This Python project is for discovering information about and reporting malicious IP addresses safely and legally. My home network was getting scanned regularly by the same IP addresses. My router blocked the scans, but I got annoyed. I wanted to know everything about the IP Addresses scanning me so this was born.
# requirements.txt
# [pip install -r requirements.txt]
requests==2.31.0
ipwhois==1.2.0
dnspython==2.3.0
Place the IP addresses you'd like to scan in the ip_list.dat file:
# ip_list.dat
# Each line should contain a single full IP address
xxx.xxx.xxx.xxx
xx.xx.xx.xx
xxx.xxx.xxx.xxx
Place your GeoLocation API Key in the local_config.py file provided:
# local_config.py
IP_GEOLOCATION_API_KEY = 'YOUR_API_KEY'
You can obtain an API key for geolocation services from various providers. Here are a few popular ones along with instructions on how to get an API key:
How to get the API key:
1. Visit ipgeolocation.io.
2. Sign up for a free account.
3. Once logged in, navigate to the dashboard.
4. You will find your API key in the dashboard.
How to get the API key:
1. Visit MaxMind.
2. Sign up for an account.
3. Purchase a subscription for the GeoIP2 services (they offer a free trial for limited usage).
4. Once subscribed, you will receive an API key.
How to get the API key:
1. Visit ipstack.com.
2. Sign up for a free account.
3. Once logged in, go to the API Access section in your dashboard.
4. You will find your API key there.
How to get the API key:
1. Visit ipinfo.io.
2. Sign up for a free account.
3. Once logged in, navigate to the API Access section in your dashboard.
4. You will find your API key there.
The script will create two files in an output directory adjecent to the ip_scanback.py script.
# output/discovery.md
File containing all of the pulled data about the IP addresses.
Generated in simple to read Markdown language
# output/discovery.JSON
File containing all of the pulled data about the IP addresses.
Generated in JSON for the more code friendly users.
I have also provided two additional scripts.
# parse_and_format.py
This file creates a simplified version of the report the ip_scanback.py script generates.
It reads the output/discovery.JSON file and generates
# output/parsed_discovery.json and
# output/parsed_discovery.md
parsed_discovery.md is extremely user friendly.
The other files generated are for your records if you need a copious amount of data.
I have also provided a script that will write emails for you to send to the companies hosting the malicious IP Addresses.
# generate_letters.py
This file reads the output/parsed_discovery.md output
--- So be sure to run parse_andformat.py first ---
The script will generate a letter per malicious IP Address
The letters will be placed in a folder called 'letters_output' and will be named
with the abuse reporting email they provided to DNS authorities.
Here is an example of the letter generated by the script:
[Users Name]
[Users Email]
[Today's Date]
To Whom It May Concern,
I am writing to formally lodge a complaint regarding malicious activities originating
from the IP address {info['IP Address']}.
This IP address, managed by {info['Whois']['ASN Description']}
and located in {info['Whois']['Country']}, has been attacking my network
at daily intervals over several years.
The attacks have been persistent and disruptive,
affecting the security and stability of my online environment.
According to the information gathered, this IP address has an abuse confidence score
of {info['Reputation']['Abuse Confidence Score']} and
has been reported {info['Reputation']['Total Reports']} times
for malicious activities by others.
The last reported attack was on {info['Reputation']['Last Reported At']},
as recorded by {info['Geolocation']['Organization']}.
The following contacts are associated with this IP address:
**Name**: [Contact Name]
**Address**: [contact_address]
**Phone**: [Contact Phone]
**Abuse Email**: [Abuse Email]
I kindly demand that immediate action be taken to identify and
remove the user associated with this IP address, and to implement measures
to restrict and monitor this IP address to prevent further malicious activities.
Continued attacks will be logged and filed, and will serve as evidence
in legal action should this behavior persist.
Please confirm receipt of this letter and inform me
of the steps you will take to address this issue.
I expect a prompt response outlining the actions you will implement to resolve this matter.
Thank you for your time and attention to this critical issue.
I look forward to your response and to the resolution of this matter.
Sincerely,
[User Name]