Skip to content
/ bulkiplkup Public

perform a bulk lookup of IP addresses utilizing team cymru's IP to ASN service

License

MIT license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jakewarren/bulkiplkup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.github
.github
 
 
.goreleaser.yml
.goreleaser.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
cymru.go
cymru.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
ipapi.go
ipapi.go
 
 
main.go
main.go
 
 
utils.go
utils.go
 
 

Repository files navigation

bulkiplkup

Build Status GitHub release MIT License Go Report Card PRs Welcome

perform a bulk lookup of IP addresses

This tool assists with enriching a large amount of IP addresses with additonal information. If an ipapi.is API key is provided, additional information will be fetched. The data from ipapi.is is extended with an additional field called is_suspicious which is set to true if the IP is a known abuser, VPN, proxy, Tor exit node, datacenter, or the company's abuse score is 'High' or 'Very High'.

Note

The output format of the ipapi.is is opioninated and was designed to facilitate threat hunts. To receive all available information use the JSON output, which can then be filtered as needed.

Install

Option 1: Binary

Download the latest release from https://github.com/jakewarren/bulkiplkup/releases/latest

Option 2: From source

go install github.com/jakewarren/bulkiplkup@latest

Example

Enriched with ipapi.is

❯ echo "8.8.8.8" | bulkiplkup 
ip,country code,asn,asn_name,asn_type,asn_abuse_score,company_name,company_type,company_abuse_score,is_abuser,is_vpn,is_proxy,is_tor,is_datacenter,is_crawler,is_mobile,is_suspicious
8.8.8.8,United States,15169,"GOOGLE, US",hosting,0 (Very Low),Google LLC,hosting,0.0039 (Low),true,true,false,false,true,false,false,true

Enriched with Team Cymru's IP to ASN mapping service

❯ echo "8.8.8.8" | bulkiplkup 
IP      |LOC |ASN     |ISP            |Range
8.8.8.8 |US  |AS15169 |Google LLC, US |8.8.8.0/24

Usage

bulkiplkup reads newline separated IP addresses from a file or STDIN.

To enrich IPs with ipapi.is, provide an API key in the IPAPI_KEY environment variable or as a parameter. If the key is not avaiable the program will fall back to Team Cymru's IP to ASN mapping service.

❯ bulkiplkup -h
Usage: bulkiplkup [<flags>] [FILE]

Optional flags:

  -k, --api-key="": API key for ipapi.is. Also accepts the IPAPI_KEY environment variable.
  -c, --csv=true: output in CSV format
  -h, --help=false: display help
  -j, --json=false: output in JSON format
  -v, --verbose=false: verbose output

Acknowledgements

Changes

All notable changes to this project will be documented in the changelog.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

About

perform a bulk lookup of IP addresses utilizing team cymru's IP to ASN service

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 4

v1.1.0 Latest
Jun 9, 2024
+ 3 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages