AbuseIP Bulk Check Script, Admiral SYN-ACKbar's Security Project Emporium

Admiralty Labs Presents: The AbuseIP DB Bulk Check Script

Get it at: https://github.com/AdmiralSYN-ACKbar

From the research laboratories of The Admiralty comes the Abuse IP Database Bulk Check script. This program was created to allow security investigators to check large quantities of IP addresses in an automated fashion against the Abuse IP Database, which reports and tracks reports of abusive activity by IP address.

Stardate 01/2021 Update:
Windows Powershell Script version with shiny WinForms GUI is now available!

ORIGIN STORY – A BASH SCRIPT IS BORN

The need for this arose when The Admiralty’s team of mighty SOC warriors was honored with the task of checking a huge quantity of IP addresses for abusive activity. Within the span of a night’s watch, I created the skeleton of this script, so that that we could better illuminate the cowering facades of our enemies. Over the next 3 weeks, I refined it, added a basic GUI, and added further functionality.

Front menu

Entering API key during setup. Pro tip: copy-and paste this by right-clicking in the Bash shell!

Sample CSV file to be checked

File path to CSV file entered here

Output file path entered here

Dates of abuse reports set

Final output

Breaking Intelligence Dispatch from The Admiralty: This script is now posted on the AbuseIPDB website! AbuseIPDB, you have won yourselves a stalwart ally in this quadrant. Your contribution to the defense of this sector will not be easily forgotten.

This program begins with a CSV file that consists of a list of IP addresses to check. CIDR IP blocks are also supported – blocks as large as /24 are supported with a free account at AbuseIPDB.com. The program then checks for abusive activities against the Abuse IP Database. A CSV is produced with information on each IP, including number of Abuse reports that have been made against it, % confidence of abuse, and associated domain names. A stunning, 1980s-style Whiptail GUI is utilized, and configuration files are saved for re-use.

I have a litany of improvements I want to make on the program, including deploying a web app version. This program is currently only usable in Linux. To use, download it, grant it executable permission (“chmod +x filename.sh”), and run it from command-line. The ReadMe file accessed through the program will guide you through the rest.

Go forth and investigate IPs in bulk, ye dissectors of packets, ye sniffers of traffic, ye steadfast guardians of The Admiralty.

Unlock the arsenal for the low cost of 0 energy credits at:
https://gitlab.com/AdmiralSYN-ACKbar/BulkCheck