87 files changed, 1639 insertions, 211 deletions

diff --git a/.gitmodules b/.gitmodules
index 2823cad5..b51a2b2e 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -19,3 +19,12 @@
 [submodule "submodules/github/jbalogh/python-irclib"]
 	path = submodules/github/jbalogh/python-irclib
 	url = https://github.com/jbalogh/python-irclib.git
+[submodule "Reaktor/repos/gxfr"]
+	path = Reaktor/repos/gxfr
+	url = https://github.com/makefu/gxfr.git
+[submodule "Reaktor/repos/dnsrecon"]
+	path = Reaktor/repos/dnsrecon
+	url = https://github.com/makefu/dnsrecon.git
+[submodule "Reaktor/repos/whatweb"]
+	path = Reaktor/repos/whatweb
+	url = https://github.com/urbanadventurer/WhatWeb.git
diff --git a/Monitoring/plugins/notify_irc b/Monitoring/plugins/notify_irc
new file mode 100755
index 00000000..e1de0866
--- /dev/null
+++ b/Monitoring/plugins/notify_irc
@@ -0,0 +1,87 @@
+#! /usr/bin/env python
+#
+# Example program using irclib.py.
+#
+# This program is free without restrictions; do anything you like with
+# it.
+#
+# Joel Rosdahl <joel@rosdahl.net>
+
+import irclib
+import sys
+#irclib.DEBUG= True
+class IRCCat(irclib.SimpleIRCClient):
+    def __init__(self, target,msg=""):
+        irclib.SimpleIRCClient.__init__(self)
+        self.target = target
+        self.msg = msg
+
+    def on_welcome(self, connection, event):
+        if irclib.is_channel(self.target):
+            connection.join(self.target)
+        else:
+            self.send_it()
+
+    def on_join(self, connection, event):
+        self.send_it()
+
+    def on_disconnect(self, connection, event):
+        sys.exit(0)
+
+    def send_it(self):
+        if self.msg:
+            print "writing given argv privmsg",self.msg
+            self.connection.privmsg(self.target, self.msg)
+        else:
+            print "writing stdin privmsg:"
+            while 1:
+                line = sys.stdin.readline()
+                if not line:
+                    break
+                print line
+                self.connection.privmsg(self.target, line)
+        self.connection.quit("Using irclib.py")
+def findGreatNick(prefix='shinken'):
+    import random
+    import re
+    dic="/usr/share/dict/danish"
+    found=False
+    while not found:
+      w = random.choice(list(open(dic)))
+      found = re.match(r"^[a-zA-Z_-]+$",w)
+    return  prefix +"|"+w.strip()
+
+def main():
+    if len(sys.argv) < 3:
+        print "Usage: notify_irc <server[:port]> <target> [message]"
+        print "\ntarget is a nickname or a channel."
+        sys.exit(1)
+
+    s = sys.argv[1].split(":", 1)
+    server = s[0]
+    if len(s) == 2:
+        try:
+            port = int(s[1])
+        except ValueError:
+            print "Error: Erroneous port."
+            sys.exit(1)
+    else:
+        port = 6667
+    import random
+    nickname = findGreatNick()
+    print nickname
+    target = sys.argv[2]
+    msg = ""
+    if len(sys.argv) == 4:
+      msg = sys.argv[3]
+    c = IRCCat(target,msg)
+    try:
+        print "trying to connect to ",server,port,nickname
+        c.connect(server, port, nickname )
+    except irclib.ServerConnectionError, x:
+        print x
+        sys.exit(1)
+    c.start()
+
+if __name__ == "__main__":
+    main()
diff --git a/Reaktor/IRC/asybot.py b/Reaktor/IRC/asybot.py
index 657cee40..df758ed6 100755
--- a/Reaktor/IRC/asybot.py
+++ b/Reaktor/IRC/asybot.py
@@ -9,12 +9,14 @@ def is_executable(x):
 
 from asynchat import async_chat as asychat
 from asyncore import loop
-from socket import AF_INET, SOCK_STREAM
+from socket import AF_INET, SOCK_STREAM,gethostname
 from signal import SIGALRM, signal, alarm
 from datetime import datetime as date, timedelta
+import shlex
+from time import sleep
 from sys import exit
 from re import split, search
-
+from textwrap import TextWrapper
 import logging,logging.handlers
 log = logging.getLogger('asybot')
 hdlr = logging.handlers.SysLogHandler(facility=logging.handlers.SysLogHandler.LOG_DAEMON)
@@ -37,6 +39,7 @@ class asybot(asychat):
     self.set_terminator('\r\n')
     self.create_socket(AF_INET, SOCK_STREAM)
     self.connect((self.server, self.port))
+    self.wrapper = TextWrapper(subsequent_indent=" ",width=400)
 
     # When we don't receive data for alarm_timeout seconds then issue a
     # PING every hammer_interval seconds until kill_timeout seconds have
@@ -105,8 +108,10 @@ class asybot(asychat):
 
   def on_privmsg(self, prefix, command, params, rest):
     def PRIVMSG(text):
-      msg = 'PRIVMSG %s :%s' % (','.join(params), text)
-      self.push(msg)
+      for line in self.wrapper.wrap(text):
+        msg = 'PRIVMSG %s :%s' % (','.join(params), line)
+        self.push(msg)
+        sleep(1)
 
     def ME(text):
       PRIVMSG('
ACTION ' + text + '
')
@@ -125,7 +130,7 @@ class asybot(asychat):
 
       from os.path import realpath, dirname, join
       from subprocess import Popen as popen, PIPE
-
+      from time import time
       Reaktor_dir = dirname(realpath(dirname(__file__)))
       public_commands = join(Reaktor_dir, 'public_commands')
       command = join(public_commands, _command)
@@ -133,29 +138,28 @@ class asybot(asychat):
       if is_executable(command):
 
         env = {}
+        args = []
+        start = time()
         if _argument != None:
           env['argument'] = _argument
-
+          args = shlex.split(_argument)
         try:
-          p = popen([command], stdin=PIPE, stdout=PIPE, stderr=PIPE, env=env)
+          p = popen([command] + args,bufsize=1, stdout=PIPE, stderr=PIPE, env=env)
         except OSError, error:
           ME('brain damaged')
           log.error('OSError@%s: %s' % (command, error))
           return
-
-        stdout, stderr = [ x[:len(x)-1] for x in
-            [ x.split('\n') for x in p.communicate()]]
-        code = p.returncode
         pid = p.pid
+        for line in iter(p.stdout.readline,""):
+          PRIVMSG(line)
+          log.debug('%s stdout: %s' % (pid, line)) 
+        p.wait()
+        elapsed = time() - start
+        code = p.returncode
+        log.info('command: %s -> %s in %d seconds' % (command, code,elapsed))
+        [log.debug('%s stderr: %s' % (pid, x)) for x in p.stderr.readlines()]
 
-        log.info('command: %s -> %s' % (command, code))
-        [log.debug('%s stdout: %s' % (pid, x)) for x in stdout]
-        [log.debug('%s stderr: %s' % (pid, x)) for x in stderr]
-
-        if code == 0:
-          [PRIVMSG(x) for x in stdout]
-          [PRIVMSG(x) for x in stderr]
-        else:
+        if code != 0:
           ME('mimimi')
 
       else:
@@ -181,8 +185,12 @@ if __name__ == "__main__":
 
   lol = logging.DEBUG if env.get('debug',False) else logging.INFO
   logging.basicConfig(level=lol)
-  name = getconf1('Name', '/etc/tinc/retiolum/tinc.conf')
-  hostname = '%s.retiolum' % name
+  try: 
+    name = getconf1('Name', '/etc/tinc/retiolum/tinc.conf')
+    hostname = '%s.retiolum' % name
+  except:
+    name = gethostname()
+    hostname = name
   nick = str(env.get('nick', name))
   host = str(env.get('host', 'supernode'))
   port = int(env.get('port', 6667))
diff --git a/Reaktor/IRC/index b/Reaktor/IRC/index
index 24982c76..50022ec9 100755
--- a/Reaktor/IRC/index
+++ b/Reaktor/IRC/index
@@ -3,5 +3,4 @@ set -xeuf
 
 # cd //Reaktor
 cd $(dirname $(readlink -f $0))/..
-
-exec python IRC/asybot.py "$@"
+host=irc.freenode.net target='#krebsco' python IRC/asybot.py "$@"
diff --git a/Reaktor/Makefile b/Reaktor/Makefile
new file mode 100644
index 00000000..2241dba6
--- /dev/null
+++ b/Reaktor/Makefile
@@ -0,0 +1,23 @@
+submodules = gxfr dnsrecon bxfr whatweb
+security_modules = subdomains revip whatweb
+
+all: init all-mods
+
+init: init-submodules $(submodules)
+init-submodules: 
+	cd ..;git submodule init; git submodule update
+$(submodules):
+	cd repos/$@ ; git checkout master;git pull
+
+all-mods: $(addprefix public_commands/,$(security_modules))
+public_commands/%:commands/%
+	ln -s ../$< $@
+
+debian-autostart:
+	useradd reaktor ||:
+	cp startup/init.d/reaktor-debian /etc/init.d/reaktor
+	cp startup/conf.d/reaktor /etc/default/
+	update-rc.d reaktor defaults
+supervisor-autostart:
+	useradd reaktor ||:
+	cp startup/supervisor/Reaktor.conf /etc/supervisor/conf.d/
diff --git a/Reaktor/commands/revip b/Reaktor/commands/revip
new file mode 120000
index 00000000..e2c3b7ab
--- /dev/null
+++ b/Reaktor/commands/revip
@@ -0,0 +1 @@
+../repos/revip/revip
\ No newline at end of file
diff --git a/Reaktor/commands/subdomains b/Reaktor/commands/subdomains
new file mode 120000
index 00000000..0489555f
--- /dev/null
+++ b/Reaktor/commands/subdomains
@@ -0,0 +1 @@
+../repos/consolidate_dns/index
\ No newline at end of file
diff --git a/Reaktor/commands/whatweb b/Reaktor/commands/whatweb
new file mode 100755
index 00000000..84130d5c
--- /dev/null
+++ b/Reaktor/commands/whatweb
@@ -0,0 +1,7 @@
+#!/bin/sh
+#wrapper for WhatWeb
+here=$(dirname `readlink -f $0`)
+whatweb_bin="$here/../repos/whatweb/whatweb"
+[ -e "$whatweb_bin" ] || ( echo "!! Whatweb app does not exist" && exit 1 )
+[ "balls$1" = "balls" ] && ( echo "!! no host given" && exit 1)
+exec $whatweb_bin -a 3 "$1"
diff --git a/Reaktor/repos/bxfr/bxfr.py b/Reaktor/repos/bxfr/bxfr.py
new file mode 100644
index 00000000..8e6bd101
--- /dev/null
+++ b/Reaktor/repos/bxfr/bxfr.py
@@ -0,0 +1,238 @@
+#!/usr/bin/python -tt
+
+# gxfr replicates dns zone transfers by enumerating subdomains using advanced search engine queries and conducting dns lookups.
+# By Tim Tomes (LaNMaSteR53)
+# Available for download at http://LaNMaSteR53.com or http://code.google.com/p/gxfr/
+
+import sys, os.path, urllib, urllib2, re, time, socket, random, socket
+
+
+def help():
+  print """  Syntax: ./gxfr.py domain [options]
+  
+  -h, --help               this screen
+  -v                       enable verbose mode
+  -t [num of seconds]      set number of seconds to wait between queries (default=15)
+  -q [max num of queries]  restrict to maximum number of queries (default=0, indefinite)
+  --dns-lookup             enable dns lookups of all subdomains
+  --proxy [file|ip:port|-] use a proxy or list of open proxies to send queries (@random w/list)
+                             - [file] must consist of 1 or more ip:port pairs
+                             - replace filename with '-' (dash) to accept stdin
+  --user-agent ['string']  set custom user-agent string
+  --timeout [seconds]      set socket timeout (default=system default)
+  --csv [file]
+  
+  Examples: 
+  $ ./gxfr.py foxnews.com --dns-lookup -v
+  $ ./gxfr.py foxnews.com --dns-lookup --proxy open_proxies.txt --timeout 10
+  $ ./gxfr.py foxnews.com --dns-lookup -t 5 -q 5 -v --proxy 127.0.0.1:8080
+  $ curl http://rmccurdy.com/scripts/proxy/good.txt | ./gxfr.py website.com -v -t 3 --proxy -
+  """
+  sys.exit(2)
+
+if len(sys.argv) < 2:
+  help()
+
+if '-h' in sys.argv or '--help' in sys.argv:
+  help()
+
+# declare vars and process arguments
+#http://www.bing.com/search?q=site%3agoogle.de&qs=n&filt=all&pq=site%3agoogle.d&sc=8-5&sp=-1&sk=&first=1&FORM=PORE
+query_cnt = 0
+csvname = False
+domain = sys.argv[1]
+sys.argv = sys.argv[2:]
+lookup = False
+encrypt = True
+base_url = 'http://www.bing.com'
+base_uri = '/search?qs=n&form=QBRE&sc=0-0&sp=-1&sk='
+base_query = 'site:' + domain
+pattern = '//([\.\w-]*)\.%s.+?' % (domain)
+proxy = False
+user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)'
+verbose = False
+secs = 15
+max_queries = 10 # default = 10 queries
+# process command line arguments
+if len(sys.argv) > 0:
+  if '--dns-lookup' in sys.argv:
+    lookup = True
+  if '--csv' in sys.argv:
+    csvname = sys.argv[sys.argv.index('--csv') + 1]
+  if '--proxy' in sys.argv:
+    proxy = True
+    filename = sys.argv[sys.argv.index('--proxy') + 1]
+    if filename == '-':
+      proxies = sys.stdin.read().split()     
+    elif os.path.exists(filename):
+      content = open(filename).read()
+      proxies = re.findall('\d+\.\d+\.\d+\.\d+:\d+', content)
+    elif re.match(r'^\d+\.\d+\.\d+\.\d+:\d+$', filename):
+      proxies = [filename]
+    else:
+      help()
+  if '--timeout' in sys.argv:
+    timeout = int(sys.argv[sys.argv.index('--timeout') + 1])
+    socket.setdefaulttimeout(timeout)
+  if '--user-agent' in sys.argv:
+    user_agent = sys.argv[sys.argv.index('--user-agent') + 1]  
+  if '-v' in sys.argv:
+    verbose = True
+  if '-t' in sys.argv:
+    secs = int(sys.argv[sys.argv.index('-t') + 1])
+  if '-q' in sys.argv:
+    max_queries = int(sys.argv[sys.argv.index('-q') + 1])
+subs = []
+new = True
+page = 0
+
+# --begin--
+print '[-] domain:', domain
+print '[-] user-agent:', user_agent
+# execute search engine queries and scrape results storing subdomains in a list
+print '[-] querying search engine, please wait...'
+# loop until no new subdomains are found
+while new == True:
+  try:
+    query = ''
+    # build query based on results of previous results
+    for sub in subs:
+      query += ' -site:%s.%s' % (sub, domain)
+    full_query = base_query + query
+    start_param = '&first=%s' % (str(page*10))
+    query_param = '&q=%s&pq=%s' % (urllib.quote_plus(full_query),urllib.quote_plus(full_query))
+    if len(base_uri) + len(query_param) + len(start_param) < 2048:
+      last_query_param = query_param
+      params = query_param + start_param
+    else:
+      params = last_query_param[:2047-len(start_param)-len(base_uri)] + start_param
+    full_url = base_url + base_uri + params
+    # note: query character limit is passive in mobile, but seems to be ~794
+    # note: query character limit seems to be 852 for desktop queries
+    # note: typical URI max length is 2048 (starts after top level domain)
+    if verbose: print '[+] using query: %s...' % (full_url)
+    # build web request and submit query
+    request = urllib2.Request(full_url)
+    # spoof user-agent string
+    request.add_header('User-Agent', user_agent)
+    # if proxy is enabled, use the correct handler
+    if proxy == True:
+      # validate proxies at runtime
+      while True:
+        try:
+          # select a proxy from list at random
+          num = random.randint(0,len(proxies)-1)
+          host = proxies[num]
+          opener = urllib2.build_opener(urllib2.ProxyHandler({'http': host}))
+          if verbose: print '[+] sending query to', host
+          # send query to proxy server
+          result = opener.open(request).read()
+          # exit while loop if successful
+          break
+        except Exception as inst:
+          print '[!] %s failed: %s' % (host, inst)
+          if len(proxies) == 1:
+            # exit of no proxy servers from list are valid
+            print '[-] valid proxy server not found'
+            sys.exit(2)
+          else:
+            # remove host from list of proxies and try again
+            del proxies[num]
+    else:
+      opener = urllib2.build_opener(urllib2.HTTPHandler(), urllib2.HTTPSHandler())
+      # send query to search engine
+      try:
+        result = opener.open(request).read()
+      except Exception as inst:
+        print '[!] {0}'.format(inst)
+        if str(inst).index('503') != -1: print '[!] possible shun: use --proxy or find something else to do for 24 hours :)'
+        sys.exit(2)
+    if not verbose: sys.stdout.write('.'); sys.stdout.flush()
+    #if not verbose: sys.stdout.write('\n'); sys.stdout.flush()
+    # iterate query count
+    query_cnt += 1
+    sites = re.findall(pattern, result)
+    # create a uniq list
+    sites = list(set(sites))
+    new = False
+    # add subdomain to list if not already exists
+    for site in sites:
+      if site not in subs:
+        if verbose: print '[!] subdomain found:', site
+        subs.append(site)
+        new = True
+    # exit if maximum number of queries has been made
+    if query_cnt == max_queries:
+      print '[-] maximum number of queries made...'
+      break
+    # start going through all pages if querysize is maxed out
+    if new == False:
+      # exit if all subdomains have been found
+      if not 'Next page' in result:
+        #import pdb; pdb.set_trace() # curl to stdin breaks pdb
+        print '[-] all available subdomains found...'
+        break
+      else:
+        page += 1
+        new = True
+        if verbose: print '[+] no new subdomains found on page. jumping to result %d.' % (page*10)
+    # sleep script to avoid lock-out
+    if verbose: print '[+] sleeping to avoid lock-out...'
+    time.sleep(secs)
+  except KeyboardInterrupt:
+    # catch keyboard interrupt and gracefull complete script
+    break
+
+# print list of subdomains
+print '[-] successful queries made:', str(query_cnt)
+if verbose:
+  # rebuild and display final query if in verbose mode
+  #final_query = ''
+  #for sub in subs:
+  #  final_query += '+-site:%s.%s' % (sub, domain)
+  #print '[+] final query string: %sstart=%s&%s%s' % (base_url, str(page*10), base_query, query)
+  print '[+] final query string: %s' % (full_url)
+print ' '
+print '[subdomains] -', str(len(subs))
+csvwriter = False
+try:
+  if csvname:
+    import csv
+    csvwriter = csv.writer(open(csvname,'wb'))
+except:
+  print "[!] Cannot open CSV"
+for sub in subs: 
+  dom = '%s.%s' % (sub, domain )
+
+  #host resolution makes this computer more visible
+  hostname,aliases,ips = socket.gethostbyname_ex(dom) 
+  #print hostname,aliases,ip
+  print dom,",".join(ips) 
+  try:
+    line = [dom] + ips
+    csvwriter.writerow([dom] + ips)
+  except: pass
+
+
+# conduct dns lookup if argument is present
+if lookup == True:
+  print ' '
+  print '[-] querying dns, please wait...'
+  dict = {}
+  # create a dictionary where the subdomain is the key and a list of all associated ips is the value
+  for sub in subs:
+    sub = '%s.%s' % (sub, domain)
+    if verbose: print '[+] querying dns for %s...' % (sub)
+    # dns query and dictionary assignment
+    try:
+      dict[sub] = list(set([item[4][0] for item in socket.getaddrinfo(sub, 80)]))
+    except socket.gaierror:
+      # dns lookup failure
+      dict[sub] = list(set(['no entry']))
+  # print table of subdomains and ips
+  print ' '
+  print '[ip]'.ljust(16, ' ') + '[subdomain]'
+  for key in dict.keys():
+    for ip in dict[key]:
+      print ip.ljust(16, ' ') + key
+# --end--
diff --git a/Reaktor/repos/bxfr/bxfr_api.py b/Reaktor/repos/bxfr/bxfr_api.py
new file mode 100644
index 00000000..245ea92a
--- /dev/null
+++ b/Reaktor/repos/bxfr/bxfr_api.py
@@ -0,0 +1,238 @@
+#!/usr/bin/python -tt
+
+# gxfr replicates dns zone transfers by enumerating subdomains using advanced search engine queries and conducting dns lookups.
+# Original code By Tim Tomes (LaNMaSteR53)
+# rewrite for bing.com,csv output by makefu
+# Available for download at http://LaNMaSteR53.com or
+# http://code.google.com/p/gxfr/ and https://github.com/krebscode/painload in Reaktor/repos
+
+import sys, os.path, urllib, urllib2, re, time, socket, random, socket
+
+
+def help():
+  print """  Syntax: %s domain [options]
+  
+  -h, --help               this screen
+  -v                       enable verbose mode
+  -t [num of seconds]      set number of seconds to wait between queries (default=15)
+  -q [max num of queries]  restrict to maximum number of queries (default=0, indefinite)
+  --dns-lookup             enable dns lookups of all subdomains
+  --proxy [file|ip:port|-] use a proxy or list of open proxies to send queries (@random w/list)
+                             - [file] must consist of 1 or more ip:port pairs
+                             - replace filename with '-' (dash) to accept stdin
+  --user-agent ['string']  set custom user-agent string
+  --timeout [seconds]      set socket timeout (default=system default)
+  --csv [file]
+  
+  Examples: 
+  $ ./gxfr.py foxnews.com --dns-lookup -v
+  $ ./gxfr.py foxnews.com --dns-lookup --proxy open_proxies.txt --timeout 10
+  $ ./gxfr.py foxnews.com --dns-lookup -t 5 -q 5 -v --proxy 127.0.0.1:8080
+  $ curl http://rmccurdy.com/scripts/proxy/good.txt | ./gxfr.py website.com -v -t 3 --proxy -
+  """ % sys.argv[0]
+  sys.exit(2)
+
+if len(sys.argv) < 2:
+  help()
+
+if '-h' in sys.argv or '--help' in sys.argv:
+  help()
+
+# declare vars and process arguments
+query_cnt = 0
+csvname = False
+domain = sys.argv[1]
+sys.argv = sys.argv[2:]
+lookup = False
+encrypt = True
+base_url = 'http://api.bing.net'
+bing_appid = "01CDBCA91C590493EE4E91FAF83E5239FEF6ADFD" #from darkb0t, thanks
+base_uri = '/xml.aspx?AppID=%s&Sources=Web&Version=2.0&Web.Count=50&Web.Options=DisableHostCollapsing+DisableQueryAlterations' %bing_appid
+base_query = 'site:' + domain
+pattern = '>([\.\w-]*)\.%s.+?<' % (domain)
+proxy = False
+user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)'
+verbose = False
+secs = 10
+max_queries = 10 
+# process command line arguments
+if len(sys.argv) > 0:
+  if '--dns-lookup' in sys.argv:
+    lookup = True
+  if '--csv' in sys.argv:
+    csvname = sys.argv[sys.argv.index('--csv') + 1]
+  if '--proxy' in sys.argv:
+    proxy = True
+    filename = sys.argv[sys.argv.index('--proxy') + 1]
+    if filename == '-':
+      proxies = sys.stdin.read().split()     
+    elif os.path.exists(filename):
+      content = open(filename).read()
+      proxies = re.findall('\d+\.\d+\.\d+\.\d+:\d+', content)
+    elif re.match(r'^\d+\.\d+\.\d+\.\d+:\d+$', filename):
+      proxies = [filename]
+    else:
+      help()
+  if '--timeout' in sys.argv:
+    timeout = int(sys.argv[sys.argv.index('--timeout') + 1])
+    socket.setdefaulttimeout(timeout)
+  if '--user-agent' in sys.argv:
+    user_agent = sys.argv[sys.argv.index('--user-agent') + 1]  
+  if '-v' in sys.argv:
+    verbose = True
+  if '-t' in sys.argv:
+    secs = int(sys.argv[sys.argv.index('-t') + 1])
+  if '-q' in sys.argv:
+    max_queries = int(sys.argv[sys.argv.index('-q') + 1])
+subs = []
+new = True
+page = 0
+
+# --begin--
+print '[-] domain:', domain
+print '[-] user-agent:', user_agent
+# execute search engine queries and scrape results storing subdomains in a list
+print '[-] querying search engine, please wait...'
+# loop until no new subdomains are found
+while new == True:
+  try:
+    query = ''
+    # build query based on results of previous results
+    for sub in subs:
+      query += ' -site:%s.%s' % (sub, domain)
+    full_query = base_query + query
+    start_param = '&Web.Offset=%s' % (str(page*10))
+    query_param = '&Query=%s' % (urllib.quote_plus(full_query))
+    if len(base_uri) + len(query_param) + len(start_param) < 2048:
+      last_query_param = query_param
+      params = query_param + start_param
+    else:
+      params = last_query_param[:2047-len(start_param)-len(base_uri)] + start_param
+    full_url = base_url + base_uri + params
+    # note: query character limit is passive in mobile, but seems to be ~794
+    # note: query character limit seems to be 852 for desktop queries
+    # note: typical URI max length is 2048 (starts after top level domain)
+    if verbose: print '[+] using query: %s...' % (full_url)
+    # build web request and submit query
+    request = urllib2.Request(full_url)
+    # spoof user-agent string
+    request.add_header('User-Agent', user_agent)
+    # if proxy is enabled, use the correct handler
+    if proxy == True:
+      # validate proxies at runtime
+      while True:
+        try:
+          # select a proxy from list at random
+          num = random.randint(0,len(proxies)-1)
+          host = proxies[num]
+          opener = urllib2.build_opener(urllib2.ProxyHandler({'http': host}))
+          if verbose: print '[+] sending query to', host
+          # send query to proxy server
+          result = opener.open(request).read()
+          # exit while loop if successful
+          break
+        except Exception as inst:
+          print '[!] %s failed: %s' % (host, inst)
+          if len(proxies) == 1:
+            # exit of no proxy servers from list are valid
+            print '[-] valid proxy server not found'
+            sys.exit(2)
+          else:
+            # remove host from list of proxies and try again
+            del proxies[num]
+    else:
+      opener = urllib2.build_opener(urllib2.HTTPHandler(), urllib2.HTTPSHandler())
+      # send query to search engine
+      try:
+        result = opener.open(request).read()
+      except Exception as inst:
+        print '[!] {0}'.format(inst)
+        if str(inst).index('503') != -1: print '[!] possible shun: use --proxy or find something else to do for 24 hours :)'
+        sys.exit(2)
+    if not verbose: sys.stdout.write('.'); sys.stdout.flush()
+    #if not verbose: sys.stdout.write('\n'); sys.stdout.flush()
+    # iterate query count
+    query_cnt += 1
+    sites = re.findall(pattern, result)
+    # create a uniq list
+    sites = list(set(sites))
+    new = False
+    # add subdomain to list if not already exists
+    for site in sites:
+      if site not in subs:
+        if verbose: print '[!] subdomain found:', site
+        subs.append(site)
+        new = True
+    # exit if maximum number of queries has been made
+    if query_cnt == max_queries:
+      print '[-] maximum number of queries made...'
+      break
+    # start going through all pages if querysize is maxed out
+    if new == False:
+      # exit if all subdomains have been found
+      if not 'Next page' in result:
+        #import pdb; pdb.set_trace() # curl to stdin breaks pdb
+        print '[-] all available subdomains found...'
+        break
+      else:
+        page += 1
+        new = True
+        if verbose: print '[+] no new subdomains found on page. jumping to result %d.' % (page*10)
+    # sleep script to avoid lock-out
+    if verbose: print '[+] sleeping to avoid lock-out...'
+    time.sleep(secs)
+  except KeyboardInterrupt:
+    # catch keyboard interrupt and gracefull complete script
+    break
+
+# print list of subdomains
+print '[-] successful queries made:', str(query_cnt)
+if verbose:
+  # rebuild and display final query if in verbose mode
+  #final_query = ''
+  #for sub in subs:
+  #  final_query += '+-site:%s.%s' % (sub, domain)
+  #print '[+] final query string: %sstart=%s&%s%s' % (base_url, str(page*10), base_query, query)
+  print '[+] final query string: %s' % (full_url)
+print ' '
+print '[subdomains] -', str(len(subs))
+csvwriter = False
+try:
+  if csvname:
+    import csv
+    csvwriter = csv.writer(open(csvname,'wb'))
+except:
+  print "[!] Cannot open CSV"
+for sub in subs: 
+  dom = '%s.%s' % (sub, domain )
+  hostname,aliases,ips = socket.gethostbyname_ex(dom)
+  #print hostname,aliases,ip
+  print dom,",".join(ips) 
+  try:
+    line = [dom] + ips
+    csvwriter.writerow([dom] + ips)
+  except: pass
+
+
+# conduct dns lookup if argument is present
+if lookup == True:
+  print ' '
+  print '[-] querying dns, please wait...'
+  dict = {}
+  # create a dictionary where the subdomain is the key and a list of all associated ips is the value
+  for sub in subs:
+    sub = '%s.%s' % (sub, domain)
+    if verbose: print '[+] querying dns for %s...' % (sub)
+    # dns query and dictionary assignment
+    try:
+      dict[sub] = list(set([item[4][0] for item in socket.getaddrinfo(sub, 80)]))
+    except socket.gaierror:
+      # dns lookup failure
+      dict[sub] = list(set(['no entry']))
+  # print table of subdomains and ips
+  print ' '
+  print '[ip]'.ljust(16, ' ') + '[subdomain]'
+  for key in dict.keys():
+    for ip in dict[key]:
+      print ip.ljust(16, ' ') + key
+# --end--
diff --git a/Reaktor/repos/consolidate_dns/index b/Reaktor/repos/consolidate_dns/index
new file mode 100755
index 00000000..1a0dd81e
--- /dev/null
+++ b/Reaktor/repos/consolidate_dns/index
@@ -0,0 +1,85 @@
+#!/usr/bin/python -u
+import os
+from subprocess import Popen
+import csv
+import sys
+import tempfile
+
+
+os.chdir (os.path.dirname (os.path.realpath (sys.argv[0])))
+dnsrecon_enabled = False
+DNSRECON = "../dnsrecon/dnsrecon.py"
+dnsrecon_wordlist="namelist.txt"
+silent=open("/dev/null","w")
+gxfr_enabled = False
+GXFR = "../gxfr/gxfr.py"
+bxfr_enabled = False
+BXFR = "../bxfr/bxfr.py"
+domains = {}
+try:
+  DOMAIN=sys.argv[1]
+except:
+  print ("Usage: %s [hostname]")
+  sys.exit(1)
+print("checking for back end")
+if os.path.isfile(DNSRECON) :
+  dnsrecon_enabled=True
+  print ("  dnsrecon enabled")
+else:
+  print ("  dnsrecon not available or not supported")
+if os.path.isfile(GXFR):
+  gxfr_enabled=True
+  print ("  gxfr.py enabled")
+else:
+  print ("  gxfr.py not available or not supported")
+if os.path.isfile(BXFR):
+  bxfr_enabled=True
+  print ("  bxfr.py enabled")
+else:
+  print ("  bxfr.py not available or not supported")
+
+
+if dnsrecon_enabled:
+  dnsrecon_tmp = tempfile.NamedTemporaryFile(delete=False).name
+  print ("Starting dnsrecon, this may take some time")
+  p = Popen([DNSRECON,"-d",DOMAIN,"--csv",dnsrecon_tmp,'-D',dnsrecon_wordlist,"-t","brt,srv,axfr","--skip"],stdout=silent,stderr=silent)
+  p.wait()
+  reader = csv.reader(open(dnsrecon_tmp))
+  for row in reader:
+    if not row[1] in domains: 
+      domains[row[1]] = []
+    domains[row[1]] += row[2:]
+  print ("...finished with [%d] domains" %reader.line_num)
+  os.unlink(dnsrecon_tmp)
+
+if gxfr_enabled:
+  gxfr_tmp = tempfile.NamedTemporaryFile(delete=False).name
+  print ("Starting gxfr, this may take some time")
+  p = Popen(["/usr/bin/python",GXFR,DOMAIN,"-q","3","--csv",gxfr_tmp],stdout=silent,stderr=silent)
+  p.wait()
+  reader = csv.reader(open(gxfr_tmp))
+  for row in reader:
+    if not row[0] in domains: 
+      domains[row[0]] = []
+    domains[row[0]] += row[1:]
+  print ("...finished with [%d] domains" %reader.line_num)
+  os.unlink(gxfr_tmp)
+if bxfr_enabled:
+  bxfr_tmp = tempfile.NamedTemporaryFile(delete=False).name
+  print ("Starting bxfr, this may take some time")
+  p = Popen(["/usr/bin/python",BXFR,DOMAIN,"-q","3","--csv",bxfr_tmp],stdout=silent,stderr=silent)
+  p.wait()
+  reader = csv.reader(open(bxfr_tmp))
+  for row in reader:
+    if not row[0] in domains: 
+      domains[row[0]] = []
+    domains[row[0]] += row[1:]
+  print ("...finished with [%d] domains" %reader.line_num)
+  os.unlink(bxfr_tmp)
+
+print "found %d subdomain(s)" % len(domains)
+num = 1
+for dom in domains:
+  domains[dom] = set(domains[dom])
+  print "[%d/%d]" % (num,len(domains)),dom,":",", ".join(domains[dom])
+  num = num + 1
diff --git a/Reaktor/repos/dnsrecon b/Reaktor/repos/dnsrecon
new file mode 160000
+Subproject 31de30e4f6674585676c841c5612a330c22de94
diff --git a/Reaktor/repos/gxfr b/Reaktor/repos/gxfr
new file mode 160000
+Subproject 4606858e7814189c527ba912e1d8575248f719d
diff --git a/Reaktor/repos/revip/revip b/Reaktor/repos/revip/revip
new file mode 100755
index 00000000..d6acd669
--- /dev/null
+++ b/Reaktor/repos/revip/revip
@@ -0,0 +1,48 @@
+#!/usr/bin/python
+# fork from darkb0t v0.4
+# modularized and extended 
+import sys
+import os
+import json
+import socket
+import httplib
+from urlparse import urlparse
+try:
+  target = sys.argv[1]
+except:
+  print "Usage: %s [target]" % sys.argv[0]
+  exit(0)
+
+print "Reverse IP Search"
+print "Target: ",target
+try:
+  hostname,aliases,ip = socket.gethostbyname_ex(target)
+  ip = socket.gethostbyname(target)
+except:
+  print "Cannot resolve `%s`!" % target
+  exit (1)
+print "IP: ",ip
+sites = {target : "", hostname : ""} # make entries unique
+for a in aliases:
+  sites[a] = ""
+offset = 0
+appid = os.environ.get("BING_APPID",'7A0B8DA3E913BE5ECB4AF11C7BC398B43000DC1C')
+while offset < 300:
+  url ="/json.aspx?AppId=%s&Query=ip:%s&Sources=Web+RelatedSearch+News+Image+Video&Version=2.2&Market=en-us&Web.Count=50&Web.Offset=%s&Web.Options=DisableQueryAlterations" % (appid,  ip,  offset)
+  conn = httplib.HTTPConnection("api.bing.net")
+  conn.request("GET", url)
+  res = conn.getresponse()
+  doc = json.load(res)
+  try:
+    results = doc["SearchResponse"]["Web"]["Results"]
+    conn.close()
+    for res in results:
+      sites[urlparse(res['Url'])[1]] = ""
+    offset += 50
+  except:
+    break
+print "Total: ", len(sites), " dns name(s)\n"
+num = 1
+for s in sites:
+  print "["+str(num)+"/"+str(len(sites))+"] : "+s
+  num += 1
diff --git a/Reaktor/repos/whatweb b/Reaktor/repos/whatweb
new file mode 160000
+Subproject daab5f21f13024ee8ec47e88f668c5308d6b59d
diff --git a/Reaktor/startup/conf.d/reaktor b/Reaktor/startup/conf.d/reaktor
new file mode 100644
index 00000000..a4f3f8e1
--- /dev/null
+++ b/Reaktor/startup/conf.d/reaktor
@@ -0,0 +1,2 @@
+export target="#krebsco"
+export host="irc.freenode.com"
diff --git a/Reaktor/startup/init.d/reaktor-debian b/Reaktor/startup/init.d/reaktor-debian
new file mode 100755
index 00000000..a94384f4
--- /dev/null
+++ b/Reaktor/startup/init.d/reaktor-debian
@@ -0,0 +1,102 @@
+#!/bin/sh
+# uses template from /etc/init.d/skeleton
+### BEGIN INIT INFO
+# Provides:          reaktor
+# Required-Start:    
+# Required-Stop:     
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: reaktor
+# Description:       starts reaktor daemon
+#                    
+### END INIT INFO
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+NAME=reaktor
+USER=reaktor
+DESC="$NAME daemon"
+DAEMON=/usr/bin/python
+DAEMON_DIR="/krebs/Reaktor/IRC/"
+DAEMON_ARGS="${DAEMON_DIR}/asybot.py"
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+[ -x "$DAEMON" ] || exit 0
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+. /lib/init/vars.sh
+. /lib/lsb/init-functions
+
+do_start()
+{
+  #   0 if daemon has been started
+  #   1 if daemon was already running
+  #   2 if daemon could not be started
+  start-stop-daemon -b -d $DAEMON_DIR/.. -c $USER --start --quiet --make-pidfile --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+          || return 1
+  start-stop-daemon -b -d $DAEMON_DIR/.. -c $USER --start --quiet --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- \
+      $DAEMON_ARGS \
+      || return 2
+}
+
+do_stop()
+{
+  #   0 if daemon has been stopped
+  #   1 if daemon was already stopped
+  #   2 if daemon could not be stopped
+  start-stop-daemon --stop --retry=TERM/30/KILL/5 --pidfile $PIDFILE
+  RETVAL="$?"
+  [ "$RETVAL" = 2 ] && return 2
+  rm -f $PIDFILE
+  return "$RETVAL"
+}
+
+do_reload() {
+  start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE
+  return 0
+}
+
+case "$1" in
+  start)
+  [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+  do_start
+  case "$?" in
+      0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+      2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+  esac
+  ;;
+  stop)
+  [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+  do_stop
+  case "$?" in
+      0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+      2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+  esac
+  ;;
+  status)
+       status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+       ;;
+  restart|force-reload)
+  log_daemon_msg "Restarting $DESC" "$NAME"
+  do_stop
+  case "$?" in
+    0|1)
+      do_start
+      case "$?" in
+          0) log_end_msg 0 ;;
+          1) log_end_msg 1 ;;
+          *) log_end_msg 1 ;;
+      esac
+      ;;
+    *)
+      # Failed to stop
+      log_end_msg 1
+      ;;
+  esac
+  ;;
+  *)
+  echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+  exit 3
+  ;;
+esac
+
+:
diff --git a/Reaktor/startup/supervisor/Reaktor.conf b/Reaktor/startup/supervisor/Reaktor.conf
new file mode 100644
index 00000000..497066e9
--- /dev/null
+++ b/Reaktor/startup/supervisor/Reaktor.conf
@@ -0,0 +1,6 @@
+[program:Reaktor]
+command=/usr/bin/python2.6 IRC/asybot.py
+environment=host='irc.freenode.net',target='#krebsco' 
+redirect_stderr=true
+user=reaktor
+directory=/krebs/Reaktor
diff --git a/cholerab/bling/assets/krebsplug_0.23.png b/cholerab/bling/assets/krebsplug_0.23.png
new file mode 100644
index 00000000..d5cf03d4
--- /dev/null
+++ b/cholerab/bling/assets/krebsplug_0.23.png
diff --git a/god/overlord/index b/god/overlord/index
index ef0aebb3..d9cae0c2 100755
--- a/god/overlord/index
+++ b/god/overlord/index
@@ -17,7 +17,7 @@ streams/streams stop
 
 amixer -q -c 0 -D hw:0 sset Front $max%
 mplayer god/overlord/announce.mp3 >/dev/null
-espeak -v de -s 120 -a 900 "$*"
+../../util/bin/naturalvoices2.sh "$*"
 
 # fade-in streams
 streams/streams start
diff --git a/god/soundboard/README b/god/soundboard/README
new file mode 100644
index 00000000..8fbb8947
--- /dev/null
+++ b/god/soundboard/README
@@ -0,0 +1,5 @@
+# Soundboard 
+The basic idea is to use a joystick or gamepad to trigger actions
+
+# config.json
+currently there is only one joystick supported, as well as one pad and buttons
diff --git a/god/soundboard/config.json b/god/soundboard/config.json
new file mode 100644
index 00000000..dbdeb5cb
--- /dev/null
+++ b/god/soundboard/config.json
@@ -0,0 +1,13 @@
+{
+  "direction" : {
+    "up" : "echo pushed up",
+    "down" : "echo pushed down",
+    "left" : "echo pushed left",
+    "right" : "echo pushed right"
+  },
+  "button" : {
+    "1" : "echo 'fuck yeah 1'",
+    "2" : "echo 'fuck jeah 2'",
+    "8" : "echo 'fuck jeah 8'"
+  }
+}
diff --git a/god/soundboard/sound.py b/god/soundboard/sound.py
new file mode 100644
index 00000000..f6564db0
--- /dev/null
+++ b/god/soundboard/sound.py
@@ -0,0 +1,46 @@
+import pygame
+import os
+from pygame import locals
+import json
+CFG_FILE = "config.json"
+cfg = json.load(open(CFG_FILE))
+
+pygame.init()
+pygame.joystick.init()
+try:
+    j = pygame.joystick.Joystick(0)
+    j.init()
+    print 'Enabled joystick: ' + j.get_name()
+except pygame.error:
+    print 'no joystick found.'
+
+
+while 1:
+    for e in pygame.event.get():
+        #print 'event : ' + str(e.type)
+        #print 'data  : ' + str(e.dict)
+        if e.type == pygame.locals.JOYAXISMOTION:
+            x, y = j.get_axis(0), j.get_axis(1)
+            if (x > 0):
+                direction = "right"
+            elif(x < 0):
+                direction = "left"
+            if (y > 0):
+                direction = "up"
+            elif(y < 0):
+                direction = "down"
+            if (y == x == 0):
+                pass
+            else:
+                try:
+                    os.system(cfg["direction"][direction])
+                except Exception as balls:
+                    print "direction not defined?", balls
+
+        elif e.type == pygame.locals.JOYBUTTONDOWN:
+            try:
+                os.system(cfg["button"][str(e.button)])
+            except Exception as balls:
+                print "button not defined: ", balls
+        #elif e.type == pygame.locals.JOYBUTTONUP:
+        #    print 'button up', e.joy, e.button
diff --git a/infest/bootstrap.sh b/infest/bootstrap.sh
index c434a4fe..723e78f0 100644
--- a/infest/bootstrap.sh
+++ b/infest/bootstrap.sh
@@ -1,23 +1,31 @@
 #!/bin/sh
-set -x
+set -euf
+# Can be overwritten before install
+KREBSDIR=${KREBSDIR:-/krebs}
 [ "`id -u`" -eq "0" ] || { echo "you need to be root!"; exit 1;} || exit 1
 
-[ -e '/usr/bin/git' ] || \
-apt-get install -y git-core || \
-yum install git || \
-opkg install git || \
-pacman -Sy git || \
-{ echo "please install git!"; exit 1;} || exit 1
 
-[ -e '/krebs' ] || git clone git://github.com/krebscode/painload.git /krebs \
-|| { echo "cloning failed :(" ; exit 1; } || exit 1
+# brute force install git, krebs style
+command -v git || \
+    apt-get install -y git-core || \
+    yum install git || \
+    opkg install git || \
+    ipkg install git || \
+    pacman -Sy git || \
+    { echo "please install git manually!"; exit 1;} || exit 1
 
-cd /krebs || { echo "cannot change into /krebs folder:(" ; exit 1; } || exit 1
+[ -e "$KREBSDIR" ] || git clone https://github.com/krebscode/painload.git "$KREBSDIR" \
+    || { echo "cloning failed :(" ; exit 1; } || exit 1
 
-#read -n1 -p "infest now? [yN]"
+cd $KREBSDIR || { echo "cannot change into $KREBSDIR folder:(" ; exit 1; } || exit 1
 
-#[[ $REPLY = [yY] ]] && make infest 
-#echo $REPLY
-echo "do 'make infest' in /krebs"
-echo "have a nice day"
 
+
+PATH=$PATH:$KREBSDIR/punani/bin
+
+# install the rest
+punani install make
+
+
+echo "do 'make infest' in $KREBSDIR"
+echo "have a nice day"
diff --git a/oncology/bin/krebshostup b/oncology/bin/krebshostup
deleted file mode 100755
index 65ccae12..00000000
--- a/oncology/bin/krebshostup
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-nmap -sP 42.0.0.0/8 -T5| grep "Host is up" | wc -l
diff --git a/ovh/README b/ovh/README
index 43020fd9..8e1fe24a 100644
--- a/ovh/README
+++ b/ovh/README
@@ -15,8 +15,12 @@ export PATH="$PWD/bin${PATH+:$PATH}"
 export KREBS_OVH_USER=...
 export KREBS_OVH_PASS=...
 
-zoneExport > /tmp/foo
-$EDITOR /tmp/foo
-zoneImport < /tmp/foo
+
+zoneEntryAdd "krebsco.de" "subdomain" "A" "a.b.c.d."
+
+# ZoneExport Broken since 2012-07-16
+# zoneExport > /tmp/foo
+# $EDITOR /tmp/foo
+# zoneImport < /tmp/foo
 
 # Have a nice day!^_^
diff --git a/ovh/soapi/Makefile b/ovh/soapi/Makefile
index 8cc257ea..15ef8f3f 100644
--- a/ovh/soapi/Makefile
+++ b/ovh/soapi/Makefile
@@ -21,5 +21,5 @@ src/SOAPpy: src
 src/SOAPpy/build/lib/SOAPpy: src/SOAPpy
 	cd $< && python setup.py build
 
-SOAPpy: src/SOAPpy/build/lib/SOAPpy
+SOAPpy: src/SOAPpy/build/lib.linux-x86_64-2.6/SOAPpy
 	ln -snf $<
diff --git a/ovh/soapi/zoneEntryAdd b/ovh/soapi/zoneEntryAdd
index bf1f4a92..20ecd1fd 100755
--- a/ovh/soapi/zoneEntryAdd
+++ b/ovh/soapi/zoneEntryAdd
@@ -20,14 +20,14 @@ soap = WSDL.Proxy(wsdl)
 
 username = environ['KREBS_OVH_USER']
 password = environ['KREBS_OVH_PASS']
-domain = argv[2]
-subdomain = argv[3]
-fieldtype = argv[4]
-target = argv[5]
+domain = argv[1]
+subdomain = argv[2] if argv[2] is not " " else ""
+fieldtype = argv[3]
+target = argv[4]
 
 session = soap.login(username, password, 'de', 0)
 
-result = soap.zoneEntryAdd(session, domain, subdomain, fieldtype, target)
+result = soap.zoneEntryAdd(session, domain, subdomain, fieldtype, target,1)
 print dumps(result, sort_keys=True, indent=2, default=default)
 
 soap.logout(session)
diff --git a/punani/Makefile b/punani/Makefile
index 26057d00..f444b1fc 100644
--- a/punani/Makefile
+++ b/punani/Makefile
@@ -1,5 +1,9 @@
 
 install: ../bin/punani
-
+	
 ../bin/punani:
 	ln -snvf ../punani/bin/punani ../bin/punani
+debian:
+	useradd punani||:
+	cp autostart/punani-debian /etc/init.d/punani
+	update-rc.d punani defaults
diff --git a/punani/autostart/punani-debian b/punani/autostart/punani-debian
new file mode 100755
index 00000000..53db0336
--- /dev/null
+++ b/punani/autostart/punani-debian
@@ -0,0 +1,102 @@
+#!/bin/sh
+# uses template from /etc/init.d/skeleton
+### BEGIN INIT INFO
+# Provides:          punani
+# Required-Start:    
+# Required-Stop:     
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: punani
+# Description:       starts punani daemon
+#                    
+### END INIT INFO
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+NAME=punani
+USER=punani
+DESC="$NAME daemon"
+DAEMON=/usr/bin/python
+DAEMON_DIR="/krebs/punani"
+DAEMON_ARGS="${DAEMON_DIR}/index.py"
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+[ -x "$DAEMON" ] || exit 0
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+. /lib/init/vars.sh
+. /lib/lsb/init-functions
+
+do_start()
+{
+  #   0 if daemon has been started
+  #   1 if daemon was already running
+  #   2 if daemon could not be started
+  start-stop-daemon -b -d $DAEMON_DIR -c $USER --start --quiet --make-pidfile --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+          || return 1
+  start-stop-daemon -b -d $DAEMON_DIR -c $USER --start --quiet --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- \
+      $DAEMON_ARGS \
+      || return 2
+}
+
+do_stop()
+{
+  #   0 if daemon has been stopped
+  #   1 if daemon was already stopped
+  #   2 if daemon could not be stopped
+  start-stop-daemon --stop --retry=TERM/30/KILL/5 --pidfile $PIDFILE
+  RETVAL="$?"
+  [ "$RETVAL" = 2 ] && return 2
+  rm -f $PIDFILE
+  return "$RETVAL"
+}
+
+do_reload() {
+  start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE
+  return 0
+}
+
+case "$1" in
+  start)
+  [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+  do_start
+  case "$?" in
+      0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+      2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+  esac
+  ;;
+  stop)
+  [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+  do_stop
+  case "$?" in
+      0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+      2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+  esac
+  ;;
+  status)
+       status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+       ;;
+  restart|force-reload)
+  log_daemon_msg "Restarting $DESC" "$NAME"
+  do_stop
+  case "$?" in
+    0|1)
+      do_start
+      case "$?" in
+          0) log_end_msg 0 ;;
+          1) log_end_msg 1 ;;
+          *) log_end_msg 1 ;;
+      esac
+      ;;
+    *)
+      # Failed to stop
+      log_end_msg 1
+      ;;
+  esac
+  ;;
+  *)
+  echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+  exit 3
+  ;;
+esac
+
+:
diff --git a/punani/bin/punani b/punani/bin/punani
index 97c7ac85..23ba5e00 100755
--- a/punani/bin/punani
+++ b/punani/bin/punani
@@ -8,26 +8,28 @@ PKGS="$*"
 ## find package manager
 if ! :; then : # dummy case, so the rest has a common format
 
-elif for PACKER_CMD in yum
+elif for PACKER_CMD in aptitude apt-get
     do type $PACKER_CMD 2>/dev/null 1>&2 && break; done; then
   INSTALL_PARAM='-y install'
   REMOVE_PARAM='-y remove'
 
-elif for PACKER_CMD in brew
-    do type $PACKER_CMD 2>/dev/null 1>&2 && break; done; then
-  INSTALL_PARAM='install'
-  REMOVE_PARAM='remove'
-
 elif for PACKER_CMD in bauerbill packer yaourt pacman
     do type $PACKER_CMD 2>/dev/null 1>&2 && break; done; then
   INSTALL_PARAM='--noconfirm -S --needed'
   REMOVE_PARAM='-Rcs'
 
-elif for PACKER_CMD in aptitude apt-get
+elif for PACKER_CMD in yum
     do type $PACKER_CMD 2>/dev/null 1>&2 && break; done; then
   INSTALL_PARAM='-y install'
   REMOVE_PARAM='-y remove'
 
+elif for PACKER_CMD in brew
+    do type $PACKER_CMD 2>/dev/null 1>&2 && break; done; then
+  INSTALL_PARAM='install'
+  REMOVE_PARAM='remove'
+
+
+
 else
   echo "Error 2: no known package manager found; no punani for you!" >&2
   exit 23
diff --git a/retiolum/Makefile b/retiolum/Makefile
index cd0a543c..a8ae0973 100644
--- a/retiolum/Makefile
+++ b/retiolum/Makefile
@@ -5,25 +5,27 @@ EXES := update_tinc_hosts fillxx update-retiolum-hosts
 all: update links 
 
 links:
-	for x in $(EXES); do ln -vsnf ../retiolum/bin/$$x ../bin; done
+	for x in $(EXES); do ln -snf ../retiolum/bin/$$x ../bin; done
 
 
 install: upgrade
-	../punani/bin/punani tinc python
+	../punani/bin/punani install tinc python
 	scripts/tinc_setup/install.sh
-	cp scripts/tinc_setup/tinc-up /etc/tinc/retiolum/tinc-up
-	scripts/autostart/create-startup.sh
+	sudo cp scripts/tinc_setup/tinc-up /etc/tinc/retiolum/tinc-up
 
 upgrade: update
 	if ! diff -u scripts/tinc_setup/tinc-up /etc/tinc/retiolum/tinc-up; then \
 		sudo cp scripts/tinc_setup/tinc-up /etc/tinc/retiolum/tinc-up; \
-		sudo bin/restart-tincd; \
+		sudo bin/restart-tincd || :; \
 	fi
 
 update: hosts
-	bin/update_tinc_hosts "create magic" || true
+	bin/update_tinc_hosts "create magic" || :;
 	bin/update_tinc_hosts restart
 	sudo pkill -HUP tincd || :; 
 
+startup:
+	scripts/autostart/create-startup.sh
+
 hosts:
-	bin/update-retiolum-hosts || true
+	bin/update-retiolum-hosts || :;
diff --git a/retiolum/bin/update-retiolum-hosts b/retiolum/bin/update-retiolum-hosts
index 1fecfe15..2a379459 100755
--- a/retiolum/bin/update-retiolum-hosts
+++ b/retiolum/bin/update-retiolum-hosts
@@ -10,7 +10,7 @@ fi
 # cd //retiolum
 cd $(dirname $(readlink -f $0))/..
 
-mkdir -v -p /etc/tinc/retiolum/hosts
+mkdir -p /etc/tinc/retiolum/hosts
 cp -v -r hosts/* /etc/tinc/retiolum/hosts
 pkill -HUP tincd
 pkill -ALRM tincd
diff --git a/retiolum/bin/update_tinc_hosts b/retiolum/bin/update_tinc_hosts
index b3529a7f..7be30c2a 100755
--- a/retiolum/bin/update_tinc_hosts
+++ b/retiolum/bin/update_tinc_hosts
@@ -17,7 +17,7 @@ es='# END OF RETIOLUM'
 
 case "${*-I am made of stupid}" in
   (start|restart)
-      hosts | grep -P "^(10|42)" | $0 replace magic
+      hosts | egrep  "^(10|42)" | $0 replace magic
     ;;
   (stop)
     $0 clear magic
diff --git a/retiolum/hosts/Shepherd b/retiolum/hosts/Shepherd
index 1477b3f6..875f62e2 100644
--- a/retiolum/hosts/Shepherd
+++ b/retiolum/hosts/Shepherd
@@ -1,10 +1,11 @@
-Subnet = 10.243.0.145
-Subnet = 42:0f19:8a1e:7865:721b:2378:beef:1158/128
+Subnet = 10.243.0.133
+Subnet = 42:2be0:92f5:3546:5f0f:8f22:6244:25f4/128
+
 -----BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsW0Pbgvl+hATKqQR6H4yPg1kphMsxrXvh/CMQY8dXVVD2mDWBHaL
-Y/yXCanDxyYRGu80SVwdIUWQIwjGD0SiESRGqABl2qPsD1uIbbqI5SlSwzb8UrJk
-+oCszLxZrhD14HWTjAduQ5GcBNZ8Ht133rR07s+XRAYcKJOMauod3yD3g3IfZw6L
-/MAQ8GSptSa+JPm5Kk1/QBZi8oH0aIseaVH9b6l8+P27LwxdwJG+S/82iKOUvszw
-qocqNbKJ0iySs3ZPZTDpKa/MPAN9H/m/OqM66w6IG4iwIttqix5mET+kM2TUaH29
-tApWA1ChYy61aKBykdcT+IbJHl/0unOU6QIDAQAB
+MIIBCgKCAQEAwkkmkhGMnI0x5VIgdLwV2SvXO9Bw3Sy1U5AToZiG2dSB+OiwwLir
+JIrTHv4r73lMLROJjQhznq06VMmNviC82178H7/DZqgSqlGU7d9p1Okd5XCs6LI3
+eaL5mYTXFuA+PMHVvYqQ5fDQRQ4KoWmlSV65XUPejPlxtl3FXqOSHVuuBSbka+St
+qLyWLAh9d8AfWjxbAIv41fl6WOyw2IuDc05K36aT/TwzA3ykl+ekNObAjvpI0cxI
++d3j8H8JY5jDcg1hvWT06JqpUcTJRkWLL7BBdQvWySaBcET1Flfo8eYVqVQDK4kU
+XV/tA1ax7YPFBQ7Lh3Ru9nEC45Gv6R4HbwIDAQAB
 -----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/ThinkArmageddon b/retiolum/hosts/ThinkArmageddon
index cec62e11..e51e1c92 100644
--- a/retiolum/hosts/ThinkArmageddon
+++ b/retiolum/hosts/ThinkArmageddon
@@ -1,4 +1,4 @@
-Subnet = 10.243.0.137
+Subnet = 10.243.0.137/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEA1EAiyBWICkyB1zHE31fHSbGR1nJJmXSfnrqm9yXRZSGweIKrbsof
 QVcRzM4vsFBRUMBeKW7fzlGcvgXULFRnGelvEl4GRiBMO9odBlBI3t8CjZW7X2N7
diff --git a/retiolum/hosts/albi7 b/retiolum/hosts/albi7
new file mode 100644
index 00000000..0a21107e
--- /dev/null
+++ b/retiolum/hosts/albi7
@@ -0,0 +1,10 @@
+Subnet = 10.243.0.7/32
+Subnet = 42:6c61:6962:6137:626c:3769:000a/128
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA+SwdWv1anjIaKSnvel9d23tgqye5RguIVfgMnjpMsqOYpFklLIa8
+4wREhVvpiArnIsoTXbKzdeCFgaAbMS6aQ701Pyv7QriVy8m3iUlgqvB/znogxN8U
+z1fqL0jAHLkQkoyZ2a6mUgHpByvUqZNcq6istYLwGnXO3JQrS7U54hHPpXbxwFY5
+0/Wli9OueG4fWaZ9skDa2Faq4c/Lngku+Iv1gBBgII1EDSsgedNWw3YBTmHDFNTZ
+SsORj2ho5nQgdvw42qEINbxpU01jK8XB+jmVEO+ixZZCsWlOeCjl9Zym4MZDRePg
+euTLTbgs/809ElM8V+EzRKSPNR2k6FrBXwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/also b/retiolum/hosts/also
index 42d54ae2..59a251a7 100644
--- a/retiolum/hosts/also
+++ b/retiolum/hosts/also
@@ -1,6 +1,7 @@
 Subnet = 42:9c90:a590:e88a:52cf:126f:b710:1a9c/128
 Subnet = 23.42.0.1/16
-Subnet = 42.84.79.215/32
+Subnet = 10.243.0.50/32
+Compression = 9
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAsnF1eyd/R4qXMGo8UEZ98hnJK+6ZEKUubgdzEwAuSxK40B6nX8Ry
 Euy3v3s0ps/GMdE52gUbFB+bhM99hHiKW+7zcxnoMJ69a9yK6VG0Im+7ib0WTliZ
diff --git a/retiolum/hosts/armageddon421_de b/retiolum/hosts/armageddon421_de
deleted file mode 100644
index 13a2c946..00000000
--- a/retiolum/hosts/armageddon421_de
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = armageddon421.de
-Port = 1655
-Subnet = 42.233.216.106/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqBfXS402JOadodsFB4a/aX/eBkuQxPHjEPpW7QBueEPbCHBAyPnT
-GzpC9tJSfkaUfI5pL+kE5vCXqVuLErlJtESENI0FvtfFGHm/KxRwX6QEAiZZT0d0
-C331udvRwqDrjY3HVMcQo7ppcaRHTGNldIATZVVLvm8V8zJ28L/FIioGysNYFuLb
-8V5ZVTFpXwUfeJOAbmz0CHB/hiQliP0CR/Y7sZ0dX9/DAg13z2iZc2HA65N1AqZc
-L6knsC7DnzjY48d5BhbZXqcCybecx3s4igLuDZjoyHOyAtbR1QueDF/CRVnYsqSs
-YItynNjtN9TEEvCG1klvCV7hyM8t2ecpwQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/bergwerk b/retiolum/hosts/bergwerk
index 43f6c1ba..89aa7ca5 100644
--- a/retiolum/hosts/bergwerk
+++ b/retiolum/hosts/bergwerk
@@ -1,5 +1,6 @@
 Subnet = 42:a7ff:3577:0526:3986:650f:c175:30a5/128
-Subnet = 42.246.229.109/32
+Subnet = 10.243.0.51/32
+Compression = 9
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAuCX8FVI6xQepPf0goaErA35grHcBNbYvzKIXzEIOEuxiVLX4FXoY
 aHdUaz9Z2/rECuDQCVzke3TLZgBn9ai7ruT5U077h0q69pS/vI/Hr2e3s50tQVcu
diff --git a/retiolum/hosts/box b/retiolum/hosts/box
new file mode 100644
index 00000000..e02f8ca6
--- /dev/null
+++ b/retiolum/hosts/box
@@ -0,0 +1,10 @@
+Subnet = 10.243.43.43
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvUMfRZOPb/zKvALZTyxKQuzowqqJ/HW2lm/RIOKL2uoTUgVX1DJB
+fCLf66e2fHnjnStXuaMDNs1kq2gi4EyK5Q50RxVBq7XayXYqfnFwzTE+Iqape542
+vYSWKLdrxljln8a2EYU7njtcWkTpW+cJIwSHEUkDLAowF87ElQ0gBmyX4p107pow
+jg7zcYierVdQXkI7mO4g2zWsywfhwscbu5hdCp1Fw3wHFDatgyhPj1pJruKe+O3c
+AebF5yQOAsCxAk8ZcwGLmmF5xK7lAeux2Qzu1B4Pkfxi97g1GVLnX+so7PR+vvkQ
++OMzQGIWXtaOqov5q2O1N5RJzng/kCjC/QIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/chinaman b/retiolum/hosts/chinaman
deleted file mode 100644
index 22f64b02..00000000
--- a/retiolum/hosts/chinaman
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:5a1d:f491:9e47:c4cd:175f:bd87:6da5/128
-Subnet = 42.207.40.226/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwQWG4shbMq2Y2s2GH05DSR9God0ppslCgXLpM8I+L+khpF8JL83z
-KdevKDl0mA4iVnSgqWKVUDCK5IN29wQAlPDiNvBir98vxTeuckvdeTZat0rr0O7t
-o4MBMfZ0yXBxruu2/TjCyAkE/VN3h7tfzBh9HUQyVFWjaEhh8v2kOmGLt1UT3hKr
-KdFFtCvbIAeHa6axiQvX0kmVZY8n2XK/1pPHSuxkKWUvum1jMplIQ6NewjeTbaan
-6hNFcMFwbB333Wan1EKP3D7N/oniGspoyLXdO4Q/AXmfwMJvHdLZri4uLFMdOB/e
-n2jo/GTcm7kzUW/IibqyeBvJ6xuTaQXb7QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/destroy b/retiolum/hosts/destroy
index 9f624c6f..8b5f7f5a 100644
--- a/retiolum/hosts/destroy
+++ b/retiolum/hosts/destroy
@@ -1,5 +1,6 @@
 Subnet = 42:9277:1f1e:7599:ae4b:7cca:b4a3:fe47/128
-Subnet = 42.24.21.32/32
+Subnet = 10.243.0.31/32
+Compression = 9
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAofIF/j4ddJEG0sOJJNp6hVXqLpj9FPw6a1vLLqZsn/NuZi3QCZ/w
 xj1nIsQbc1TnPLluHhpn5kuvzb0lThqmPJvX2uXnbq7WH6OvRyN/FV/Gn40txdni
diff --git a/retiolum/hosts/eigenserv b/retiolum/hosts/eigenserv
index ff61b3f6..f5966794 100644
--- a/retiolum/hosts/eigenserv
+++ b/retiolum/hosts/eigenserv
@@ -1,5 +1,6 @@
 Subnet = 42:c9d8:ab9e:c7fe:43ff:0268:f862:42f7/128
-Subnet = 42.136.75.187/32
+Subnet = 10.243.0.32/32
+Compression = 9
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAyy060LWeo6Z+Kp2h5LtyMx+KGdxL9/WjWfc1yf/YZ8lhZutNb+Kd
 u9AHbnrqTRWRslP+toNiC55aJ/KlTBFQA5nBu2DC1KdG71AX5th7bRvUMfEAEG1+
diff --git a/retiolum/hosts/euer b/retiolum/hosts/euer
index 6e965f83..8a38150f 100644
--- a/retiolum/hosts/euer
+++ b/retiolum/hosts/euer
@@ -1,6 +1,6 @@
 Address = 84.23.67.119
 Subnet = 42:974a:3ecf:3c49:06c0:4cd1:3c6f:59d9/128
-Subnet = 10.243.0.95
+Subnet = 10.243.0.95/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEArx2mZOPEfS8fvmQYSzWuMmNtfposJlctDfGVmhMVotaFIpIBcKuL
 dHZHI8BAStaM++DuqKv/QBjk9jF6BRAdZqHn98LHXR+VRJmFvgelEFe0uPvIRMe2
diff --git a/retiolum/hosts/filebitch b/retiolum/hosts/filebitch
index 523ff7ff..d23f98f2 100644
--- a/retiolum/hosts/filebitch
+++ b/retiolum/hosts/filebitch
@@ -1,5 +1,5 @@
 Subnet = 42:0356:a364:cc79:4c96:2c7c:13fc:0c5b/128
-Subnet = 10.143.131.98/32
+Subnet = 10.243.131.98/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAoqTUa54dkplzU6IqWdvCiGM8FLpZ6X6AmgGgl5r9RZ+Af08iy4Js
 FPdco+1Lj5OthXJnd5Xx8cO5qQx5CRzUN59ec8o0jxQOBZ5EpuN42RLMmQNBJWm7
diff --git a/retiolum/hosts/fuerkrebs b/retiolum/hosts/fuerkrebs
index 7e7713cc..35bbcf18 100644
--- a/retiolum/hosts/fuerkrebs
+++ b/retiolum/hosts/fuerkrebs
@@ -1,5 +1,5 @@
 Subnet = 42:0f19:8a1e:7865:721b:2378:bef7:1159/128
-Subnet = 10.243.0.144
+Subnet = 10.243.0.144/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEA1HoKqh7HvXCKybe2FNBI/wuOvkZuftL0/DDZfZtPlCRtdcOA4XFj
 hQng5+VE3NG0yKcRs59U8iHSeN9b7Is1YF4q0RtM9YQTDhvS/vfpHDq42ftjMs/e
diff --git a/retiolum/hosts/iiso b/retiolum/hosts/iiso
index 63711f9e..3700cec5 100644
--- a/retiolum/hosts/iiso
+++ b/retiolum/hosts/iiso
@@ -1,5 +1,6 @@
 Subnet = 42:b2cd:6c75:d528:e736:ec4e:fc39:8bdc/128
-Subnet = 42.251.230.3/32
+Subnet = 10.243.0.37/32
+Compression = 9
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAvsjBR0FUkjiNNLhz3AArosLqEiLZY7O8L6LorfUplD/IjG9P7XXx
 ry4gbKEH57GPn11IOPP1AKQcz7SfW7EwvUS8U1IZgkQq8BuuD3oGBQxOqwnOwzVN
diff --git a/retiolum/hosts/incept b/retiolum/hosts/incept
new file mode 100644
index 00000000..3c740768
--- /dev/null
+++ b/retiolum/hosts/incept
@@ -0,0 +1,12 @@
+Address = 77.95.224.63
+Address = 2a00:7b80:3008:3::fafc:241
+Subnet = 10.243.0.174
+Subnet = 42:a2fc:1c89:65c7:6e60:1f62:eaf9:e9b6/128
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvy4J8CewsXeFkFOLqDwiTN+3fF0yjmP5ZVtrLrPJn7Ux75elTdn3
+iLcJYTgaO1/dmw8fPD5DkNnb3wiadZiFGXpsTd1jD69mHcn/6RY/0Fcne9qDiqgp
+vafpUD5UP7/7S+l5kkD6n7HVRblLXJIJk6Z8RCRN8OGyfjMM1IKeoR8kR1+85fpf
+C28fnU3Nz3YJDazOaMD7aGiyGZDRyY+wRjbWtMXE/NH8ydN148ZpFaMvBjM7fl/B
+q8XS5Rs9lFlW2jpex+W2DNq5t4QRMUDrLgD0gug0UiYCYw4IJg7OiI3g6vwjSDtq
+hRxpQ4nq3avmTR/NWzZ97PP4eXTCIQhiQQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/karthus b/retiolum/hosts/karthus
new file mode 100644
index 00000000..dfb94799
--- /dev/null
+++ b/retiolum/hosts/karthus
@@ -0,0 +1,11 @@
+Subnet = 42:42:42:42:23:23:23:23
+Subnet = 10.243.42.13
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAnkVbRU5o5sPcKpN70p1djpmAnEg0YcHY+KPdR7R8sxLaq4V6e0qq
+1TeUk3e4Eua3f6rT0AQGhNMmr6e7F4CmYFtNMV3ZV2wiOs6FRUURE6HvZCtytDss
+/zkqiHkLIS97PXXnwIFXbrJlW6prS9YGior703vCX+bmf0aLIHbqExOGNGzxk6FH
+DXtYo3Qt++h9RV/AQfOruXyiui3dbVsiUVa4a/jVFQCIrYTZtDg2LQIAkkwQmQYw
+4iXP3vohtjLy/ELNRbf56zqH7qJIVgIXLCEAQ5l1NTHSw902mT+F2xXuzpnGi7iT
+QYtk5OSADlIz9hM9Syo4G7j/bRV0lJWiCwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/krebsbitch b/retiolum/hosts/krebsbitch
deleted file mode 100644
index a776368a..00000000
--- a/retiolum/hosts/krebsbitch
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0398:5d7c:06c6:9978:4383:154b:3564/128
-Subnet = 42.35.192.96/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuSPMGAVr8vLstf/4KnkFreYPhZGxmpE0IWaPIi39vz7d5Y8aE07R
-DslQNV51X6YZ0qwfu1axfgn8cd679N9+X6fVxCV22ICPq9Rv6tCU4K//b08mIgxv
-75D7RdWjPa3XbJiayK3SN8HuvcSo2cDXuvpG3D0yM5Cpjwu+40UZCVtSM7bZMY4M
-E3urXJfdPZMh5Ajst4B/s5PymaiiUadvRnbVXjWCbtWIySHgg+Rg4Ww/47Sml1MJ
-0DFEYb3RIsAW3sBsbfs54cF4jgO8YT2Pd0kIq4xey+/S14E6F6qxWizGwC2ZSF/o
-qSbE1GJ2HlwhCt+cIr0g6s9s6QtzaLE36wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/krebsbob b/retiolum/hosts/krebsbob
deleted file mode 100644
index cd01e5a4..00000000
--- a/retiolum/hosts/krebsbob
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = krebsbob.no.de
-Port = 1655
-Subnet = 42.195.17.113/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwF9uuth4ffpvSVd8gre70Mu6kmEQdnjlBnNu/25IPEtZIRW/nVJW
-dOMUcKdHOX8oqLhixoJ81xUmas+nPMbo6qyoPHDwMsQP4/ShvnNiTmmxHjAL3ac6
-zMSf7upnYCgY/4Btb4hIHGFEWDxkoT6PrSUCykx9TASLat8jvalOHAbbS9EjD4Fw
-WXJvoJIRCggeMggkJbiWHdKozE4ra0EUVPaVO1FJLVsmiH7q7KuF/MQwly125Mo0
-Mg3XRhEMNe7mpiTznRxwA/w8h8DRPi8Qp1cfg9vgh5bKvPMDwTWhGVEKUlWDyiob
-7LR/O3rM8qkOWI4nx5GhtxdaCt0V9tPebwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/krebsnode b/retiolum/hosts/krebsnode
deleted file mode 100644
index 187fee86..00000000
--- a/retiolum/hosts/krebsnode
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = krebs.no.de
-Port = 1655
-Subnet = 42.18.77.65/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA8V86UoV5Eu3qWyXvMSfNG/OLHu9rOREwf+aNSRlpf0zGuHtH8Hzl
-AJrfDe7ucKnn4YYhscpZB9Ae/wmQN3JytOzL1o0yxxdtehP8HjLVUCMCvF7Sx2++
-3PdpNMw7iUo08bRH8+8yRuxxJCrL+PJCbvE1/Speu/7jGioT8q+TKSl7f/bD0cSg
-3TmDRG1lHVm/Synbd/aGeuI9CewGs3WukDVC6mmpWT0Q5bCG2YwJRO2kHz3ppUEO
-sOyDfEeNiV6Cs3QF3j9DqQGIVvWrO4BKJoqhQ661UId7vokYRf3gkLSYs2/mkoWR
-gMgBzL5++u4majp3p05wXua3j07eQE9qJQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/krebsplug b/retiolum/hosts/krebsplug
new file mode 100644
index 00000000..ab9c966c
--- /dev/null
+++ b/retiolum/hosts/krebsplug
@@ -0,0 +1,10 @@
+Subnet = 10.243.0.182
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAyd4FnOIEcUDQDudDOhU4wwKT+lqV4RJMfg9QgZC2O3xTGvzsFeRG
+aSMIDMkPzhJ/ggIWAzC+IM2kBv+YCRhu4zOnzWIo5IaC8Me2TZ1JhZ0nZN1YzEGD
+LmBsnngO5L1VnWLYSKRALa5Kv6wQHHz0T6PlsvBQ8SWDG3IKIe/gOFz7eh1Z+ss/
+5XaiYeLMmukEuuilOJZhfDiZPmYOeFI5w7YTM+8Iz/oZRyf8P57pjN21R3feoyTm
+WusgHUuRLRqSUHdYu/E36EyZ9Oc0WPk5yLUhstkPaS1Y35xMEhZfQQpIruQxOst1
+fgiOQg/gKmizzgzdCbfAf13dknkWsqoc0wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/laqueus b/retiolum/hosts/laqueus
new file mode 100644
index 00000000..cf4ecad5
--- /dev/null
+++ b/retiolum/hosts/laqueus
@@ -0,0 +1,11 @@
+Subnet = 42:0:0:0:0:0:0:1a1a/128

+Subnet = 10.243.0.12/32

+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAy9lnH4qDSYeNbpzpcQyq2LzzxkVy2N1vGgKkVttzx0cgMvyRm3aX
+wlacS+3ILBZ3tw+JuCKR9gjRluwKkqoReEINcAam/GbubJ6QBpV54goYm7YGOIuf
+GkbWVk7Kts67KWWhZDzEL30GRv94K6e+m8e7rhnqrTgPyPk3oSwHzvPy1oaf6bTI
+Y/aDQjohFVvQZxF8joKhAE8JrzjKAn8yXmX8VlGW53XBXAb88Ggkr5raMZ24Rcc4
+pdkOc7sFfVImH/ASwkcPi2xX0adlz937lD7rkn5/Q9B9AwsHb1yQKJgWEeYWOQ8C
+F0SzpZiwHz5qB+eg3wMT0ZnvPJKitshyjQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/luminos b/retiolum/hosts/luminos
new file mode 100644
index 00000000..fe04b33d
--- /dev/null
+++ b/retiolum/hosts/luminos
@@ -0,0 +1,11 @@
+Subnet = 42:23:42:23:42:23:42:23
+Subnet = 10.243.42.129
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAuxgY9SfSCyCuTw2bPtC/He2/NZDYQOcGd8+5Bo6h1/h2pU+qKPQB
+0digU617dG2NVMaT0qmzEz86e2avr0PQsyfhmHO8JNOTqwjyQzKcv3iA+B0jU7Gh
+F/PaW+e+0O+a3LO27FCA0uuxEHyWaXqk53a3wKmjo4fuVy1QKOOoiaFaYLaaTgmm
+8OJG+AKWR/ArihpopgAHFjiqB89xWVw5CgxHDwfzVcmI9SOAaEuTfL065XM4uoH/
+LnbtoyT8zN+He1AlaEJMUaWdo8SWfjBFyVrT1zRQ+0S47tlTCW8Neb0KKs+m9d0G
+rAdv6+iFmQzpv76cgYQw2+AkqkUF8Y8xSwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/miefda b/retiolum/hosts/miefda
new file mode 100644
index 00000000..1de261d9
--- /dev/null
+++ b/retiolum/hosts/miefda
@@ -0,0 +1,11 @@
+Subnet = 10.243.0.30
+Subnet = 42:59fd:1f99:d9b4:9fda:dd80:ff61:6497/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAtWySxln5f1ibnguV9FPOGvw15Xn+9HG5qRDv8buu30YGdJ8yaq6L
+LwjZjNJ+fbHx5lNkDcD+qZXGi/jBiIFPOnAlNZwcOSlBtlplLX6/2H2Ix3RTrhUm
+Dh2s0VLGBPZ+tNO4TtR/RyYJVfVYN6BrKhAWGkffeo0bHFIpiAOQyr1bmbFUMs6q
+0SzX987ey3STDVPdiTNHW7ogFS/18QwOcI4eYVoYK6jgPvutNYt5lpP5qRczgCpd
+Ra+cZk9Lx1mbS1jEAhCYDmqmEqlA2p2ceTOHibjOMzOPkkzEcIwntP4iU+26E4aW
+YS4snJDR9bMXk85rY5Huo9jq7z95T788WQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/miefda901 b/retiolum/hosts/miefda901
deleted file mode 100644
index ab25a691..00000000
--- a/retiolum/hosts/miefda901
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0:0:0:0:0:111:efda/128
-Subnet = 42.85.219.211/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApbEYmHf0vEDYa/2aVvWVxEGgC+JJlXcArdxkQooSIpnZfSAfsH0S
-MFz8v7UkM7EJSwDsFWf+gxyoAORdFpdQm+XQoDqWVZ1e0isYtNluP2C/51s3lu2F
-kVLZ+86el7zd4unHG+6CHmyaBcO5yV6VU8WFeuinB2+ojnujOWlHgOipMOrxsab8
-vwcH/0k/iR9BjH9xzo+kwhzqG0plLkQnvsvVyDN/gQj0Euz6YHfgo5c2gxQKKH7h
-Bv6prIxCbpY7WMMtg0z+OlyGkQefVRl18kZwoNtOFlh5NBe7imYcH+wyhhQ9rqnN
-VoHpJw4lNOuWfy3Af28kYDQ7KnPGYFq4nwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/miefdahome b/retiolum/hosts/miefdahome
deleted file mode 100644
index c21ba679..00000000
--- a/retiolum/hosts/miefdahome
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 42.37.203.172/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtKNWDTK92VGAqfkoy+cWscq3Gp3UJv+NldFGny/PZHG7/0zT7Fri
-VDG+XhVkY5lXz2FyRWPsxwZBEQJlnjswx5zpNsjwCS29a4fTw9lnc26KRSXfGW56
-V/ow2xaPF+n6e9aebOf660FfK10RcBsBAJ956UelahiuwTTXqEnnA0zA0tpJWAdU
-KG+jYARZj2kGy+Trr1ud/PUUXoy+pxID0SW0Xj0l1soxkNEPf2kLwBpaQrwI7uxf
-VI+chpR7ZXJOEBj2vevIVOtxX6X9TubEp3WQfiQzOHB1uW8okHI0wEY5zwrozga/
-xAFGktiwuux1pNdcCUyZmvhTKkHS6gyw4wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/minikrebs b/retiolum/hosts/minikrebs
new file mode 100644
index 00000000..ad7278e2
--- /dev/null
+++ b/retiolum/hosts/minikrebs
@@ -0,0 +1,10 @@
+Subnet = 10.243.1.1/32
+Subnet = 42:0:0:0:0:0:1:1/128
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA0fu8F+XJ6hHsIj8QtdSZIhE+Ae2sEIY4dHcnHbCOeHJlOQQDJrme
+frmG65BX4BMcClUyhvvMwlZIerFwsJoEwa39lB3/Y58OwSS9cNCZTShQPbyVy5wo
+oS97tVUyQENMELXgodg7CUNaloVXGOyXgCOkfYOb5CpWi8NXNsSE1CjZc1XZNI2Q
+2dFBzp6FtRcKc5x5xWuUMnw1Ll2upW2uHZWfgRtgv+pzxVTiNvDqACu8Klwj0bls
+B87DEYeUmiC+CioOtyhiQimUGE8lU1aMaqCyfSsqeBEclSvOCnpaEQu4j6aiY8SE
+5Gm+rteYWKfK2LYV2NOg7n9AUR6d0v8P2wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/monitoring b/retiolum/hosts/monitoring
index 8bc6dd16..e51c309d 100644
--- a/retiolum/hosts/monitoring
+++ b/retiolum/hosts/monitoring
@@ -1,5 +1,5 @@
 Subnet = 42:82cb:f60c:6f27:611a:42f8:906c:2c70/128
-Subnet = 42.160.97.250/32
+Subnet = 10.243.97.250/32
 -----BEGIN RSA PUBLIC KEY-----
 MIGJAoGBAMjS8WxgbfJKVGRIFD0Bv+odQ7THNWDIcr1p4riVbOUPxtce+abasYGl
 DOwaejcHP5bF11EAOOvdEtrivZReIZqYbMz5oWHLO6GCJn7nOCZVCW4LnUuNP3u8
diff --git a/retiolum/hosts/pa_sharepoint b/retiolum/hosts/pa_sharepoint
deleted file mode 100644
index dd31362e..00000000
--- a/retiolum/hosts/pa_sharepoint
+++ /dev/null
@@ -1,7 +0,0 @@
-Address = pa-sharepoint.informatik.ba-stuttgart.de
-Subnet = 42.80.54.58/32
------BEGIN RSA PUBLIC KEY-----
-MIGJAoGBAKSle+5vi8j+auGIC41PwFRPdzuyhP/paAEht+9mWpTYYC1meyPDwQR8
-EPNLwj1ccjsAvhubfaDmI3B13cBQx5q1BbTCK81Y5RS1tj384kvAabJAtKsz3aIg
-1hWXjiDJUGNpQhKsD7IIg4lkkDcgOBAbdtXlynCQXdQL+YjLTavBAgMBAAE=
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/pico b/retiolum/hosts/pico
index 83a465a4..8fc732b8 100644
--- a/retiolum/hosts/pico
+++ b/retiolum/hosts/pico
@@ -1,4 +1,5 @@
-Subnet = 42.0.0.42
+Address = pu11.de
+Subnet = 10.243.0.102/32
 Subnet = 42:b103:275c:1723:edc8:b24d:452b:352a/128
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAsbe4wzTOHHLyuPO/AsfDqQHyV41qgs3dqt6uWcDcdiEsUvbCK9Ch
diff --git a/retiolum/hosts/pornocauster b/retiolum/hosts/pornocauster
index 83374198..cc7d8955 100644
--- a/retiolum/hosts/pornocauster
+++ b/retiolum/hosts/pornocauster
@@ -1,5 +1,5 @@
 Subnet = 42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db/128
-Subnet = 10.243.0.91
+Subnet = 10.243.0.91/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
 RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
diff --git a/retiolum/hosts/radiotuxmini b/retiolum/hosts/radiotuxmini
new file mode 100644
index 00000000..96c06931
--- /dev/null
+++ b/retiolum/hosts/radiotuxmini
@@ -0,0 +1,11 @@
+Subnet = 10.243.0.185
+Subnet = 42:5553:9d1f:5e66:ed7f:bbd6:b7fd:51b2/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA3A0wJPSrNGpb3g98iv1EDTk7s9dgUKSHf7rmqrN2IlW9g21pkGEY
+T3EWz5X8mGEQbDw2im9W8Lm7OSnYuRQjNxacq5WMIN3AGpsiGB6KWEXu73lDWDkE
+hL7dxjSWFSQQMUkbjhduxyaibmLLI748w5npYzhAsjICs4MsrBhcL/ER7tCwVyKm
+AEKUBbLd21tVLGM5dapJslKamZ5NxeHY6TBdtbd2AQZ+67EINKt/WEx9Ruw/t57P
+OAa37NhFrjBbRClQQZVOunbh1Sb0EX3Abj4oZczrtAaBfcDQbA7x2LwbqugZH/EN
+i/oa3sCqOLo7ZcYvuvyxaZgWLK3KB2MEQwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/random b/retiolum/hosts/random
new file mode 100644
index 00000000..59a354e9
--- /dev/null
+++ b/retiolum/hosts/random
@@ -0,0 +1,10 @@
+Subnet = 10.243.0.134
+Subnet = 42:725b:abec:0922:09c6:b51e:1a33:b93a/128
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEApgs77ljzQp7I8/9KbqzGjoDdNAA3Bp6dKziIJnHLAIDAHD30yY+o
+UHbRPhaCP9s2M4A39wTDjrakngF75M+0covz4WBIiuGdwZywgVnliRk/9dcnqdZm
+OeCxeRJ0BY3Iy8oMieFaPJW1XgwKYi2p0eSpBeKasBct2xNQwyvh+r+xHBa6NK0P
+vV6rK04OrJu04U/tqklTFMTHGmZfjx1vmuecuPWZlgT39788/5aD9uqg2ldMoenE
+eamrPdU2Vh6qlZc8CyHVy5YZDykbXTauUL5OmW2Om4Qc05pinsNnDXfMTkSSmWpN
+oj6nieBqbp/ExuZ79LC5XxvQcAMQtk7gUwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/senderechner b/retiolum/hosts/senderechner
new file mode 100644
index 00000000..4cce73ca
--- /dev/null
+++ b/retiolum/hosts/senderechner
@@ -0,0 +1,10 @@
+Subnet = 10.243.0.163
+Subnet = 42:b67b:5752:a730:5f28:d80d:6b37:5bda/128
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
+lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
+rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
+inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
+BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
+OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/smove b/retiolum/hosts/smove
new file mode 100644
index 00000000..fc7e194f
--- /dev/null
+++ b/retiolum/hosts/smove
@@ -0,0 +1,9 @@
+Subnet = 10.243.42.42
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAzFFj6yAy2qC4gVrUV5vN6PztulRggkyXIMr2oPmPLuB85uxJE9nI
+9uvsQdbgcmmEM++moPM/ASCEXuu1ikUK1Gl+8C3rv2IxF/zhcrWEJV4e4EvHrBWP
+Xt4hSPyFG3LYpaX1OAWL2zmCvGVDmflWp+YkbBRrkMMEyXg0gZMNx+E7yJiNVYFo
+DZ7p4VSncWsAqk0I1varQpkl7BR6p7QcJlMO403Rh2oQT1bPXskkZsfAyXN8wJTP
+ATiTm5vijXiRUao+h9L60oxQTcvi9hcbhg+FpB3HYx2Rq6lWR0SqDO2OiBTTJnFM
+6qvN7Wfdmxim0mLAwaqccRLCWA06iN8b7wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/taschenkrebs b/retiolum/hosts/taschenkrebs
index 07be2450..94c37ead 100644
--- a/retiolum/hosts/taschenkrebs
+++ b/retiolum/hosts/taschenkrebs
@@ -1,4 +1,4 @@
-Subnet = 10.243.0.66
+Subnet = 10.243.0.66/32
 Subnet = 42:55bf:5f2b:73f4:f989:910e:ee73:2831/128
 
 -----BEGIN RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/temperator b/retiolum/hosts/temperator
deleted file mode 100644
index 25c54bf2..00000000
--- a/retiolum/hosts/temperator
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0b56:87fb:b3ab:677f:1158:bfa0:b937/128
-Subnet = 42.93.117.146/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEArV5wUD4DqM0RoqL47aPb4EcK8Fi7s+PaFwSqVYibMvjeh/zbRUqa
-GQzEWa9ZR9dIzc0YNQKLOSKsiJNpdEwsWT5kUIUQq/YpFAQjcb/vEFbfZwesG08U
-bmkiqXBVaRDYgdGvnJsfkxVYFuTBKstZk5zdK4/uUSVV6oB3G1xP29Umpjn13Dc6
-28F4aYSQ6U8wJaGpZWXiQrmGtFwaM3gY7MCGq3L/5ec+qo7/zqC3BNYYbuFPycs5
-O3H/Gu1E060YsThhtC4NbChupf0llJcHa7wpPyE2f31YBAQZMo5NpmQqWWLuLqSk
-sT1QtjqIsNcMBK9ogxGb6fcMmycOUSsEFwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/urkrebs b/retiolum/hosts/urkrebs
deleted file mode 100644
index ecffaec4..00000000
--- a/retiolum/hosts/urkrebs
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0c61:780c:bf22:7624:fca8:d4d7:a4fd/128
-Subnet = 42.171.152.235/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAl6vUmUL8w8r2gUTpUF8QWx0U3nzDPao2I7l0WU1NnGcR8DVug7YN
-595guvDkRGcM4eYGizgVYVvDCmjTQRXRn57ucVud2bGE1NGtdomVs6wggpgzLiaf
-m9BJwsigoCyMv+8ewGfc+D10TupulcIiZSp/RAewYlX0rhmgdsEGnCt+TWvXRsIa
-kY1pvt4YeKjs2ctib3OmaPuNokK4ophxSpdZ5arjHCaiVMj2O6pPAQbU7WFY63Fw
-UP64cAmtqBM+uMteT7bdG1jT3KZS6W7Dy8rIBd+pp+vB656A5PhrDcGEUMFSXqPD
-BwIxhV7OAejSn4XjrZyd5eNtMOQKopIMQwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/ytart b/retiolum/hosts/ytart
index 9df79635..09a55f65 100644
--- a/retiolum/hosts/ytart
+++ b/retiolum/hosts/ytart
@@ -1,4 +1,4 @@
-Subnet = 42.82.65.226/32
+Subnet = 10.243.65.226/32
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEA2yCCN8nAPmZNL75Jr+FtfP5jmyuqg7IpgfW03L3s8Gg7NB1eTQAg
 UFPh13cj4lZleZOl3Yus7yx4HxMO8tYCptqnRPyP+UXrxvL+kECS4J3rLzjH/eOM
diff --git a/retiolum/hosts/zerg b/retiolum/hosts/zerg
deleted file mode 100644
index 9e9b0a4e..00000000
--- a/retiolum/hosts/zerg
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:448b:2bdc:d090:9f0f:a957:01a7:7254/128
-Subnet = 42.20.21.115/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxLkTKBXMgChxgPlMlLqqGRx/MSZos2dkXdCw7pzyO9HRwYi2Ax1j
-frVG8Z6YQJAxGv4mOtSLEkSfgzgg0AgCb1o0/fniFabYgBVBMr7K5HvnoJz+ODP2
-49O7+m8t495ygOVY/qO6u4ezSbzDTqcPUjQxUHRo1Ik4/uDjvkPe+rbxC2ZTVW/Z
-YnhSaWwH/GkzI9T8OCmAGetdrsXKY+h/ukVJB89qHXAs2fqWIUvujyfwN/mj5mx4
-BT28RJr2/Mx2ivb1Dq1t8iaxNx+I8q5/WVl0EfZBKkSHsXtqzg9xqwzMS37dF356
-0uq2uuysIDbFMXF3jYvFSZyxCmgXNzvN5QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/openwrt/tinc-up b/retiolum/openwrt/tinc-up
new file mode 100755
index 00000000..3b8bb978
--- /dev/null
+++ b/retiolum/openwrt/tinc-up
@@ -0,0 +1,19 @@
+# source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up
+
+dirname="`dirname "$0"`"
+
+conf=$dirname/tinc.conf
+
+name=`sed -n 's|^ *Name *= *\([^ ]*\) *$|\1|p' $conf`
+
+host=$dirname/hosts/$name
+
+addr4=`sed -n 's|^ *Subnet *= *\(10[.][^ ]*\) *$|\1|p' $host`
+if [ "$addr4" != '' ];then
+    ifconfig $INTERFACE $addr4
+    route add -net 10.243.0.0 netmask 255.255.0.0 dev retiolum
+else
+    addr4=`sed -n 's|^ *Subnet *= *\(42[.][^ ]*\) *$|\1|p' $host`
+    ifconfig $INTERFACE $addr4
+    route add -net 42.0.0.0 netmask 255.0.0.0 dev retiolum
+fi
diff --git a/retiolum/openwrt/updater b/retiolum/openwrt/updater
new file mode 100755
index 00000000..4dbc7d78
--- /dev/null
+++ b/retiolum/openwrt/updater
@@ -0,0 +1,6 @@
+#!/bin/sh
+cd /etc/tinc/retiolum/hosts
+wget http://vpn.miefda.org/hosts.tar.gz
+tar xzf hosts.tar.gz
+rm hosts.tar.gz
+tincd -n retiolum -kHUP
diff --git a/retiolum/scripts/adv_graphgen/all_the_graphs.sh b/retiolum/scripts/adv_graphgen/all_the_graphs.sh
index 36b37f03..5533c722 100755
--- a/retiolum/scripts/adv_graphgen/all_the_graphs.sh
+++ b/retiolum/scripts/adv_graphgen/all_the_graphs.sh
@@ -1,5 +1,15 @@
-#!/bin/sh
-echo "`date` begin all graphs" >> /tmp/build_graph
-cd $(dirname $(readlink -f $0))
-(./anonytize.sh /srv/http/pub/graphs/retiolum/ && echo "`date` anonytize done" >> /tmp/build_graph)&
-(./sanitize.sh /srv/http/priv/graphs/retiolum/ && echo "`date` sanitize done" >> /tmp/build_graph)&
+#!/bin/bash
+
+(
+  echo "`date` begin all graphs" >> /tmp/build_graph
+  cd $(dirname $(readlink -f $0))
+  PATH=$PATH:../../../util/bin/
+  export LOG_FILE=/var/log/retiolum.log
+  begin=`timer`
+  export GRAPHITE_HOST="no_omo"
+  (./anonytize.sh /srv/http/pub/graphs/retiolum/ && echo "`date` anonytize done" >> /tmp/build_graph)&
+  (./sanitize.sh /srv/http/priv/graphs/retiolum/ && echo "`date` sanitize done" >> /tmp/build_graph)&
+#  wait
+  graphitec "retiolum.graph.buildtime" "$(timer $begin)"   >> /tmp/build_graph
+  echo "`date` end all graphs" >> /tmp/build_graph
+)&
diff --git a/retiolum/scripts/adv_graphgen/anonytize.sh b/retiolum/scripts/adv_graphgen/anonytize.sh
index 1ebfe972..d49793cb 100755
--- a/retiolum/scripts/adv_graphgen/anonytize.sh
+++ b/retiolum/scripts/adv_graphgen/anonytize.sh
@@ -5,7 +5,7 @@ GRAPH_SETTER1=dot
 GRAPH_SETTER2=circo
 GRAPH_SETTER3='neato -Goverlap=prism '
 GRAPH_SETTER4=sfdp
-LOG_FILE=/var/log/syslog
+LOG_FILE=${LOG_FILE:-/var/log/syslog}
 TYPE=svg
 TYPE2=png
 OPENER=/bin/true
diff --git a/retiolum/scripts/adv_graphgen/parse_tinc_anon.py b/retiolum/scripts/adv_graphgen/parse_tinc_anon.py
index 3b0383da..e0bea913 100755
--- a/retiolum/scripts/adv_graphgen/parse_tinc_anon.py
+++ b/retiolum/scripts/adv_graphgen/parse_tinc_anon.py
@@ -3,6 +3,19 @@
 from BackwardsReader import BackwardsReader
 import sys,json
 #supernodes= [ "kaah","supernode","euer","pa_sharepoint","oxberg" ]
+try:
+  import socket
+  from time import time
+  import os
+  host = os.environ.get("GRAPHITE_HOST","localhost")
+  port = 2003
+  g_path =  os.environ.get("GRAPHITE_PATH","retiolum")
+  begin = time()
+  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 
+  sys.stderr.write("connecting to %s:%d"%(host,port))
+  s.connect((host,port))
+except Exception as e:
+  print >>sys.stderr, "Cannot connect to graphite: " + str(e)
 """ TODO: Refactoring needed to pull the edges out of the node structures again,
 it should be easier to handle both structures"""
 DUMP_FILE = "/krebs/db/availability"
@@ -133,3 +146,9 @@ def decode_input(FILE):
 nodes = decode_input(sys.stdin)
 nodes = delete_unused_nodes(nodes)
 write_digraph(nodes)
+try: 
+  end = time()
+  msg = '%s.graph.anon_build_time %d %d\r\n' % (g_path,((end-begin)*1000),end)
+  s.send(msg)
+  s.close()
+except Exception as e: print >>sys.stderr, e
diff --git a/retiolum/scripts/adv_graphgen/parse_tinc_stats.py b/retiolum/scripts/adv_graphgen/parse_tinc_stats.py
index 54dcc4ab..16f4f795 100755
--- a/retiolum/scripts/adv_graphgen/parse_tinc_stats.py
+++ b/retiolum/scripts/adv_graphgen/parse_tinc_stats.py
@@ -2,6 +2,20 @@
 # -*- coding: utf8 -*-
 from BackwardsReader import BackwardsReader
 import sys,json
+try:
+  from time import time
+  import socket
+  import os
+  host = os.environ.get("GRAPHITE_HOST","localhost")
+  port = 2003
+  g_path =  os.environ.get("GRAPHITE_PATH","retiolum")
+  begin = time()
+  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 
+  sys.stderr.write("connecting to %s:%d"%(host,port))
+  s.connect((host,port))
+except Exception as e:
+  sys.stderr.write("Cannot connect to graphite: %s\n" % str(e))
+
 supernodes= [ "kaah","supernode","euer","pa_sharepoint","oxberg" ]
 """ TODO: Refactoring needed to pull the edges out of the node structures again,
 it should be easier to handle both structures"""
@@ -36,6 +50,12 @@ def write_stat_node(nodes):
   '''
   num_conns = 0
   num_nodes = len(nodes)
+  try: 
+    msg = '%s.num_nodes %d %d\r\n' %(g_path,num_nodes,begin)
+    s.send(msg)
+    #print >>sys.stderr, msg
+  except Exception as e: print sys.stderr,e
+  #except: pass
   for k,v in nodes.iteritems():
     num_conns+= len(v['to'])
   node_text = "  stats_node [label=\"Statistics\\l"
@@ -183,3 +203,11 @@ try:
 except Exception,e:
   sys.stderr.write("Cannot dump graph: %s" % str(e))
 write_digraph(nodes)
+
+try: 
+  end = time()
+  msg = '%s.graph.detail_build_time %d %d\r\n' % (g_path,((end-begin)*1000),end)
+  s.send(msg)
+  sys.stderr.write(msg)
+  s.close()
+except Exception as e: sys.stderr.write( str(e) + "\n")
diff --git a/retiolum/scripts/adv_graphgen/sanitize.sh b/retiolum/scripts/adv_graphgen/sanitize.sh
index 50f1659f..c46662f3 100755
--- a/retiolum/scripts/adv_graphgen/sanitize.sh
+++ b/retiolum/scripts/adv_graphgen/sanitize.sh
@@ -5,7 +5,7 @@ GRAPH_SETTER1=dot
 GRAPH_SETTER2=circo
 GRAPH_SETTER3='neato -Goverlap=prism '
 GRAPH_SETTER4=sfdp
-LOG_FILE=/var/log/syslog
+LOG_FILE=${LOG_FILE:-/var/log/syslog}
 TYPE=svg
 TYPE2=png
 OPENER=/bin/true
diff --git a/retiolum/scripts/tinc_setup/write_channel.py b/retiolum/scripts/tinc_setup/write_channel.py
index 53a155d9..8299fa8d 100644
--- a/retiolum/scripts/tinc_setup/write_channel.py
+++ b/retiolum/scripts/tinc_setup/write_channel.py
@@ -3,7 +3,7 @@ import random, sys, time, socket
 try:
   myname=sys.argv[1]
 except:
-  print "you are made of stupid"
+  print("you are made of stupid")
   exit (23)
 
 CHANNEL = '#krebsco'
@@ -12,10 +12,10 @@ FILE="/etc/tinc/retiolum/hosts/"+myname
 PORT=6667
 NICK= myname+"_"+str(random.randint(23,666))
 
-print "Connecting..."
+print("Connecting...")
 sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 sock.connect((HOST,PORT))
-print NICK
+print(NICK)
 sock.send("NICK %s\r\n" % NICK)
 sock.send("USER %s %s bla : %s\r\n" %(NICK,HOST,NICK))
 sock.send("JOIN %s\r\n" % CHANNEL)
@@ -23,5 +23,5 @@ time.sleep(23)
 f = open(FILE,'r') 
 a = [ sock.send("PRIVMSG %s : %s" % ( CHANNEL,line)) for line in f]
 time.sleep(5) #because irc is so lazy
-print "closing socket"
+print("closing socket")
 sock.close()
diff --git a/streams/mpdstreams b/streams/mpdstreams
new file mode 100755
index 00000000..75d2af13
--- /dev/null
+++ b/streams/mpdstreams
@@ -0,0 +1,113 @@
+#!/usr/bin/python
+
+# this version cannot tell if a stream is running or just ordinary music
+import os
+import sys
+from subprocess import Popen, PIPE
+
+os.chdir(os.path.dirname(os.path.realpath(sys.argv[0])))
+pidfile = "/tmp/krebs.stream.pid"
+url_file = os.environ.get("STREAM_DB", "stream.db")
+urls = []
+#urls = [ url,f for (url,f) in open(url_file).readline() ]
+for line in open(url_file):
+    urls.append(line.split())
+#print urls
+mybin = sys.argv[0]
+cmd = sys.argv[1] if len(sys.argv) > 1 else "you-are-made-of-stupid"
+stream = sys.argv[2] if len(sys.argv) == 3 else "groove"
+pipe_silent = open("/dev/null","w")
+
+def urlForStream(stream):
+    for url, s in urls:
+        if s == stream:
+            return url
+
+def streamForUrl(url):
+    for u, s in urls:
+        if u == url:
+            return stream 
+
+def startStream(stream_url):
+    Popen(["mpc","crossfade","5"],
+            stdout=pipe_silent,stderr=pipe_silent)
+    Popen(["mpc","repeat","yes"],
+            stdout=pipe_silent,stderr=pipe_silent)
+    Popen(["mpc","clear"],
+            stdout=pipe_silent,stderr=pipe_silent)
+    Popen(["mpc","load",stream_url],
+            stdout=pipe_silent,stderr=pipe_silent).wait()
+    Popen(["mpc","play"],
+            stdout=pipe_silent,stderr=pipe_silent)
+
+def start(stream):
+    ret = running()
+    if ret:
+        print "!! Stream `%s` already running !" % \
+                (ret)
+    else:
+        startStream(urlForStream(stream))
+        print "** Starting `%s`."% stream
+
+
+def stop():
+    ret = running()
+    if not ret:
+        print "!! No Stream running!"
+    else:
+        print "** Stopping `%s`" % ret
+        Popen(["mpc","stop"],
+            stdout=pipe_silent,stderr=pipe_silent)
+        
+
+def running():
+    try:
+        (out,err) = Popen(["mpc","current"],stdout=PIPE,stderr=PIPE).communicate()
+        out = out.rstrip()
+        return out
+    except Exception as e:
+        return ""
+
+
+def slist():
+    for url, name in urls:
+        print "%s : %s" % (name, url)
+
+
+def shorthelp():
+    print "start|stop|restart|status|list [audio stream]"
+
+
+def longhelp():
+    print "Usage: %s" % mybin,
+    shorthelp
+    print """ get all available streams with '/%(fil)s list'
+    Examples:
+    %(fil)s list
+    %(fil)s start groove
+    %(fil)s switch deepmix
+    %(fil)s status
+    %(fil)s stop""" % {'fil': mybin}
+
+if cmd == "start":
+    start(stream)
+elif cmd == "stop":
+    stop()
+elif cmd == "switch" or cmd == "restart":
+    stop()
+    start(stream)
+elif cmd == "status":
+    ret = running()
+    if not ret:
+        print "** nothing running"  # , e
+    else:
+        print "Now Playing: %s" % ret
+elif cmd == "list":
+    slist()
+elif cmd == "--help":
+    longhelp()
+elif cmd == "-h":
+    shorthelp()
+else:
+    print "unknown command `%s`" % cmd
+    print "try `%s` --help" % os.path.basename(mybin)
diff --git a/streams/stream.db b/streams/stream.db
index 711c5f30..2e873843 100644
--- a/streams/stream.db
+++ b/streams/stream.db
@@ -1,8 +1,6 @@
-http://somafm.com/groovesalad.pls groove 
 http://deepmix.ru/deepmix128.pls deepmix
 http://streams.xenim.de/radiotux.ogg radiotux
 http://bassdrive.com/v2/streams/BassDrive.pls bassdrive
-http://somafm.com/illstreet.pls illstreet
 http://localhost:8000/stream.ogg icecast
 http://localhost:8000/shice.ogg shice
 http://stream2.jungletrain.net:8000 jungletrain
@@ -12,3 +10,26 @@ http://radio.krautchan.net:8000/radio.mp3 radiofreieskrautchan
 http://nl1.streamhosting.ch/listen.pls lounge
 http://deluxetelevision.com/livestreams/radio/DELUXE_RADIO.pls deluxe
 http://livestream.radiodarmstadt.de:8000 darmstadt
+http://somafm.com/sxfm.pls southbysoma
+http://somafm.com/indiepop.pls indypop
+http://somafm.com/poptron.pls poptron
+http://somafm.com/480min.pls 480min
+http://somafm.com/u80s.pls underground80s
+http://somafm.com/secretagent.pls secretagent
+http://somafm.com/suburbsofgoa.pls suburbsofgoa
+http://somafm.com/beatblender.pls beatblender
+http://somafm.com/missioncontrol.pls missioncontrol
+http://somafm.com/dronezone.pls dronezone
+http://somafm.com/cliqhop.pls cliqhop
+http://somafm.com/spacestation.pls spacestationsoma
+http://somafm.com/bootliquor.pls bootliquor
+http://somafm.com/covers.pls covers
+http://somafm.com/illstreet.pls illstreet
+http://somafm.com/tags.pls tagstrip
+http://somafm.com/groovesalad.pls groove 
+http://somafm.com/lush.pls lush
+http://somafm.com/digitalis.pls digitalis
+http://somafm.com/sonicuniverse.pls sonicuniverse
+http://somafm.com/doomed.pls doomed
+http://somafm.com/brfm.pls blackrockfm
+http://de.scenemusic.net/necta192.mp3 demoscene
diff --git a/streams/streams.py b/streams/streams.py
new file mode 100644
index 00000000..65669b2d
--- /dev/null
+++ b/streams/streams.py
@@ -0,0 +1,116 @@
+#!/usr/bin/python
+import os
+import sys
+from subprocess import Popen, PIPE
+
+os.chdir(os.path.dirname(os.path.realpath(sys.argv[0])))
+pidfile = "/tmp/krebs.stream.pid"
+url_file = os.environ.get("STREAM_DB", "stream.db")
+urls = []
+#urls = [ url,f for (url,f) in open(url_file).readline() ]
+for line in open(url_file):
+    urls.append(line.split())
+#print urls
+mybin = sys.argv[0]
+cmd = sys.argv[1] if len(sys.argv) > 1 else "you-are-made-of-stupid"
+stream = sys.argv[2] if len(sys.argv) == 3 else "groove"
+
+
+def check_pid(pid):
+    """ Check For the existence of a unix pid. """
+    try:
+        os.kill(pid, 0)
+    except OSError:
+        return False
+    else:
+        return True
+
+
+def urlForStream(stream):
+    for url, s in urls:
+        if s == stream:
+            return url
+
+
+def start(stream):
+    ret = running()
+    if ret:
+        print "!! Stream `%s` already running with pid `%s` !" % \
+                (ret[1], ret[0])
+    else:
+        pipe_silent = open('/dev/null', 'w')
+        url = urlForStream(stream)
+        mpl = Popen(["mplayer", url],
+                 stdout=pipe_silent, stderr=pipe_silent).pid
+        print >> open(pidfile, "w+"), "%d %s" % (mpl, stream)
+
+
+def stop():
+    ret = running()
+    if not ret:
+        print "!! No Stream running!"
+    else:
+        pid, name = ret
+        print "** Killing `%s` with pid %s" % (name, pid)
+        os.kill(int(pid), 15)
+        #if check_pid(int(pid)):
+        #    print "!! trying harder to kill process"
+        #    os.kill(int(pid), 9)
+        os.remove(pidfile)
+
+
+def running():
+    try:
+        pid, currstream = open(pidfile).read().split()
+        if check_pid(int(pid)):
+            return (pid, currstream)
+        else:
+            print "!! removing stale pidfile"
+            os.remove(pidfile)
+            raise Exception("Pidfile stale")
+    except Exception as e:
+        return ()
+
+
+def slist():
+    for url, name in urls:
+        print "%s : %s" % (name, url)
+
+
+def shorthelp():
+    print "start|stop|restart|status|list [audio stream]"
+
+
+def longhelp():
+    print "Usage: %s" % mybin,
+    shorthelp
+    print """ get all available streams with '/%(fil)s list'
+    Examples:
+    %(fil)s list
+    %(fil)s start groove
+    %(fil)s switch deepmix
+    %(fil)s status
+    %(fil)s stop""" % {'fil': mybin}
+
+if cmd == "start":
+    start(stream)
+elif cmd == "stop":
+    stop()
+elif cmd == "switch" or cmd == "restart":
+    stop()
+    start(stream)
+elif cmd == "status":
+    ret = running()
+    if not ret:
+        print "** no stream running"  # , e
+    else:
+        print "%s is running(%s)" % (ret[1], urlForStream(ret[1]))
+elif cmd == "list":
+    slist()
+elif cmd == "--help":
+    longhelp()
+elif cmd == "-h":
+    shorthelp()
+else:
+    print "unknown command `%s`" % cmd
+    print "try `%s` --help" % os.path.basename(mybin)
diff --git a/util/bin/naturalvoices2.sh b/util/bin/naturalvoices2.sh
new file mode 100755
index 00000000..4d8015aa
--- /dev/null
+++ b/util/bin/naturalvoices2.sh
@@ -0,0 +1,6 @@
+text=$(echo $* | sed 's/ /+/g')
+voice="klara"
+base_url="http://192.20.225.36"
+
+mplayer $base_url$( curl -Ss -A "Mozilla" -d "voice=$voice" -d "txt=$text" -d "speakButton=SPEAK" $base_url/tts/cgi-bin/nph-nvdemo |grep HREF|sed 's/.*\(".*"\).*/\1/' |sed -e 's/"//g')
+
diff --git a/util/bin/statsc b/util/bin/statsc
new file mode 100755
index 00000000..ff86ccb8
--- /dev/null
+++ b/util/bin/statsc
@@ -0,0 +1,4 @@
+#!/bin/sh
+# see https://github.com/etsy/statsd for syntax
+[ $# -eq 0 ] && echo "usage: $0 MESSAGE"
+echo "$1" | nc -w 1 -u 127.0.0.1 8125
diff --git a/util/bin/timer b/util/bin/timer
new file mode 100755
index 00000000..0ccf514a
--- /dev/null
+++ b/util/bin/timer
@@ -0,0 +1,14 @@
+#!/bin/bash
+curr=$(date '+%s%N')
+etime=${curr:0:${#curr}-6}
+if [[ $# -eq 0 ]];then
+  echo $etime
+else
+  [ "$1" == "-h" -o "$1" == "--help" ] && \
+    echo "usage: $0 [start_ms]" && \
+    echo "  if no start_ms is given, return the currentime" && \
+    echo "  if start_ms is given, return the difference" && exit 0
+  stime=$1
+  [[ -z "$stime" ]] && stime=$etime
+  echo $((etime - stime))
+fi