-
Notifications
You must be signed in to change notification settings - Fork 0
/
abuseipdb_analyzer.py
75 lines (64 loc) · 2.6 KB
/
abuseipdb_analyzer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/usr/bin/env python3
import requests
import json
import yaml
from yaml.loader import SafeLoader
import pycountry
import argparse
def get_arguments(): # Gets The IP Address to Analyze
parser = argparse.ArgumentParser()
parser.add_argument('-i', '--ip', dest='ip_address', help='Sets IP Address to fetch information.')
(options) = parser.parse_args()
if not options.ip_address:
parser.error('[-] Please Specify an IP Address to fetch information.')
return options
def check_key(): # Loads yaml file including enabled state and api keys
with open('config.yaml', 'r') as f:
config = yaml.load(f, Loader=SafeLoader)
if config['abuseipdb'] == 'your_api_key_goes_here':
print('\n[-] AbuseIPDB is missing an API Key\n')
exit()
else:
return config['abuseipdb']
def fetch_data(ip_address, api_key): # Requests data
url = 'https://api.abuseipdb.com/api/v2/check'
querystring = {
'ipAddress': ip_address,
'maxAgeInDays': '365'
}
headers = {
'Accept': 'application/json',
'Key': api_key
}
response = requests.request(method='GET', url=url, headers=headers, params=querystring)
decodedResponse = json.loads(response.text)
return decodedResponse
def filter_data(data): # Filters data
if 'errors' in data:
details = f"Details: {data['errors'][0]['detail']}"
output = f"\n[-] AbuseIPDB\n{details}\n"
elif data['data']['isPublic'] == False:
ip_address = data['data']['ipAddress']
output = f'\n[-] AbuseIPDB\nIP Address {ip_address} is not a Public IP Address.\n'
else:
country_code = data['data']['countryCode']
country_name = pycountry.countries.get(alpha_2=country_code).name
a_conf = f"Abuse Confidence: {data['data']['abuseConfidenceScore']}%"
country = f"Country: {country_name}"
isp = f"ISP: {data['data']['isp']}"
usage_type = f"Usage Type: {data['data']['usageType']}"
domain = f"Domain: {data['data']['domain']}"
hostnames_list = ', '.join(map(str, data['data']['hostnames']))
hostnames = f"Hostnames: {hostnames_list}"
whitelist = f"Whitelisted: {data['data']['isWhitelisted']}"
reports = f"Reports: {data['data']['totalReports']}"
output = f"\n[+] AbuseIPDB\n{a_conf}\n{country}\n{isp}\n{usage_type}\n{domain}\n{hostnames}\n{whitelist}\n{reports}\n"
return output
def main():
options = get_arguments()
api_key = check_key()
response = fetch_data(options.ip_address, api_key)
output = filter_data(response)
print(output)
if __name__ == '__main__':
main()