bulkiplkup

command module

v1.1.0 Latest Latest Go to latest Published: Jun 9, 2024 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jakewarren/bulkiplkup

Links

Open Source Insights

README ¶

bulkiplkup

perform a bulk lookup of IP addresses

This tool assists with enriching a large amount of IP addresses with additonal information. If an ipapi.is API key is provided, additional information will be fetched. The data from ipapi.is is extended with an additional field called is_suspicious which is set to true if the IP is a known abuser, VPN, proxy, Tor exit node, datacenter, or the company's abuse score is 'High' or 'Very High'.

[!NOTE] The output format of the ipapi.is is opioninated and was designed to facilitate threat hunts. To receive all available information use the JSON output, which can then be filtered as needed.

Install

Option 1: Binary

Download the latest release from https://github.com/jakewarren/bulkiplkup/releases/latest

Option 2: From source

go install github.com/jakewarren/bulkiplkup@latest

Example

Enriched with ipapi.is

❯ echo "8.8.8.8" | bulkiplkup 
ip,country code,asn,asn_name,asn_type,asn_abuse_score,company_name,company_type,company_abuse_score,is_abuser,is_vpn,is_proxy,is_tor,is_datacenter,is_crawler,is_mobile,is_suspicious
8.8.8.8,United States,15169,"GOOGLE, US",hosting,0 (Very Low),Google LLC,hosting,0.0039 (Low),true,true,false,false,true,false,false,true

Enriched with Team Cymru's IP to ASN mapping service

❯ echo "8.8.8.8" | bulkiplkup 
IP      |LOC |ASN     |ISP            |Range
8.8.8.8 |US  |AS15169 |Google LLC, US |8.8.8.0/24

Usage

bulkiplkup reads newline separated IP addresses from a file or STDIN.

To enrich IPs with ipapi.is, provide an API key in the IPAPI_KEY environment variable or as a parameter. If the key is not avaiable the program will fall back to Team Cymru's IP to ASN mapping service.

❯ bulkiplkup -h
Usage: bulkiplkup [<flags>] [FILE]

Optional flags:

  -k, --api-key="": API key for ipapi.is. Also accepts the IPAPI_KEY environment variable.
  -c, --csv=true: output in CSV format
  -h, --help=false: display help
  -j, --json=false: output in JSON format
  -v, --verbose=false: verbose output

Acknowledgements

Team Cymru for hosting their excellent IP to ASN mapping service - http://www.team-cymru.com/IP-ASN-mapping.html
https://github.com/ammario/ipisp/ Golang IP to ISP library utilizing team cymru's IP to ASN service

Changes

All notable changes to this project will be documented in the changelog.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL