top of page
Writer's pictureVlad

IP Checker from site list

I have done some browsing and some file reminiscing, and have stumble upon one cool program that I have made last October 2017. The goal of this is to check if a certain IP address belongs to a list of malicious IPs from the user's list of threat intel sites. It would be an honor to share this with you , for this might interest your curiosity and help you gather some information if one IP is malicious or not.


A security analyst is fund of investigation and digging further a certain IP once identified and detected on a security device that such is performing a suspicious task on his perimeter. With the IP given...


*He can research on the whois description of a certain IP.

*He can revalidate and check that to several threat intel sites and have his judgement from there.

*Look on some site which contain the list of IP reputations.


I have done the first 2 items above. Getting a bulk of IPs and evaluate a whois functionality by using IP2Whois tool. With Spyder on item #2, we can check the supported threat intel site it has to check the IP reputation.


Item 3 will be our focus on this blog. Given all the IP list checker site he knows, what if the analyst will be able to automate on the task and get the results he wanted with just an input of the IP he wanted to investigate and the lists of IP checking URL like zeus tracker, cinsscore and bambenekconsulting.



One main feature of this tool is that it gives you the occurrence rate which will be helpful when your giving a certain frequency on a certain IP. Program will crawl through the sites you've listed and will check if such IP exists on the site list.Then, it will evaluate and compute for the final verdict.


Here is how the verdict was made:


x = rate of occurrence


x=0 => clean

IP does not belong to any of the threat intel sites provided by the user will have a result of 'clean' IP


x>0%,x<30% =>low

IP severity score is 0% greater but less than 30%, will have a occurrence of 'low'.


x>30%,x<50% =>Medium

With a score better than 30% but less than 50% will have a 'medium' impact


x>50% =>high

With a rating better than 50% will have 'high' occurrence.


How To?

Before program execution, one must..

* Input IP needed to be evaluated with filename 'check.txt'

*Update or gather URL list site that the program will look on to.

*Run this thing up!


Running the program...


For single user input >>



For multiple IP check>>





I am giving away this tool for free. If you want a copy just email me on my email kenciceron45@gmail.com or to any of the contacts on my homepage. Enjoy and go get hunt!


krontek> halt

97 views0 comments

Comments


LET'S TAKE IT TO THE NEXT LEVEL!

bottom of page