Comments

Latest Posts

Bulk IP Reputation Check using Security Websites and Open Source Scripts

November 17, 2019

This topic has been haunted in my mind for quite a while. As an information security guy, we got tons of reports about end point activities. One of them is the website ip or urls they were accessing. A typical network abnormal behaviour for an infected or compromised end point is huge amount of accessing malicious ip or bad reputation websites.

For many investigations, I can generate an ip list but how to quickly find out the ip reputation is a challenge for me.

That is why I am writing this post today. I am still checking those websites or scripts, hopefully I can get a good understanding then comes out my own script to do this job.



Online Service - Bulkblacklist.com


Here are some good online resources:

https://www.bulkblacklist.com/ - Simple IP and Domain Reputation Tracking System - Mostly focus on email reputation. It will use following online services to do a search;

  • SpamCop
  • SPAMHAUS
  • Barracuda
  • SenderSscore
  • SenderBase


Run Scripts


https://github.com/Gajasurve/Blacklister-IP/blob/master/Bulk_check.py

http://www.tekdefense.com/automater/


[[email protected] ~]# yum install git
[[email protected] ~]# rm -r -d -f TekDefense-Automater/
[[email protected] ~]# git clone https://github.com/1aN0rmus/TekDefense-Automater.git
Cloning into 'TekDefense-Automater'...
remote: Enumerating objects: 260, done.
remote: Total 260 (delta 0), reused 0 (delta 0), pack-reused 260
Receiving objects: 100% (260/260), 136.82 KiB | 0 bytes/s, done.
Resolving deltas: 100% (143/143), done.
[[email protected] ~]# ls
TekDefense-Automater
[[email protected] ~]# cd TekDefense-Automater/
[[email protected] TekDefense-Automater]# ls
Automater.py  inputs.py  outputs.py  siteinfo.py  tekdefense.xml
docs          LICENSE    README.md   sites.xml    utilities.py

[[email protected] TekDefense-Automater]# python Automater.py -h

[[email protected] TekDefense-Automater]# python Automater.py test.txt -o test.out -c test.csv -w test.html -d 10

YouTube Video




References




2 comments:

  1. UnknownTuesday, November 03, 2020

    Please help to fix this error, do let me know what parameter to be change.

    [email protected]:~/TekDefense-Automater# python Automater.py 111.231.227.249
    Traceback (most recent call last):
    File "Automater.py", line 40, in
    from siteinfo import SiteFacade, Site
    File "/root/TekDefense-Automater/siteinfo.py", line 28, in
    import requests
    ImportError: No module named requests

    ReplyDelete
  2. aprianThursday, December 17, 2020

    module "Requests" is not installed by default by python. Follow this https://stackoverflow.com/a/17309309 to install it.

    ReplyDelete

Subscribe to: Post Comments ( Atom )