Skip to content
This repository has been archived by the owner on Dec 7, 2022. It is now read-only.

Latest commit

 

History

History
51 lines (38 loc) · 1.88 KB

README.md

File metadata and controls

51 lines (38 loc) · 1.88 KB
Raw

IP Blacklist Check

Generic badge Twitter

Python script that downloads IP reputation blacklists from various sources and queries an IP address, or multiple IPs, against those lists. Utilizes the FreeGeopIP Live service for IP geolocation - ref: https://freegeoip.live/

API Key (add to settings.ini file) required for the following:

  • AbuseIPDB
  • Shodan
  • VirusTotal

Installation

git clone https://github.com/dfirsec/blacklist_check.git
cd blacklist_check
pip install -r requirements.txt

Usage

        ____  __           __   ___      __     ________              __
       / __ )/ /___ ______/ /__/ (_)____/ /_   / ____/ /_  ___  _____/ /__
      / __  / / __ `/ ___/ //_/ / / ___/ __/  / /   / __ \/ _ \/ ___/ //_/
     / /_/ / / /_/ / /__/ ,< / / (__  ) /_   / /___/ / / /  __/ /__/ ,<
    /_____/_/\__,_/\___/_/|_/_/_/____/\__/   \____/_/ /_/\___/\___/_/|_|

usage: blacklist_check.py [-h] [-t [threads]] [-v] [-a] [-s] [-u | -fu | -sh] [-q query [query ...] | -f file | -i | -r]

IP Blacklist Check

optional arguments:
  -h, --help            show this help message and exit
  -t [threads]          threads for rbl check (default 25, max 50)
  -v                    check virustotal for ip info
  -a                    check abuseipdb for ip info
  -s                    check shodan for ip info
  -u                    update blacklist feeds
  -fu                   force update of all feeds
  -sh                   show blacklist feeds
  -q query [query ...]  query a single or multiple ip addrs
  -f file               query a list of ip addresses from file
  -i                    insert a new blacklist feed
  -r                    remove an existing blacklist feed

Example Run

alt text