It’s an OSINT reconnaissance poc powered by Local LLMs (Ollama). You can feed it an email, domain, or IP, and it automatically performs multiple types of reconnaissance, then generates a clean human-readable report using a local LLM.

IP-Abuse Reporting System & IP/Network/ASN Risk-Databases

Automation to report malicious actors to AbuseIPDB for users of Cloudflare WAF

A collection of OSINT websites and tools to aid penetration testers with their info gathering tasks

CSF Firewall and AbuseIPDB API integration with specific focus on data privacy and prevention of sensitive data leaked to public AbuseIPDB database report

从 AbuseIPDB API 获取 IP 黑名单 并提交设置 Cloudflare WAF 规则

Infrastructure as Code (IaC) solution with container orchestration, deployment versioning, security management, and ML-based intrusion detection system (IDS).

This script is designed to streamline the process of scanning a list of IP addresses from AbuseIPDB and extracting valuable information. It then organizes this data into a CSV file. This tool is incredibly useful for threat hunting and improving incident response times in cybersecurity

从 Cloudflare Graphql API 获取被 Cloudflare WAF 拦截(阻止/托管质询)的 IP 并提交给 AbuseIPDB

A Python CLI tool for automating Bulk IP Address and domain reputation checking using Virus Total API and Abuse IP DB API. Can generate HTML reports and other features. Can use different API Keys at once while alternating them.

Automated IPv4 threat intelligence: combined blacklist from 100+ feeds, confidence scoring, ASN reputation, geo-tagged per country. Updated every 3h.

A simple Python script aimed to bulk check IPs reputation

Malicious IP List and AbuseIPDB scripts

This tool uses the power of Python with APIs from AbuseIPDB, Alienvault, Greynoise, Pulsedive, and Virustotal. This enables the user to research a Public IP Address and see an abundance of history about the Public IP Address that creates a fast overview for easy decision making.

A Python tool for analyzing Indicators of Compromise (IOCs) using multiple threat intelligence APIs including VirusTotal, AbuseIPDB, and Shodan.

To extract the usernames attempted by a compromised host. This information is obtained from Abuse IP DB, reports' comments.

StickyPorts the all-in-one Layer 4 honeypot that emulates commonly used Ubuntu services.

Real-time network intrusion detection with a lightweight GUI dashboard — live packet capture, IP geolocation, AbuseIPDB threat scoring, and optional automated firewall blocking.

A command-line tool for analyzing IP addresses using multiple threat intelligence sources, including VirusTotal, Shodan, AbuseIPDB, and FindIP.net. Provides a detailed, real-time analysis report to help security professionals understand the threat landscape of given IP addresses.

Pixie: Defender's "Mini" IP Abuse and Blacklist Mass Lookup Tool. An open-source script that performs mass IP address lookups against AbuseIPDB and a local or OSINT (StamparM's IPsum) blacklist, with filtering capability.