check

package
v0.47.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2024 License: MIT Imports: 33 Imported by: 2

Documentation

Overview

Package check contains types and functions for getting information on IP addresses.

Index

Constants

This section is empty.

Variables

View Source 
var Funcs = []Func{
	AbuseIPDB,
	BlockList,
	CinsScore,
	DBip,
	DnsMX,
	DnsName,
	Firehol,
	IPSum,
	IPtoASN,
	IsOnAWS,
	MaxMind,
	OTX,
	PhishStats,
	Ping,
	SansISC,
	Shodan,
	Tls,
	UrlScan,
	VirusTotal,
}

Funcs contains all available functions for checking IP addresses.

Functions

This section is empty.

Types

type Check 

type Check struct {
	Description        string `json:"description"` // max 15 chars
	Type               Type   `json:"type"`
	MissingCredentials string `json:"missingCredentials,omitempty"`
	IpAddrIsMalicious  bool   `json:"ipAddrIsMalicious"`
	IpAddrInfo         IpInfo `json:"ipAddrInfo"`
}

Check contains information on the check itself and the obtained information about an IP address

func AbuseIPDB added in v0.24.0 

func AbuseIPDB(ipaddr net.IP) (Check, error)

AbuseIPDB uses api.abuseipdb.com to get generic information about ipaddr and to see if the ipaddr has been reported as malicious.

func BlockList added in v0.24.0 

func BlockList(ipaddr net.IP) (Check, error)

BlockList searches the ipaddr in lists.blocklist.de/lists/dnsbl/all.list.

func Censys added in v0.46.5 

func Censys(ipaddr net.IP) (Check, error)

Censys gets generic information from search.censys.io.

func CinsScore added in v0.24.0 

func CinsScore(ipaddr net.IP) (Check, error)

CinsScore searches ipaddr in https://cinsscore.com/list/ci-badguys.txt.

func DBip added in v0.24.0 

func DBip(ip net.IP) (Check, error)

DBip gets geolocation from https://db-ip.com/db/download/ip-to-city-lite.

func DnsMX added in v0.24.0 

func DnsMX(ipaddr net.IP) (Check, error)

DnsMX performs reverse lookup and consults AbuseIPDB to get domain names fo the ipaddr. Then it looks up MX records (mail servers) for the given domain names.

func DnsName added in v0.24.0 

func DnsName(ipaddr net.IP) (Check, error)

DnsName does a reverse lookup for a given IP address to get its names.

func Firehol added in v0.28.0 

func Firehol(ipaddr net.IP) (Check, error)

Firehol checks whether the ipaddr is found on blacklist https://iplists.firehol.org/?ipset=firehol_level1.

func IPSum added in v0.24.0 

func IPSum(ipaddr net.IP) (Check, error)

IPSum checks how many blacklists the ipaddr is found on. It uses https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt.

func IPtoASN added in v0.24.0 

func IPtoASN(ipaddr net.IP) (Check, error)

IPtoASN gets info about autonomous system of the ipaddr. The data is taken from https://iptoasn.com/data/ip2asn-combined.tsv.gz.

func IsOnAWS added in v0.46.0 

func IsOnAWS(ipaddr net.IP) (Check, error)

IsOnAWS checks if ipaddr belongs to AWS. If so it provides info about the IP address. It gets the info from https://ip-ranges.amazonaws.com/ip-ranges.json

func MaxMind added in v0.24.0 

func MaxMind(ip net.IP) (Check, error)

MaxMind gets geolocation data from maxmind.com's GeoLite2-City.mmdb.

func OTX added in v0.24.0 

func OTX(ipaddr net.IP) (Check, error)

OTX counts pulses to find out whether the ipaddr is malicious. Is uses https://otx.alienvault.com/api/v1/indicators/IPv4.

func PhishStats added in v0.29.0 

func PhishStats(ipaddr net.IP) (Check, error)

PhishStats checks whether the ipaddr is involved in phishing according to https://phishstats.info/phish_score.csv.

func Ping added in v0.24.0 

func Ping(ipaddr net.IP) (Check, error)

Ping sends five pings (ICMP echo request packets) to the ippaddr and returns the statistics.

func SansISC added in v0.43.0 

func SansISC(ipaddr net.IP) (Check, error)

SansISC gets info from SANS Internet Storm Center API. curl "https://isc.sans.edu/api/ip/${IPADDR}?json"

func Shodan added in v0.24.0 

func Shodan(ipaddr net.IP) (Check, error)

Shodan gets generic information from api.shodan.io.

func Tls added in v0.30.0 

func Tls(ipaddr net.IP) (Check, error)

Tls finds out TLS information by connecting to the ipaddr and TCP port 443.

func UrlScan added in v0.24.0 

func UrlScan(ipaddr net.IP) (Check, error)

UrlScan gets data from urlscan.io. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates.

func VirusTotal added in v0.24.0 

func VirusTotal(ipaddr net.IP) (Check, error)

VirusTotal gets generic information and security reputation about the ippaddr from https://www.virustotal.com/api.

type Func added in v0.47.0 

type Func func(ipaddr net.IP) (Check, error)

Func gathers generic and/or security information about an IP address.

type IpInfo added in v0.47.0 

type IpInfo interface {
	Summary() string       // summary info
	Json() ([]byte, error) // all info in JSON format
}

IpInfo is generic information on an IP address.

type Type 

type Type int

Type is the type of a Check. 

const (
	Info               Type = iota // some information about the IP address
	IsMalicious                    // whether the IP address is considered malicious
	InfoAndIsMalicious             // both of the above
)

Type of a check.

func (Type) MarshalJSON added in v0.47.0 

func (t Type) MarshalJSON() ([]byte, error)

func (Type) String added in v0.15.0 

func (t Type) String() string

String returns the name of the Check type.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.