默拉取,实现千万级指纹资产的“自动驾驶”级演进。
|
||||
|
||||
- 📡 **OTA 动态活体词库 (Dynamic Trends)**:v3.3.0 跨时代跃升。彻底废弃静态搜索词,引入 GitHub Actions 云端流水线。每天自动抓取美、日、德、英等全战区当日 Google 热搜榜单,并通过边缘节点每日静默同步,让您的 IP 搜索行为永远贴合当地当天的真实网络脉搏。
|
||||
|
||||
- 🔀 **智能错峰调度 (Thundering Herd Mitigation)**:v3.3.0 架构升级。首创节点部署时间戳锚定逻辑。边缘节点按需智能分频(每日拉取几百行轻量词库,每月按 30 天周期错峰拉取千万级指纹库),完美化解“惊群效应”,彻底抹平统一升级时的数据并发特征,隐匿于无形。
|
||||
|
||||
- 🖧 **底层路由死锁 (Hard-Bind Routing)**:v3.2.1 热修复升级。底层探测引擎强力接管 curl 核心参数 (--interface),强制将发出的每一滴伪装流量死死绑定在您设定的物理网卡或隧道 IP 上,彻底杜绝双栈或多网卡环境下的流量溢出漏洞。
|
||||
|
||||
- 🎯 **多级容灾与高精度探针 (High-Precision Probe)**:v3.2.2 底层重构。重写战报模块与底层协议自适应逻辑,植入多级 ISP 容灾探针链路,并按“底层数据共识原则”智能清洗冗余 AS 号。确保在纯 V6、隧道或弱网环境下,数据获取依然 100% 精准畅通。
|
||||
- 🎯 **多级容灾与高精度探针 (High-Precision Probe)**:v3.2.2 底层重构。重写战报模块与底层协议自适应逻辑,植入多级 ISP 容灾探针链路,并按“底层数据共识原则”智能清洗冗余 AS 号。确保在纯 V6、隧道或弱网环境下,数据获取依然 100% 精准畅通。
|
||||
|
||||
- 🔄 **平滑热更新装甲 (Smooth Upgrade Engine)**:v3.2.2 体验进化。全系植入状态机嗅探逻辑。无论是 Master 司令部还是 Agent 边缘节点,再次执行部署脚本时将自动识别并继承历史配置、SQLite 数据库与锚定 IP,一键回车即可瞬间完成无损换代,告别繁琐的重复配置。
|
||||
|
||||
@@ -62,7 +58,7 @@
|
||||
|
||||
## 🚀 极速部署 (Quick Start)
|
||||
|
||||
v3.3.x 提供了两种接入模式,请根据您的战术需求选择:
|
||||
v3.2.x 提供了两种接入模式,请根据您的战术需求选择:
|
||||
|
||||
### 🔹 模式 A:官方公共模式 (最简、推荐)
|
||||
**适合不想折腾、只想快速养护 IP 的新兵。**
|
||||
@@ -90,7 +86,7 @@ bash <(curl -sL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/core/i
|
||||
```
|
||||
3. **激活节点**:同上,将暗号转发给您自己的机器人即可。
|
||||
|
||||
### ⚠️ 平滑升级指引 (Upgrade to v3.3.0)
|
||||
### ⚠️ 平滑升级指引 (Upgrade to v3.2.2)
|
||||
|
||||
得益于 **v3.2.2 全新引入的平滑热更新引擎 (Smooth Upgrade Engine)**,系统升级现已变得极其优雅与安全。
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
# ==========================================================
|
||||
# 脚本名称: agent_daemon.sh (受控节点 Webhook 守护进程 V3.3.1)
|
||||
# 脚本名称: agent_daemon.sh (受控节点 Webhook 守护进程 V3.0.3)
|
||||
# 核心功能: 智能防打扰注册、进程自检、模块级路由分发(403拦截)
|
||||
# ==========================================================
|
||||
|
||||
@@ -24,18 +24,14 @@ if pgrep -f "webhook.py $AGENT_PORT" > /dev/null; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# 1. 尝试获取实时公网 IP
|
||||
# 1. [v3.0.1修复] 严格按照 install.sh 锁定的网络协议 (v4/v6) 获取 IP
|
||||
RAW_IP=$(curl -${IP_PREF:-4} -s -m 5 api.ip.sb/ip | tr -d '[:space:]')
|
||||
|
||||
# [v3.3.1 修改] 为新获取到的 v6 自动加方括号;如果网络波动没抓到,强制信任本地 config 中的公网面孔
|
||||
if [ -n "$RAW_IP" ]; then
|
||||
if [[ "$RAW_IP" == *":"* ]] && [[ "$RAW_IP" != *"["* ]]; then
|
||||
AGENT_IP="[${RAW_IP}]"
|
||||
else
|
||||
AGENT_IP="$RAW_IP"
|
||||
fi
|
||||
# 为新获取到的 v6 自动加方括号,以确保与之前锁定的格式对齐比对
|
||||
if [[ "$RAW_IP" == *":"* ]] && [[ "$RAW_IP" != *"["* ]]; then
|
||||
AGENT_IP="[${RAW_IP}]"
|
||||
else
|
||||
AGENT_IP="${PUBLIC_IP:-${BIND_IP:-Unknown}}"
|
||||
AGENT_IP="$RAW_IP"
|
||||
fi
|
||||
|
||||
if [ -n "$AGENT_IP" ]; then
|
||||
@@ -119,7 +115,7 @@ class AgentHandler(http.server.BaseHTTPRequestHandler):
|
||||
return
|
||||
|
||||
# 校验 3:HMAC 数据完整性与身份合法性校验
|
||||
msg = f"{req_path}:{req_t}".encode('utf-8')
|
||||
msg = "{}:{}".format(req_path, req_t).encode('utf-8')
|
||||
expected_sign = hmac.new(AUTH_TOKEN.encode('utf-8'), msg, hashlib.sha256).hexdigest()
|
||||
|
||||
# 使用 compare_digest 防御时序攻击
|
||||
@@ -205,7 +201,7 @@ class AgentHandler(http.server.BaseHTTPRequestHandler):
|
||||
log_data = html.escape("".join(lines[-15:]))
|
||||
|
||||
node_name = subprocess.check_output(['hostname']).decode('utf-8').strip()[:15]
|
||||
text_msg = f"📄 <b>[{node_name}] 实时运行日志:</b>\n<pre><code>{log_data}</code></pre>"
|
||||
text_msg = "📄 <b>[{}] 实时运行日志:</b>\n<pre><code>{}</code></pre>".format(node_name, log_data)
|
||||
|
||||
data = urllib.parse.urlencode({
|
||||
'chat_id': config.get('CHAT_ID', ''),
|
||||
@@ -221,7 +217,7 @@ class AgentHandler(http.server.BaseHTTPRequestHandler):
|
||||
urllib.request.urlopen(req, timeout=10)
|
||||
|
||||
except Exception as e:
|
||||
print(f"Log transmission failed: {e}")
|
||||
print("Log transmission failed: {}".format(e))
|
||||
|
||||
else:
|
||||
self.send_response(404)
|
||||
@@ -238,8 +234,8 @@ class ThreadedDualStackServer(socketserver.ThreadingMixIn, socketserver.TCPServe
|
||||
|
||||
try:
|
||||
bind_addr = "::" if socket.has_ipv6 else ""
|
||||
with ThreadedDualStackServer((bind_addr, PORT), AgentHandler) as httpd:
|
||||
httpd.serve_forever()
|
||||
httpd = ThreadedDualStackServer((bind_addr, PORT), AgentHandler)
|
||||
httpd.serve_forever()
|
||||
except Exception as e:
|
||||
sys.exit(1)
|
||||
# ====================================================================================
|
||||
|
||||
143
core/install.sh
143
core/install.sh
@@ -1,12 +1,12 @@
|
||||
#!/bin/bash
|
||||
|
||||
# ==========================================================
|
||||
# 脚本名称: install.sh (IP-Sentinel 分布式边缘节点部署脚本 v3.3.2 - OTA 活体引擎)
|
||||
# 脚本名称: install.sh (IP-Sentinel 分布式边缘节点部署脚本 v3.3.0 - OTA 活体引擎)
|
||||
# 核心功能: 区域选择、模块按需开启、官方机器人一键配置、平滑热更新、分频错峰调度
|
||||
# ==========================================================
|
||||
|
||||
# 你的 GitHub 仓库 Raw 数据直链前缀
|
||||
REPO_RAW_URL="https://raw.githubusercontent.com/hotyue/IP-Sentinel/main"
|
||||
REPO_RAW_URL="https://raw.githubusercontent.com/hotyue/IP-Sentinel/legacy"
|
||||
# 临时改为私库地址用于测试
|
||||
# REPO_RAW_URL="https://git.94211762.xyz/hotyue/IP-Sentinel/raw/branch/main"
|
||||
INSTALL_DIR="/opt/ip_sentinel"
|
||||
@@ -18,6 +18,17 @@ echo "========================================================"
|
||||
|
||||
# 1. 依赖检查与安装 (新增 python3 用于轻量级 Webhook 服务)
|
||||
echo -e "\n[1/7] 正在安装必要环境依赖 (curl, jq, cron, procps, python3)..."
|
||||
|
||||
# ================== [Legacy: Debian 9 APT 源抢修补丁] ==================
|
||||
if [ -f /etc/debian_version ] && grep -q -E "^9\." /etc/debian_version; then
|
||||
echo -e "\033[33m⚠️ 检测到 Debian 9 (Stretch),正在抢修已停用的 APT 档案馆源...\033[0m"
|
||||
echo "deb http://archive.debian.org/debian stretch main" > /etc/apt/sources.list
|
||||
echo "deb http://archive.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list
|
||||
sed -i '/stretch-updates/d' /etc/apt/sources.list
|
||||
echo 'Acquire::Check-Valid-Until "false";' > /etc/apt/apt.conf.d/99no-check-valid-until
|
||||
fi
|
||||
# =======================================================================
|
||||
|
||||
if [ -f /etc/debian_version ]; then
|
||||
apt-get update -y >/dev/null 2>&1
|
||||
apt-get install -y curl jq cron procps python3 >/dev/null 2>&1
|
||||
@@ -307,34 +318,13 @@ if [ "$UPGRADE_MODE" == "false" ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
# ================== [v3.3.1 核心重构: 身份剥离与双栈实弹嗅探] ==================
|
||||
# 1. 固化对外通讯身份 (自动穿透方括号护甲)
|
||||
# 终极修复:为 IPv6 自动穿上防护装甲(方括号),解决 Master 拼接 URL 报错问题
|
||||
if [[ "$PUBLIC_IP" == *":"* ]] && [[ "$PUBLIC_IP" != *"["* ]]; then
|
||||
SAFE_PUBLIC_IP="[${PUBLIC_IP}]"
|
||||
BIND_IP="[${PUBLIC_IP}]"
|
||||
else
|
||||
SAFE_PUBLIC_IP="$PUBLIC_IP"
|
||||
BIND_IP="$PUBLIC_IP"
|
||||
fi
|
||||
|
||||
# 2. 实弹打靶测试 (NAT 环境嗅探与双栈自适应)
|
||||
echo -n "🕵️ 正在进行出站链路试射 (NAT环境与双栈嗅探)..."
|
||||
RAW_TEST_IP=$(echo "$SAFE_PUBLIC_IP" | tr -d '[]')
|
||||
|
||||
# 智能切换靶机:V6 机器打 Cloudflare V6 节点,V4 机器打 1.1.1.1
|
||||
if [[ "$RAW_TEST_IP" == *":"* ]]; then
|
||||
TEST_TARGET="https://[2606:4700:4700::1111]"
|
||||
else
|
||||
TEST_TARGET="https://1.1.1.1"
|
||||
fi
|
||||
|
||||
# 执行实弹试射
|
||||
if curl --interface "$RAW_TEST_IP" -sI -m 3 "$TEST_TARGET" >/dev/null 2>&1; then
|
||||
echo -e " \033[32m✅ 原生直连,物理网卡死锁已激活。\033[0m"
|
||||
BIND_IP="$SAFE_PUBLIC_IP"
|
||||
else
|
||||
echo -e " \033[33m⚠️ 发现 NAT/虚拟路由架构,自动卸除网卡枷锁,交由内核路由。\033[0m"
|
||||
BIND_IP=""
|
||||
fi
|
||||
echo -e "\033[32m✅ 哨兵对外联络点已永久锁定至: $SAFE_PUBLIC_IP\033[0m"
|
||||
echo -e "\033[32m✅ 哨兵锚点已永久锁定至: $BIND_IP\033[0m"
|
||||
# ========================================================================
|
||||
|
||||
# 5. 远程拉取冷数据并解析固化
|
||||
@@ -375,9 +365,8 @@ AGENT_PORT="$AGENT_PORT"
|
||||
INSTALL_DIR="$INSTALL_DIR"
|
||||
LOG_FILE="${INSTALL_DIR}/logs/sentinel.log"
|
||||
|
||||
# [v3.3.1修改: 双核身份剥离配置]
|
||||
# [v3.0.1新增修改 2: 网络栈锚点锁定配置,供其他脚本读取]
|
||||
IP_PREF="$IP_PREF"
|
||||
PUBLIC_IP="$SAFE_PUBLIC_IP"
|
||||
BIND_IP="$BIND_IP"
|
||||
EOF
|
||||
|
||||
@@ -388,45 +377,6 @@ EOF
|
||||
fi
|
||||
# 🛑 拦截块结束 (全套交互配置跳过完毕)
|
||||
|
||||
# ================== [v3.3.1 核心修复: 老节点配置无损热迁移] ==================
|
||||
if [ "$UPGRADE_MODE" == "true" ]; then
|
||||
if ! grep -q "PUBLIC_IP=" "$CONFIG_FILE"; then
|
||||
echo -e "\n🔄 [平滑迁移] 正在对老节点进行 v3.3.1 双核身份架构升级..."
|
||||
|
||||
# 重新抓取公网面孔 (应对老节点 BIND_IP 可能已被手动清空的情况)
|
||||
MIGRATE_IP=$(curl -${IP_PREF:-4} -s -m 5 api.ip.sb/ip | tr -d '[:space:]')
|
||||
[[ "$MIGRATE_IP" == *":"* ]] && [[ "$MIGRATE_IP" != *"["* ]] && MIGRATE_IP="[${MIGRATE_IP}]"
|
||||
|
||||
echo -n "🕵️ 正在进行补发链路试射 (NAT与双栈嗅探)..."
|
||||
RAW_TEST_IP=$(echo "$MIGRATE_IP" | tr -d '[]')
|
||||
if [[ "$RAW_TEST_IP" == *":"* ]]; then
|
||||
TEST_TARGET="https://[2606:4700:4700::1111]"
|
||||
else
|
||||
TEST_TARGET="https://1.1.1.1"
|
||||
fi
|
||||
|
||||
if curl --interface "$RAW_TEST_IP" -sI -m 3 "$TEST_TARGET" >/dev/null 2>&1; then
|
||||
echo -e " \033[32m✅ 原生直连,网卡死锁已继承。\033[0m"
|
||||
NEW_BIND_IP="$MIGRATE_IP"
|
||||
else
|
||||
echo -e " \033[33m⚠️ 发现 NAT 架构,已自动卸除老版本的物理枷锁。\033[0m"
|
||||
NEW_BIND_IP=""
|
||||
fi
|
||||
|
||||
# 动态修改旧配置文件 (更新 BIND_IP,追加 PUBLIC_IP)
|
||||
sed -i "s/^BIND_IP=.*/BIND_IP=\"$NEW_BIND_IP\"/" "$CONFIG_FILE"
|
||||
echo "PUBLIC_IP=\"$MIGRATE_IP\"" >> "$CONFIG_FILE"
|
||||
|
||||
# 刷新当前安装脚本的环境变量,防止底部代码报错
|
||||
SAFE_PUBLIC_IP="$MIGRATE_IP"
|
||||
BIND_IP="$NEW_BIND_IP"
|
||||
else
|
||||
# 如果是未来再升级,配置文件已是最新,直接提取变量供安装脚本尾部使用
|
||||
SAFE_PUBLIC_IP=$(grep "^PUBLIC_IP=" "$CONFIG_FILE" | cut -d'"' -f2)
|
||||
fi
|
||||
fi
|
||||
# ========================================================================
|
||||
|
||||
# 6. 拉取全套组件 (按需下载,绝不浪费空间)
|
||||
echo -e "\n[6/7] 正在根据模块开关部署核心引擎与热数据..."
|
||||
# 确保目录在升级模式下也能被正确建立
|
||||
@@ -478,8 +428,8 @@ if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then
|
||||
|
||||
# [v3.0.1新增修改 3: 删除原来的 curl 取 IP,直接使用我们上方锁定的 BIND_IP]
|
||||
# 并提前写入 IP 缓存,彻底阻断 agent_daemon 首次启动时的重复推送
|
||||
# [修复竞态]: 提前写入公网 IP 缓存,彻底阻断 agent_daemon 首次启动时的抢跑推送
|
||||
echo "$SAFE_PUBLIC_IP" > "${INSTALL_DIR}/core/.last_ip"
|
||||
# [修复竞态]: 提前写入 IP 缓存,彻底阻断 agent_daemon 首次启动时的抢跑推送
|
||||
echo "$BIND_IP" > "${INSTALL_DIR}/core/.last_ip"
|
||||
|
||||
# 双保险守护进程看门狗
|
||||
echo "@reboot nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup
|
||||
@@ -494,53 +444,30 @@ rm -f /tmp/cron_backup
|
||||
|
||||
# ================== [v3.2.2 优化: 战报通知分流 (注册/升级)] ==================
|
||||
if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then
|
||||
# [v3.3.2 修复: 引入 IP 哈希防同名覆盖机制]
|
||||
IP_HASH=$(echo "${SAFE_PUBLIC_IP:-127.0.0.1}" | md5sum | cut -c 1-4 | tr 'a-z' 'A-Z')
|
||||
NODE_NAME="$(hostname | cut -c 1-10)-${IP_HASH}"
|
||||
|
||||
# ⚠️ 核心修复:提前构造注册暗号,供全新安装与首次架构重组使用
|
||||
REG_MSG="#REGISTER#|${REGION_CODE}|${NODE_NAME}|${SAFE_PUBLIC_IP}|${AGENT_PORT}"
|
||||
NODE_NAME=$(hostname | cut -c 1-15)
|
||||
|
||||
if [ "$UPGRADE_MODE" == "true" ]; then
|
||||
# 【核心兼容逻辑】检查是否是首次升级到哈希命名架构
|
||||
if ! grep -q "NAME_HASHED=\"true\"" "$CONFIG_FILE"; then
|
||||
echo "NAME_HASHED=\"true\"" >> "$CONFIG_FILE"
|
||||
|
||||
echo -e "\n📡 正在向指挥部发送架构重组通知..."
|
||||
curl -s -X POST "${TG_API_URL}" \
|
||||
-d "chat_id=${CHAT_ID}" \
|
||||
-d "parse_mode=Markdown" \
|
||||
-d "text=✨ *IP-Sentinel 引擎热更新完成!*
|
||||
echo -e "\n📡 正在向指挥部发送升级成功战报..."
|
||||
curl -s -X POST "${TG_API_URL}" \
|
||||
-d "chat_id=${CHAT_ID}" \
|
||||
-d "parse_mode=Markdown" \
|
||||
-d "text=✨ *IP-Sentinel 引擎热更新完成!*
|
||||
📍 节点:\`${NODE_NAME}\`
|
||||
🌐 IP:\`${SAFE_PUBLIC_IP}\`
|
||||
🚀 状态:v3.3.2 OTA 动态活体引擎已部署
|
||||
|
||||
⚠️ *战区架构已重组,请务必点击下方指令并发送,以同步新的防撞档案:*
|
||||
\`${REG_MSG}\`" >/dev/null 2>&1
|
||||
echo -e "\033[32m✅ 升级通知已推送!请前往 TG 点击注册指令完成身份同步!\033[0m"
|
||||
else
|
||||
echo -e "\n📡 正在向指挥部发送静默升级战报..."
|
||||
curl -s -X POST "${TG_API_URL}" \
|
||||
-d "chat_id=${CHAT_ID}" \
|
||||
-d "parse_mode=Markdown" \
|
||||
-d "text=✨ *IP-Sentinel 引擎热更新完成!*
|
||||
📍 节点:\`${NODE_NAME}\`
|
||||
🌐 IP:\`${SAFE_PUBLIC_IP}\`
|
||||
🚀 状态:v3.3.2 OTA 动态活体引擎已部署" >/dev/null 2>&1
|
||||
echo -e "\033[32m✅ 升级成功通知已推送到您的 Telegram!\033[0m"
|
||||
fi
|
||||
🌐 IP:\`${BIND_IP}\`
|
||||
🚀 状态:v3.3.0 OTA 动态活体养护引擎已部署" >/dev/null 2>&1
|
||||
echo -e "\033[32m✅ 升级成功通知已推送到您的 Telegram!\033[0m"
|
||||
else
|
||||
# 全新安装:直接打上哈希基因锁
|
||||
echo "NAME_HASHED=\"true\"" >> "$CONFIG_FILE"
|
||||
|
||||
echo -e "\n📡 正在向指挥部发送注册暗号..."
|
||||
# 构造注册暗号 (V3.1.3 协议升级: 携带 REGION_CODE 大区标识)
|
||||
REG_MSG="#REGISTER#|${REGION_CODE}|${NODE_NAME}|${BIND_IP}|${AGENT_PORT}"
|
||||
|
||||
# 执行主动推送
|
||||
PUSH_RESULT=$(curl -s -X POST "${TG_API_URL}" \
|
||||
-d "chat_id=${CHAT_ID}" \
|
||||
-d "parse_mode=Markdown" \
|
||||
-d "text=✨ *IP-Sentinel 部署成功!*
|
||||
📍 区域:${REGION_NAME}
|
||||
🌐 IP:${SAFE_PUBLIC_IP}
|
||||
🌐 IP:${BIND_IP}
|
||||
🔌 端口:${AGENT_PORT}
|
||||
|
||||
🔑 *请点击下方指令复制并回复给机器人:*
|
||||
@@ -573,8 +500,8 @@ if [[ -n "$TG_TOKEN" ]]; then
|
||||
elif command -v firewall-cmd >/dev/null 2>&1 && systemctl is-active firewalld | grep -qw active; then
|
||||
FW_MSG="firewall-cmd --zone=public --add-port=$AGENT_PORT/tcp --permanent && firewall-cmd --reload"
|
||||
elif command -v iptables >/dev/null 2>&1; then
|
||||
# 智能双栈雷达:根据对外公网 IP 属性,动态下发对应的防火墙放行指令
|
||||
if [[ "$SAFE_PUBLIC_IP" == *":"* ]]; then
|
||||
# 智能双栈雷达:根据绑定的 IP 属性,动态下发对应的防火墙放行指令
|
||||
if [[ "$BIND_IP" == *":"* ]]; then
|
||||
FW_MSG="ip6tables -I INPUT -p tcp --dport $AGENT_PORT -j ACCEPT"
|
||||
else
|
||||
FW_MSG="iptables -I INPUT -p tcp --dport $AGENT_PORT -j ACCEPT"
|
||||
|
||||
@@ -48,8 +48,8 @@ get_random_coord() {
|
||||
}
|
||||
|
||||
# --- [环境初始化] ---
|
||||
# [v3.3.1修改] 优先读取对外公网面孔作为哈希种子,兼容 NAT 机的空 BIND_IP
|
||||
CURRENT_IP="${PUBLIC_IP:-${BIND_IP:-Unknown}}"
|
||||
# [v3.0.2修复] 直接读取系统已锁定的锚点 IP,彻底杜绝“获取IP失败”及隧道偏移
|
||||
CURRENT_IP="${BIND_IP:-Unknown}"
|
||||
|
||||
# -----------------------------------------------------------
|
||||
# [V3.1.5] 哈希锚定法 (Hash-Seeded Persona)
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
# ==========================================================
|
||||
# 脚本名称: mod_trust.sh (IP 信用净化模块 V3.3.1 拓扑自适应版)
|
||||
# 脚本名称: mod_trust.sh (IP 信用净化模块 V3.1.4 拓扑自适应版)
|
||||
# 核心功能: 动态扫描本地 LBS 冷数据,提取权威白名单,执行流量净化
|
||||
# ==========================================================
|
||||
|
||||
@@ -59,8 +59,8 @@ if [ -f "$UA_FILE" ]; then
|
||||
TOTAL_UA=${#UA_POOL[@]}
|
||||
|
||||
if [ "$TOTAL_UA" -gt 0 ]; then
|
||||
# [v3.3.1修改] 优先使用固化的公网 IP 作为哈希种子,防止 NAT 节点指纹同质化
|
||||
SEED=$(echo -n "${PUBLIC_IP:-${BIND_IP:-127.0.0.1}}" | cksum | awk '{print $1}')
|
||||
# 以本地锁定的公网 IP (BIND_IP) 为种子计算 CRC32 哈希值
|
||||
SEED=$(echo -n "${BIND_IP:-127.0.0.1}" | cksum | awk '{print $1}')
|
||||
|
||||
# 利用确定的种子,在全球 4000 的库中,计算出本机的 3 个绝对专属坐标
|
||||
IDX1=$(( SEED % TOTAL_UA ))
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
# ==========================================================
|
||||
# 脚本名称: tg_report.sh (Telegram 每日战报模块 V3.3.2 动态拼装版)
|
||||
# 脚本名称: tg_report.sh (Telegram 每日战报模块 V6.0 动态拼装版)
|
||||
# 核心功能: 适配 Feature Flag 架构,按需展示 Google/Trust 独立统计数据
|
||||
# ==========================================================
|
||||
|
||||
@@ -19,9 +19,7 @@ if [ -z "$TG_TOKEN" ] || [ -z "$CHAT_ID" ]; then
|
||||
fi
|
||||
|
||||
# 2. 节点元数据抓取 (v3.2.2 协议自适应与多级容灾版)
|
||||
# [v3.3.2 修复: 引入 IP 哈希防同名覆盖机制]
|
||||
IP_HASH=$(echo "${PUBLIC_IP:-127.0.0.1}" | md5sum | cut -c 1-4 | tr 'a-z' 'A-Z')
|
||||
NODE_NAME="$(hostname | cut -c 1-10)-${IP_HASH}"
|
||||
NODE_NAME=$(hostname | cut -c 1-15)
|
||||
|
||||
# --- [防线 1: 底层路由锁定与协议自适应] ---
|
||||
CURL_BIND_OPT=""
|
||||
@@ -38,8 +36,8 @@ fi
|
||||
|
||||
# 多节点容灾探测出口 IP (注入协议自适应)
|
||||
CURRENT_IP=$( (curl $CURL_BIND_OPT $DYNAMIC_IP_PREF -s -m 5 api.ip.sb/ip || curl $CURL_BIND_OPT $DYNAMIC_IP_PREF -s -m 5 ifconfig.me) 2>/dev/null | tr -d '[:space:]' )
|
||||
# [v3.3.1 修改] 强制兜底:如果外部 API 挂了,优先使用固化的对外公网面孔 (兼容 NAT 机的空 BIND_IP)
|
||||
[ -z "$CURRENT_IP" ] && CURRENT_IP="${PUBLIC_IP:-$BIND_IP}"
|
||||
# 强制兜底:如果所有外部 API 都挂了,直接使用本地强行锁定的 BIND_IP
|
||||
[ -z "$CURRENT_IP" ] && CURRENT_IP="$BIND_IP"
|
||||
|
||||
# 为可能获取到的 IPv6 自动添加方括号护甲
|
||||
[[ "$CURRENT_IP" == *":"* ]] && [[ "$CURRENT_IP" != *"["* ]] && CURRENT_IP="[${CURRENT_IP}]"
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
# ==========================================================
|
||||
# 脚本名称: updater.sh (IP-Sentinel V3.3.1 养料注入与分频调度中枢)
|
||||
# 脚本名称: updater.sh (IP-Sentinel V3.3.0 养料注入与分频调度中枢)
|
||||
# 核心功能: 静默更新热搜词/LBS、指纹库错峰调度、强制出站死锁
|
||||
# ==========================================================
|
||||
|
||||
|
||||
@@ -1,23 +1,3 @@
|
||||
dietrich grönemeyer
|
||||
fränkische schweiz
|
||||
scarlett johansson
|
||||
jeff bezos
|
||||
dan brown
|
||||
паспорт громадянина україни для виїзду за кордон
|
||||
serena williams
|
||||
kampf der realitystars
|
||||
манчестер юнайтед – лидс
|
||||
catherine deneuve
|
||||
bobzin
|
||||
sprit
|
||||
kev
|
||||
abschiebung
|
||||
steuer
|
||||
masters rory mcilroy
|
||||
großglockner
|
||||
news38
|
||||
jessie cave
|
||||
michael schulte
|
||||
wetter frankfurt heute
|
||||
bundesliga ergebnisse
|
||||
aktuelle nachrichten deutschland
|
||||
|
||||
@@ -1,23 +1,3 @@
|
||||
yann barthes
|
||||
camille cerf
|
||||
alain delon
|
||||
loto du 13 avril 2026
|
||||
juan arbeláez
|
||||
hbo
|
||||
katy perry justin trudeau
|
||||
jacob elordi
|
||||
tondela – gil vicente
|
||||
le rugbynistère
|
||||
epstein
|
||||
kino
|
||||
horoscope du 13 avril 2026
|
||||
golf masters augusta 2026
|
||||
boursorama bourse
|
||||
cac 40
|
||||
sept à huit
|
||||
ligne 12 métro
|
||||
alice taglioni
|
||||
pedro sánchez
|
||||
meteo paris
|
||||
actualités en direct
|
||||
résultats ligue 1
|
||||
|
||||
@@ -1,23 +1,3 @@
|
||||
man united vs leeds
|
||||
曼聯 對 里茲聯
|
||||
prediction market
|
||||
預測市場
|
||||
polymarket
|
||||
巴基斯坦
|
||||
sndk
|
||||
江美儀
|
||||
楊何蓓茵
|
||||
樂珈嘉
|
||||
姜濤
|
||||
日經平均指數
|
||||
飲茶
|
||||
上市公司
|
||||
daniel caesar
|
||||
中年好聲音4
|
||||
香港天文台
|
||||
煤氣
|
||||
livenation
|
||||
政府
|
||||
香港天文台天氣預報
|
||||
MTR 港鐵路線圖
|
||||
OpenRice 附近美食
|
||||
|
||||
@@ -1,26 +1,7 @@
|
||||
man united vs leeds
|
||||
白鵬翔
|
||||
日本アカデミー賞 最優秀助演男優賞
|
||||
マンu 対 リーズ u
|
||||
サンディスク 株価
|
||||
らじるらじる
|
||||
マクドナルド
|
||||
ロシア
|
||||
広島市
|
||||
ゲイブル・スティーブソン
|
||||
日本維新の会
|
||||
新 日本 繊維
|
||||
高見沢 俊彦
|
||||
不登校
|
||||
後期高齢者医療制度
|
||||
バーミヤン
|
||||
宮澤エマ
|
||||
チケプラ
|
||||
横綱
|
||||
宮里美香
|
||||
東京 天気 明日
|
||||
新宿 おすすめ 居酒屋
|
||||
最新のニュース 速報
|
||||
ゴールド 相場 チャート
|
||||
近くの静かなカフェ
|
||||
円安 影響 生活
|
||||
地震 速報
|
||||
円安 影響 生活
|
||||
@@ -1,23 +1,3 @@
|
||||
man united vs leeds
|
||||
cbse class 10 result 2026 date
|
||||
euphoria season 3
|
||||
srh vs rr
|
||||
tamil new year 2026
|
||||
low de wei
|
||||
pope
|
||||
flexar
|
||||
microsoft outlook
|
||||
new rolex 2026
|
||||
medical classification
|
||||
blasphemy law
|
||||
big bang coachella 2026
|
||||
小贩
|
||||
malaysia fuel price crisis
|
||||
sbti personality test
|
||||
cancer survivor
|
||||
tim cook
|
||||
spurs vs nuggets
|
||||
asia flights cancelled delayed
|
||||
singapore weather forecast
|
||||
mrt map singapore
|
||||
straitstimes breaking news
|
||||
|
||||
@@ -1,23 +1,3 @@
|
||||
noah okafor
|
||||
casemiro
|
||||
talksport
|
||||
lazio
|
||||
leeds united fixtures
|
||||
bruno fernandes
|
||||
afc champions league
|
||||
meteor
|
||||
carlos queiroz
|
||||
travel warning
|
||||
tori amos
|
||||
cloud
|
||||
reading
|
||||
rolls-royce smr
|
||||
istanbul airport
|
||||
a27
|
||||
bridget phillipson
|
||||
tottenham standings
|
||||
may bank holiday 2026
|
||||
toto wolff
|
||||
london weather today
|
||||
bbc news latest
|
||||
premier league fixtures
|
||||
|
||||
@@ -1,23 +1,3 @@
|
||||
usa network
|
||||
natalie sago
|
||||
carlos queiroz
|
||||
carlos batista
|
||||
katie boulter
|
||||
levante - getafe
|
||||
levante vs getafe
|
||||
mcilroy green jacket presentation
|
||||
man united vs leeds
|
||||
7-eleven closing locations
|
||||
cloud
|
||||
sports
|
||||
sony playstation
|
||||
alaska airline
|
||||
toronto
|
||||
sydney
|
||||
paris
|
||||
tokyo
|
||||
delhi
|
||||
sykkuno drama
|
||||
Los Angeles weather today
|
||||
S&P 500 stock chart
|
||||
local coffee shops near me
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
#!/bin/bash
|
||||
|
||||
# ==========================================================
|
||||
# 脚本名称: install_master.sh (IP-Sentinel 控制中枢部署脚本 v3.3.2)
|
||||
# 脚本名称: install_master.sh (IP-Sentinel 控制中枢部署脚本 v3.2.3)
|
||||
# 核心功能: 部署/卸载调度中枢、SQLite 资产管理、平滑热更新引擎
|
||||
# ==========================================================
|
||||
|
||||
# [新增] 提取仓库直链前缀变量,方便后续在官方库和私库间一键切换
|
||||
REPO_RAW_URL="https://raw.githubusercontent.com/hotyue/IP-Sentinel/main"
|
||||
REPO_RAW_URL="https://raw.githubusercontent.com/hotyue/IP-Sentinel/legacy"
|
||||
# 临时改为私库地址用于测试
|
||||
# REPO_RAW_URL="https://git.94211762.xyz/hotyue/IP-Sentinel/raw/branch/main"
|
||||
|
||||
@@ -15,7 +15,7 @@ DB_FILE="${MASTER_DIR}/sentinel.db"
|
||||
|
||||
echo "========================================================"
|
||||
# [修改] 将欢迎语改为更通用的文案,因为现在不仅能部署,还能卸载
|
||||
echo " 🧠 欢迎使用 IP-Sentinel Master (控制中枢) v3.3.2"
|
||||
echo " 🧠 欢迎使用 IP-Sentinel Master (控制中枢) v3.2.2"
|
||||
echo "========================================================"
|
||||
|
||||
# [新增] 交互式操作菜单:支持选择部署或调用卸载程序
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
# ==========================================================
|
||||
# 脚本名称: tg_master.sh (Master 端调度枢纽 V3.3.2 动态签名版)
|
||||
# 脚本名称: tg_master.sh (Master 端调度枢纽 V3.0.4 动态签名版)
|
||||
# 核心功能: 监听 TG、操作 SQLite、Webhook 精准调度、403权限拦截、僵尸节点清理
|
||||
# ==========================================================
|
||||
|
||||
@@ -129,7 +129,6 @@ while true; do
|
||||
case "$REGION_NAME" in
|
||||
"US") FLAG="🇺🇸" ;; "JP") FLAG="🇯🇵" ;; "HK") FLAG="🇭🇰" ;;
|
||||
"SG") FLAG="🇸🇬" ;; "UK"|"GB") FLAG="🇬🇧" ;; "DE") FLAG="🇩🇪" ;; "FR") FLAG="🇫🇷" ;;
|
||||
"CA") FLAG="🇨🇦" ;; "AU") FLAG="🇦🇺" ;; "KR") FLAG="🇰🇷" ;; "NL") FLAG="🇳🇱" ;; "BR") FLAG="🇧🇷" ;; "IN") FLAG="🇮🇳" ;; "TW") FLAG="🇹🇼" ;;
|
||||
esac
|
||||
BTNS="$BTNS[{\"text\":\"$FLAG $REGION_NAME ($NODE_COUNT 台)\",\"callback_data\":\"region:$REGION_NAME\"}],"
|
||||
done <<< "$REGION_DATA"
|
||||
@@ -191,9 +190,8 @@ while true; do
|
||||
[ -z "$REGION_NAME" ] && REGION_NAME="UNKNOWN"
|
||||
FLAG="🌐"
|
||||
case "$REGION_NAME" in
|
||||
"US") FLAG="🇺🇸" ;; "JP") FLAG="🇯🇵" ;; "HK") FLAG="🇭🇰" ;;
|
||||
"SG") FLAG="🇸🇬" ;; "UK"|"GB") FLAG="🇬🇧" ;; "DE") FLAG="🇩🇪" ;; "FR") FLAG="🇫🇷" ;;
|
||||
"CA") FLAG="🇨🇦" ;; "AU") FLAG="🇦🇺" ;; "KR") FLAG="🇰🇷" ;; "NL") FLAG="🇳🇱" ;; "BR") FLAG="🇧🇷" ;; "IN") FLAG="🇮🇳" ;; "TW") FLAG="🇹🇼" ;;
|
||||
"US") FLAG="🇺🇸" ;; "JP") FLAG="🇯🇵" ;; "HK") FLAG="🇭🇰" ;;
|
||||
"SG") FLAG="🇸🇬" ;; "UK"|"GB") FLAG="🇬🇧" ;; "DE") FLAG="🇩🇪" ;; "FR") FLAG="🇫🇷" ;;
|
||||
esac
|
||||
BTNS="$BTNS[{\"text\":\"$FLAG $REGION_NAME ($NODE_COUNT 台)\",\"callback_data\":\"region:$REGION_NAME\"}],"
|
||||
done <<< "$REGION_DATA"
|
||||
|
||||
@@ -1,81 +0,0 @@
|
||||
import urllib.request
|
||||
import xml.etree.ElementTree as ET
|
||||
import os
|
||||
import json
|
||||
import re
|
||||
|
||||
# ================== [路径防弹装甲] ==================
|
||||
# 无论在哪里执行该脚本,都能精准反推项目根目录
|
||||
SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
|
||||
PROJECT_ROOT = os.path.dirname(SCRIPT_DIR)
|
||||
|
||||
MAP_JSON_PATH = os.path.join(PROJECT_ROOT, "data", "map.json")
|
||||
DATA_DIR = os.path.join(PROJECT_ROOT, "data", "keywords")
|
||||
# ====================================================
|
||||
|
||||
# 特殊战区代码映射 (Google Trends RSS 要求)
|
||||
GEO_FIX = {'UK': 'GB'}
|
||||
|
||||
HEADERS = {
|
||||
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
|
||||
}
|
||||
|
||||
def get_active_regions():
|
||||
"""动态提取 map.json 中的战区 (修正:精准穿透 JSON 数组结构)"""
|
||||
try:
|
||||
with open(MAP_JSON_PATH, 'r', encoding='utf-8') as f:
|
||||
data = json.load(f)
|
||||
# 穿透到 countries 列表,提取所有的国家代码 (id)
|
||||
regions = []
|
||||
for country in data.get('countries', []):
|
||||
if 'id' in country:
|
||||
regions.append(country['id'])
|
||||
return regions
|
||||
except Exception as e:
|
||||
print(f"❌ [读取地图失败]: {e}")
|
||||
return []
|
||||
|
||||
def fetch_trends(region_code):
|
||||
"""从 Google Trends 抓取当日热搜"""
|
||||
geo = GEO_FIX.get(region_code, region_code)
|
||||
url = f"https://trends.google.com/trending/rss?geo={geo}"
|
||||
try:
|
||||
req = urllib.request.Request(url, headers=HEADERS)
|
||||
with urllib.request.urlopen(req, timeout=10) as response:
|
||||
xml_data = response.read()
|
||||
root = ET.fromstring(xml_data)
|
||||
return [re.sub(r'[\n\r\t]', ' ', item.find('title').text).strip()
|
||||
for item in root.findall('./channel/item')
|
||||
if item.find('title') is not None]
|
||||
except Exception as e:
|
||||
print(f"⚠️ {region_code} 抓取异常: {e}")
|
||||
return []
|
||||
|
||||
def update_file(region, new_words):
|
||||
"""滑动窗口更新,保留 200 条最热记录"""
|
||||
os.makedirs(DATA_DIR, exist_ok=True)
|
||||
file_path = os.path.join(DATA_DIR, f"kw_{region}.txt")
|
||||
old_words = []
|
||||
if os.path.exists(file_path):
|
||||
with open(file_path, 'r', encoding='utf-8') as f:
|
||||
old_words = [l.strip() for l in f if l.strip()]
|
||||
|
||||
# 新词排在最前面,去重
|
||||
combined = new_words + [w for w in old_words if w not in new_words]
|
||||
final_list = combined[:200]
|
||||
|
||||
with open(file_path, 'w', encoding='utf-8') as f:
|
||||
f.write('\n'.join(final_list) + '\n')
|
||||
print(f"✅ [同步完成] {region}: 注入 {len(new_words)} 条新热点")
|
||||
|
||||
if __name__ == '__main__':
|
||||
regions = get_active_regions()
|
||||
if not regions:
|
||||
print("🛑 未发现活跃战区,请检查 map.json")
|
||||
exit(1)
|
||||
|
||||
for r in regions:
|
||||
print(f"📡 正在拉取 {r} 战区情报...")
|
||||
words = fetch_trends(r)
|
||||
if words:
|
||||
update_file(r, words)
|
||||
Reference in New Issue
Block a user