Aggregation of lists of malicious IP addresses, to be blocked in the WAN > LAN direction, integrated into firewalls: FortiGate, Palo Alto, pfSense, IPtables

Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files.

An advanced, ultra-lightweight firewall orchestrator for Linux. SysWarden integrates Data-Shield IPv4 blocklists, Geo-Blocking, Spamhaus ASN, Fail2ban, and a WireGuard VPN to proactively block 99% of malicious traffic. Secure your servers and Docker containers with a near-zero memory footprint.

Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists.

A list of malicious IP addresses associated with botnets, cyberattacks, and the generation of artificial traffic on websites. Useful for network administrators and security companies to block threats and protect against DDoS attacks.

An automated mirror of malicious IP addresses from packetsdatabase.com, providing continuously updated blocklists and security feeds in multiple formats.

Criminal IP is a comprehensive OSINT-based Cyber Threat Intelligence (CTI) search engine that can be used as an automated Attack Surface Management solution.

Curated block list including IPs, FQDNs, Domains, JA3, etc. Tailored for utmost precision to minimize false positives in personal or non-commercial environments. Updated regularly. For assistance or to support our initiatives, please reach out or consider participating in our sponsorship program

HeimdallBlocklists is a project designed to merge and manage multiple community-maintained blocklists, making them easily usable across various firewall solutions.

Use the Prowl API to obtain IP Reputation, Techniques Tactics and Procedures, Indicators of Attacks and Indicators of Compromise related to a public IP.

Triage an IP using powershell

Self-hosted Geolocation and Malicious IP Detection API

Automated IP blocklist aggregation with geolocation-based country filtering, Docker ready, and twice daily runs via GitHub Actions

SniffCat integration enabling automatic reporting of malicious activity detected by T-Pot honeypots by monitoring logs, analyzing attack attempts, and submitting reports automatically.

Takes a list of IP addresses stored in a file, looks them up using abuseipdb.com, and writes the output to a CSV file.

Offline-first, budget-aware log+CTI pipeline with optional LLM enrichment; grouping/sampling gates, strong CTI cache, reproducible reports, Streamlit UI.

A Node.js script that automates the reporting of malicious IP addresses detected by Cloudflare WAF to SniffCatDB ☁️🕵️

My personal research on different attack vectors, including DDoS attack types, payloads and a honeypot sensor to detect malicious actors.

🛡️ Comprehensive IP blacklist from trusted security sources - Updated regularly | Free to use Malware, Botnet, Spam & Attack Prevention for security, firewall, or research purposes.

A retro-styled terminal dashboard in Python that pulls live cybersecurity threat feeds — CVEs, APT reports, zero-day alerts, ransomware, malicious IPs, and more. Features a scrolling ticker, color-coded severity, threat heat metrics, and API Tools. Fun, informative, and visually awesome — serious intel without taking itself too seriously.