Know Your IP¶
Get data on IP addresses. Learn where they are located (lat/long, country, city, time zone), whether they are blacklisted or not (by abuseipdb, virustotal, ipvoid, etc.) and for what (and when they were blacklisted), which ports are open, and what services are running (via shodan), and what you get when you ping or issue a traceroute.
If you are curious about potential application of the package, we have a
presentation on
its use in cybersecurity analysis workflow.
You can use the package in two different ways. You can call it from the shell, or you can
use it as an external library. From the shell, you can run know_your_ip. It takes a csv
with a single column of IP addresses (sample input file: know_your_ip.cfg),
details of the API keys to various services (in know_your_ip.cfg)
and which columns you would like from which service (in this example columns.txt),
and appends the requested results to the IP list (sample output file: output.csv).
This simple setup allows you to mix and match easily.
If you want to use it as an external library, the package also provides that. The function query_ip relies
on the same config files as know_your_ip and takes an IP address. We illustrate its use below. You can
also get data from specific services. For instance, if you only care about getting the MaxMind data,
use maxmind_geocode_ip. If you would like data from the abuseipdb, call the abuseipdb_api function, etc.
These functions still rely on the global config and columns files. For examples of how to use the package,
see example.py or the jupyter notebook
example.ipynb.
Brief Primer on Functionality¶
Geocoding IPs: There is no simple way to discern the location of an IP. The locations are typically inferred from data on delay and topology along with information from private and public databases. For instance, one algorithm starts with a database of locations of various ‘landmarks’, calculates the maximum distance of the last router before IP from the landmarks using Internet speed, and builds a boundary within which the router must be present and then takes the centroid of it. The accuracy of these inferences is generally unknown, but can be fairly `poor.’ For instance, most geolocation services place my IP more than 30 miles away from where I am. Try http://www.geoipinfo.com/.
The script provides hook to Maxmind City Lite DB. It expects a copy of the database to be in the folder in which the script is run. To download the database, go here. The function
maxmind_geocode_ipreturns city, country, lat/long etc.Timezone: In theory, there are 24 time zones. In practice, a few more. For instance, countries like India have half-hour offsets. Theoretical mappings can be easily created for lat/long data based on the 15 degrees longitude span. For practical mappings, one strategy is to map (nearest) city to time zone (recall the smallish lists that you scroll though on your computer’s time/date program.) There are a variety of services for getting the timezone, including, but not limited to,
For its ease, we choose a Python hook to nodeJS lat/long to
timezone. To get the timezone, we first
need to geocode the IP (see above). The function tzwhere_timezone takes
lat/long and returns timezone.
Ping: Sends out a ICMP echo request and waits for the reply. Measures round-trip time (min, max, and mean), reporting errors and packet loss. If there is a timeout, the function produces nothing. If there is a reply, it returns:
packets_sent, packets_received, packets_lost, min_time, max_time, avg_time
Traceroute: Sends a UDP (or ICMP) packet. Builds the path for how the request is routed, noting routers and time.
Backgrounder:
- censys.io: Performs ZMap and ZGrab scans of
IPv4 address space. To use censys.io, you must first register.
Once you register and have the API key, put in
here. The function takes an IP and returns asn, timezone, country etc. For a full list, see https://censys.io/ipv4/help. - shodan.io: Scans devices connected to the
Internet for services, open ports etc. You must register to use
shodan.io. Querying costs money. Once you register and have the
API key, put in
here. The script implements two API calls: shodan/host/ip and shodan/scan. The function takes a list of IPs and returns
- censys.io: Performs ZMap and ZGrab scans of
IPv4 address space. To use censys.io, you must first register.
Once you register and have the API key, put in
Blacklists and Backgrounders: The number of services that maintain blacklists is enormous. Here’s a list of some of the services: TornevallNET, BlockList_de, Spamhaus, MyWOT, SpamRATS, Malc0de, SpyEye, GoogleSafeBrowsing, ProjectHoneypot, etc. Some of the services report results from other services as part of their results. In this script, we implement hooks to the following three:
- virustotal.com: A Google company that
analyzes and tracks suspicious files, URLs, and IPs. You must
register to use virustotal. Once you register and have the API
key, put in
here. The function implements retrieving IP address reports method. - abuseipdb.com: Tracks reports on IPs.
You must register to use the API. Once you register and have the
API key, put in
here. There is a limit of 5k pings per month. The function that we implement here is a mixture of API and scraping as the API doesn’t return details of the reports filed. - ipvoid.com: Tracks information on IPs. There is no API. We scrape information about IPs including status on various blacklist sites.
- virustotal.com: A Google company that
analyzes and tracks suspicious files, URLs, and IPs. You must
register to use virustotal. Once you register and have the API
key, put in
Query Limits¶
| Service | Query Limits | More Info |
|---|---|---|
| Censys.io | 120/5 minutes | Censys Acct. |
| Virustotal | 4/minute | Virustotal API Doc. |
| AbuseIPDB | 2500/month | AbuseIPDB FAQ |
| IPVoid | - | |
| Shodan | - | |
| ———– | —————- | ———– |
API¶
Know You IP
Get data on IP addresses. Learn where they are located (lat/long, country, city, time zone), whether they are blacklisted or not (by abuseipdb, virustotal, ipvoid, etc.) and for what (and when they were blacklisted), which ports are open, and what services are running (via shodan), and what you get when you ping or issue a traceroute.
-
know_your_ip.load_config(args=None)¶ Load details of API keys etc. from the config. file
Parameters: args – load default config from <package dir>/know_your_ip.cfgif None or load config from the given filename.Returns: configuration object. Return type: obj Notes
-
know_your_ip.maxmind_geocode_ip(args, ip)¶ Get location of IP address from Maxmind City database (GeoLite2-City.mmdb)
Parameters: - args – via the
load_configfunction. - ip – an IP address
Returns: Geolocation data
Return type: dict
Notes
- There are other Maxmind databases including:
- Country Database (GeoLite2-Country.mmdb)
- Anonymous IP Database (GeoIP2-Anonymouse-IP.mmdb)
- Connection-Type Database (GeoIP2-Connection-Type.mmdb)
- Domain Database (GeoIP2-Domain.mmdb)
- ISP Database (GeoIP2-ISP.mmdb)
- args – via the
-
know_your_ip.geonames_timezone(args, lat, lng)¶ Get timezone for a latitude/longitude from GeoNames
Parameters: - args – via the
load_configfunction. - lat (float) – latitude
- lng (float) – longitude
Returns: GeoNames data
Return type: dict
Notes
Please visit this link for more information about GeoNames.org Web Services
e.g. URL: http://api.geonames.org/timezone?lat=47.01&lng=10.2&username=demo
- Limit:
- 30,000 credits daily limit per application (identified by the parameter ‘username’), the hourly limit is 2000 credits. A credit is a web service request hit for most services. An exception is thrown when the limit is exceeded.
Example
geonames_timezone(args, 32.0617, 118.7778)
- args – via the
-
know_your_ip.tzwhere_timezone(args, lat, lng)¶ Get timezone of a latitude/longitude using the tzwhere package.
Parameters: - args – via the
load_configfunction. - lat (float) – latitude
- lng (float) – longitude
Returns: timezone data
Return type: dict
Example
tzwhere_timezone(args, 32.0617, 118.7778)
- args – via the
-
know_your_ip.ipvoid_scan(args, ip)¶ Get Blacklist information from IPVoid website
Parameters: - args – via the
load_configfunction. - ip (str) – an IP address
Returns: IPVoid information
Return type: dict
Example
ipvoid_scan(args, ‘222.186.30.49’)
- args – via the
-
know_your_ip.abuseipdb_web(args, ip)¶ Get information from AbuseIPDB website
Parameters: - args – via the
load_configfunction. - ip (str) – an IP address
Returns: AbuseIPDB information
Return type: dict
References
e.g. http://www.abuseipdb.com/check/94.31.29.154
Example
abuseipdb_web(args, ‘222.186.30.49’)
- args – via the
-
know_your_ip.abuseipdb_api(args, ip)¶ Get information from AbuseIPDB via API
Parameters: - args – via the
load_configfunction. - ip (str) – an IP address
Returns: AbuseIPDB information
Return type: dict
References
- https://www.abuseipdb.com/api.html
- e.g. https://www.abuseipdb.com/check/[IP]/json?key=[API_KEY]&days=[DAYS]
Example
abuseipdb_api(args, ‘222.186.30.49’)
- args – via the
-
know_your_ip.censys_api(args, ip)¶ Get information from Censys Search API
Parameters: - args – via the
load_configfunction. - ip (str) – an IP address
Returns: Censys information
Return type: dict
References
Fields: https://censys.io/ipv4/help
Example
censys_api(args, ‘222.186.30.49’)
- args – via the
-
know_your_ip.shodan_api(args, ip)¶ Get information from Shodan
Parameters: - args – via the
load_configfunction. - ip (str) – an IP address
Returns: Shodan information
Return type: dict
Example
shodan_api(args, ‘222.186.30.49’)
- args – via the
-
know_your_ip.virustotal_api(args, ip)¶ Get information from VirusTotal Public API
Parameters: - args – via the
load_configfunction. - ip (str) – an IP address
Returns: Virustotal information
Return type: dict
Notes
- Public API Limitation
- Privileges public key
- Request rate 4 requests/minute
- Daily quota 5760 requests/day
- Monthly quota 178560 requests/month
Example
virustotal_api(args, ‘222.186.30.49’)
- args – via the
-
know_your_ip.ping(args, ip)¶ Get information using Ping (ICMP protocol)
Parameters: - args – via the
load_configfunction. - ip (str) – an IP address
Returns: Ping statistics information
Return type: dict
Notes
Ping function is based on a pure python ping implementation using raw socket and you must have root (on Linux) or Admin (on Windows) privileges to run.
Example
ping(args, ‘222.186.30.49’)
- args – via the
-
know_your_ip.traceroute(args, ip)¶ Get information using traceroute
Parameters: - args – via the
load_configfunction. - ip (str) – an IP address
Returns: traceroute information
Return type: dict
Notes
Currently traceroute uses the operating system command traceroute on Linux and tracert on Windows.
Example
traceroute(args, ‘222.186.30.49’)
- args – via the
-
know_your_ip.query_ip(args, ip)¶ Get all information of IP address
Parameters: - args – via the
load_configfunction. - ip (str) – an IP address
Returns: Information on the given IP address
Return type: dict
Example
query_ip(args, ‘222.186.30.49’)
- args – via the
-
know_your_ip.apivoid_api(args, ip)¶ Get information from APIVoid IP Reputation API
Parameters: - args – via the
load_configfunction. - ip (str) – an IP address
Returns: IP Reputation API information
Return type: dict
Notes
Must register and get 25 free API credits valid for 30 days
Example
apivoid_api(args, ‘222.186.30.49’)
- args – via the
Installation¶
The script depends on some system libraries. Currently traceroute uses
operating system command traceroute on Linux and tracert on
Windows.
Ping function is based on a pure python ping implementation using raw socket and you must have root (on Linux) or Admin (on Windows) privileges to run
# Install package and dependencies
pip install know_your_ip
# On Ubuntu Linux (if traceroute command not installed)
sudo apt-get install traceroute
Note: If you use anaconda on Windows, it is best to install Shapely via:
conda install -c scitools shapely
Getting KYIP Ready For Use¶
To use the software, you need to take care of three things. You need to fill out the API keys in the config file, have a copy of MaxMind db if you want to use MaxMind, and pick out the columns you want in the columns.txt file:
- In the config file (default:
know_your_ip.cfg), the settings grouped by function. - For Maxmind API, the script expects a copy of the database to be in
the folder specify by
dbpathin the config file. To download the database, go here - In the columns file (default:
columns.txt), there are the data columns to be output by the script. We may have more than one columns file but only one will be use by setting thecolumnsvariable inoutputsection.
Configuration File¶
Most of functions make calls to different public REST APIs and hence require an API key and/or username. You can register to get the API keys at the following URLs:
[maxmind] enable = 1 dbpath = ./db [geonames] enable = 0 username=<<<Please register at http://www.geonames.org/login>>> [abuseipdb] enable = 0 key = <<<Please register to get the key from https://www.abuseipdb.com/register>>> cat_catid = abuseipdb_cat_catid.csv days = 180 [ipvoid] enable = 1 [apivoid] enable = 0 api_key = <<<Please register at https://app.apivoid.com/register/>>> [censys] enable = 0 api_url = https://www.censys.io/api/v1 uid = <<<Please register at https://censys.io/register>>> secret = <<<Please register at https://censys.io/register>>> [shodan] enable = 0 api_key = <<<Please register at https://account.shodan.io/register>>> [virustotal] enable = 0 api_key = <<<Please register at https://www.virustotal.com/en/documentation/virustotal-community/>>> [ping] enable = 0 timeout = 3000 count = 3 [traceroute] enable = 0 max_hops = 30 [tzwhere] enable = 1 [output] columns = columns.txtSee
this example know_your_ip.cfgWe can also select the data columns which will be outputted to the CSV file in the text file. To take out that column from the output file, add
#at the start of line in the text filecolumns.txt.# Common ip # MaxMind City Database #maxmind.city.geoname_id #maxmind.city.names.de #maxmind.city.names.en #maxmind.city.names.es #maxmind.city.names.fr #maxmind.city.names.ja #maxmind.city.names.pt-BR #maxmind.city.names.ru #maxmind.city.names.zh-CN #maxmind.continent.code #maxmind.continent.geoname_id #maxmind.continent.names.de maxmind.continent.names.en #maxmind.continent.names.es #maxmind.continent.names.fr #maxmind.continent.names.ja #maxmind.continent.names.pt-BR #maxmind.continent.names.ru #maxmind.continent.names.zh-CN #maxmind.country.geoname_id #maxmind.country.iso_code #maxmind.country.names.de maxmind.country.names.en #maxmind.country.names.es #maxmind.country.names.fr #maxmind.country.names.ja #maxmind.country.names.pt-BR #maxmind.country.names.ru #maxmind.country.names.zh-CN #maxmind.location.latitude #maxmind.location.longitude #maxmind.location.metro_code maxmind.location.time_zone maxmind.postal.code #maxmind.registered_country.geoname_id #maxmind.registered_country.iso_code #maxmind.registered_country.names.de maxmind.registered_country.names.en #maxmind.registered_country.names.es #maxmind.registered_country.names.fr #maxmind.registered_country.names.ja #maxmind.registered_country.names.pt-BR #maxmind.registered_country.names.ru #maxmind.registered_country.names.zh-CN #maxmind.subdivisions #maxmind.traits.ip_address # GeoNames #geonames.timezoneId #geonames.rawOffset #geonames.countryCode #geonames.countryName #geonames.dstOffset #geonames.sunset #geonames.time #geonames.lat #geonames.lng #geonames.gmtOffset #geonames.sunrise # tzwhere tzwhere.timezone # Ping #ping.timeout #ping.count #ping.max #ping.min #ping.avg #ping.percent_loss # Traceroute #traceroute.max_hops #traceroute.hops # abuseipdb API abuseipdb.bad_isp abuseipdb.categories #abuseipdb.reports #abuseipdb.total #abuseipdb.trusted_isp #abuseipdb.version # abuseipdb Web #abuseipdb.city #abuseipdb.country #abuseipdb.host_name #abuseipdb.isp #abuseipdb.organization #abuseipdb.postal_code #abuseipdb.region_state #abuseipdb.found #abuseipdb.history # ipvoid #ipvoid.analysis_date #ipvoid.asn #ipvoid.asn_owner ipvoid.blacklist_status #ipvoid.city #ipvoid.continent #ipvoid.country_code #ipvoid.ip_address #ipvoid.isp #ipvoid.latitude_longitude #ipvoid.region ipvoid.reverse_dns #ipvoid.alerts # apivoid apivoid.anonymity.is_hosting apivoid.anonymity.is_proxy apivoid.anonymity.is_tor apivoid.anonymity.is_vpn apivoid.anonymity.is_webproxy apivoid.blacklists.detection_rate apivoid.blacklists.detections #apivoid.blacklists.engines.0.detected #apivoid.blacklists.engines.0.elapsed #apivoid.blacklists.engines.0.engine #apivoid.blacklists.engines.0.reference #apivoid.blacklists.engines.1.detected #apivoid.blacklists.engines.1.elapsed #apivoid.blacklists.engines.1.engine #apivoid.blacklists.engines.1.reference #apivoid.blacklists.engines.2.detected #apivoid.blacklists.engines.2.elapsed #apivoid.blacklists.engines.2.engine #apivoid.blacklists.engines.2.reference #apivoid.blacklists.engines.3.detected #apivoid.blacklists.engines.3.elapsed #apivoid.blacklists.engines.3.engine #apivoid.blacklists.engines.3.reference #apivoid.blacklists.engines.4.detected #apivoid.blacklists.engines.4.elapsed #apivoid.blacklists.engines.4.engine #apivoid.blacklists.engines.4.reference #apivoid.blacklists.engines.5.detected #apivoid.blacklists.engines.5.elapsed #apivoid.blacklists.engines.5.engine #apivoid.blacklists.engines.5.reference #apivoid.blacklists.engines.6.detected #apivoid.blacklists.engines.6.elapsed #apivoid.blacklists.engines.6.engine #apivoid.blacklists.engines.6.reference #apivoid.blacklists.engines.7.detected #apivoid.blacklists.engines.7.elapsed #apivoid.blacklists.engines.7.engine #apivoid.blacklists.engines.7.reference #apivoid.blacklists.engines.8.detected #apivoid.blacklists.engines.8.elapsed #apivoid.blacklists.engines.8.engine #apivoid.blacklists.engines.8.reference #apivoid.blacklists.engines.9.detected #apivoid.blacklists.engines.9.elapsed #apivoid.blacklists.engines.9.engine #apivoid.blacklists.engines.9.reference #apivoid.blacklists.engines.10.detected #apivoid.blacklists.engines.10.elapsed #apivoid.blacklists.engines.10.engine #apivoid.blacklists.engines.10.reference #apivoid.blacklists.engines.11.detected #apivoid.blacklists.engines.11.elapsed #apivoid.blacklists.engines.11.engine #apivoid.blacklists.engines.11.reference #apivoid.blacklists.engines.12.detected #apivoid.blacklists.engines.12.elapsed #apivoid.blacklists.engines.12.engine #apivoid.blacklists.engines.12.reference #apivoid.blacklists.engines.13.detected #apivoid.blacklists.engines.13.elapsed #apivoid.blacklists.engines.13.engine #apivoid.blacklists.engines.13.reference #apivoid.blacklists.engines.14.detected #apivoid.blacklists.engines.14.elapsed #apivoid.blacklists.engines.14.engine #apivoid.blacklists.engines.14.reference #apivoid.blacklists.engines.15.detected #apivoid.blacklists.engines.15.elapsed #apivoid.blacklists.engines.15.engine #apivoid.blacklists.engines.15.reference #apivoid.blacklists.engines.16.detected #apivoid.blacklists.engines.16.elapsed #apivoid.blacklists.engines.16.engine #apivoid.blacklists.engines.16.reference #apivoid.blacklists.engines.17.detected #apivoid.blacklists.engines.17.elapsed #apivoid.blacklists.engines.17.engine #apivoid.blacklists.engines.17.reference #apivoid.blacklists.engines.18.detected #apivoid.blacklists.engines.18.elapsed #apivoid.blacklists.engines.18.engine #apivoid.blacklists.engines.18.reference #apivoid.blacklists.engines.19.detected #apivoid.blacklists.engines.19.elapsed #apivoid.blacklists.engines.19.engine #apivoid.blacklists.engines.19.reference #apivoid.blacklists.engines.20.detected #apivoid.blacklists.engines.20.elapsed #apivoid.blacklists.engines.20.engine #apivoid.blacklists.engines.20.reference #apivoid.blacklists.engines.21.detected #apivoid.blacklists.engines.21.elapsed #apivoid.blacklists.engines.21.engine #apivoid.blacklists.engines.21.reference #apivoid.blacklists.engines.22.detected #apivoid.blacklists.engines.22.elapsed #apivoid.blacklists.engines.22.engine #apivoid.blacklists.engines.22.reference #apivoid.blacklists.engines.23.detected #apivoid.blacklists.engines.23.elapsed #apivoid.blacklists.engines.23.engine #apivoid.blacklists.engines.23.reference #apivoid.blacklists.engines.24.detected #apivoid.blacklists.engines.24.elapsed #apivoid.blacklists.engines.24.engine #apivoid.blacklists.engines.24.reference #apivoid.blacklists.engines.25.detected #apivoid.blacklists.engines.25.elapsed #apivoid.blacklists.engines.25.engine #apivoid.blacklists.engines.25.reference #apivoid.blacklists.engines.26.detected #apivoid.blacklists.engines.26.elapsed #apivoid.blacklists.engines.26.engine #apivoid.blacklists.engines.26.reference #apivoid.blacklists.engines.27.detected #apivoid.blacklists.engines.27.elapsed #apivoid.blacklists.engines.27.engine #apivoid.blacklists.engines.27.reference #apivoid.blacklists.engines.28.detected #apivoid.blacklists.engines.28.elapsed #apivoid.blacklists.engines.28.engine #apivoid.blacklists.engines.28.reference #apivoid.blacklists.engines.29.detected #apivoid.blacklists.engines.29.elapsed #apivoid.blacklists.engines.29.engine #apivoid.blacklists.engines.29.reference #apivoid.blacklists.engines.30.detected #apivoid.blacklists.engines.30.elapsed #apivoid.blacklists.engines.30.engine #apivoid.blacklists.engines.30.reference #apivoid.blacklists.engines.31.detected #apivoid.blacklists.engines.31.elapsed #apivoid.blacklists.engines.31.engine #apivoid.blacklists.engines.31.reference #apivoid.blacklists.engines.32.detected #apivoid.blacklists.engines.32.elapsed #apivoid.blacklists.engines.32.engine #apivoid.blacklists.engines.32.reference #apivoid.blacklists.engines.33.detected #apivoid.blacklists.engines.33.elapsed #apivoid.blacklists.engines.33.engine #apivoid.blacklists.engines.33.reference #apivoid.blacklists.engines.34.detected #apivoid.blacklists.engines.34.elapsed #apivoid.blacklists.engines.34.engine #apivoid.blacklists.engines.34.reference #apivoid.blacklists.engines.35.detected #apivoid.blacklists.engines.35.elapsed #apivoid.blacklists.engines.35.engine #apivoid.blacklists.engines.35.reference #apivoid.blacklists.engines.36.detected #apivoid.blacklists.engines.36.elapsed #apivoid.blacklists.engines.36.engine #apivoid.blacklists.engines.36.reference #apivoid.blacklists.engines.37.detected #apivoid.blacklists.engines.37.elapsed #apivoid.blacklists.engines.37.engine #apivoid.blacklists.engines.37.reference #apivoid.blacklists.engines.38.detected #apivoid.blacklists.engines.38.elapsed #apivoid.blacklists.engines.38.engine #apivoid.blacklists.engines.38.reference #apivoid.blacklists.engines.39.detected #apivoid.blacklists.engines.39.elapsed #apivoid.blacklists.engines.39.engine #apivoid.blacklists.engines.39.reference #apivoid.blacklists.engines.40.detected #apivoid.blacklists.engines.40.elapsed #apivoid.blacklists.engines.40.engine #apivoid.blacklists.engines.40.reference #apivoid.blacklists.engines.41.detected #apivoid.blacklists.engines.41.elapsed #apivoid.blacklists.engines.41.engine #apivoid.blacklists.engines.41.reference #apivoid.blacklists.engines.42.detected #apivoid.blacklists.engines.42.elapsed #apivoid.blacklists.engines.42.engine #apivoid.blacklists.engines.42.reference #apivoid.blacklists.engines.43.detected #apivoid.blacklists.engines.43.elapsed #apivoid.blacklists.engines.43.engine #apivoid.blacklists.engines.43.reference #apivoid.blacklists.engines.44.detected #apivoid.blacklists.engines.44.elapsed #apivoid.blacklists.engines.44.engine #apivoid.blacklists.engines.44.reference #apivoid.blacklists.engines.45.detected #apivoid.blacklists.engines.45.elapsed #apivoid.blacklists.engines.45.engine #apivoid.blacklists.engines.45.reference #apivoid.blacklists.engines.46.detected #apivoid.blacklists.engines.46.elapsed #apivoid.blacklists.engines.46.engine #apivoid.blacklists.engines.46.reference #apivoid.blacklists.engines.47.detected #apivoid.blacklists.engines.47.elapsed #apivoid.blacklists.engines.47.engine #apivoid.blacklists.engines.47.reference #apivoid.blacklists.engines.48.detected #apivoid.blacklists.engines.48.elapsed #apivoid.blacklists.engines.48.engine #apivoid.blacklists.engines.48.reference #apivoid.blacklists.engines.49.detected #apivoid.blacklists.engines.49.elapsed #apivoid.blacklists.engines.49.engine #apivoid.blacklists.engines.49.reference #apivoid.blacklists.engines.50.detected #apivoid.blacklists.engines.50.elapsed #apivoid.blacklists.engines.50.engine #apivoid.blacklists.engines.50.reference #apivoid.blacklists.engines.51.detected #apivoid.blacklists.engines.51.elapsed #apivoid.blacklists.engines.51.engine #apivoid.blacklists.engines.51.reference #apivoid.blacklists.engines.52.detected #apivoid.blacklists.engines.52.elapsed #apivoid.blacklists.engines.52.engine #apivoid.blacklists.engines.52.reference #apivoid.blacklists.engines.53.detected #apivoid.blacklists.engines.53.elapsed #apivoid.blacklists.engines.53.engine #apivoid.blacklists.engines.53.reference #apivoid.blacklists.engines.54.detected #apivoid.blacklists.engines.54.elapsed #apivoid.blacklists.engines.54.engine #apivoid.blacklists.engines.54.reference #apivoid.blacklists.engines.55.detected #apivoid.blacklists.engines.55.elapsed #apivoid.blacklists.engines.55.engine #apivoid.blacklists.engines.55.reference #apivoid.blacklists.engines.56.detected #apivoid.blacklists.engines.56.elapsed #apivoid.blacklists.engines.56.engine #apivoid.blacklists.engines.56.reference #apivoid.blacklists.engines.57.detected #apivoid.blacklists.engines.57.elapsed #apivoid.blacklists.engines.57.engine #apivoid.blacklists.engines.57.reference #apivoid.blacklists.engines.58.detected #apivoid.blacklists.engines.58.elapsed #apivoid.blacklists.engines.58.engine #apivoid.blacklists.engines.58.reference #apivoid.blacklists.engines.59.detected #apivoid.blacklists.engines.59.elapsed #apivoid.blacklists.engines.59.engine #apivoid.blacklists.engines.59.reference #apivoid.blacklists.engines.60.detected #apivoid.blacklists.engines.60.elapsed #apivoid.blacklists.engines.60.engine #apivoid.blacklists.engines.60.reference #apivoid.blacklists.engines.61.detected #apivoid.blacklists.engines.61.elapsed #apivoid.blacklists.engines.61.engine #apivoid.blacklists.engines.61.reference #apivoid.blacklists.engines.62.detected #apivoid.blacklists.engines.62.elapsed #apivoid.blacklists.engines.62.engine #apivoid.blacklists.engines.62.reference #apivoid.blacklists.engines.63.detected #apivoid.blacklists.engines.63.elapsed #apivoid.blacklists.engines.63.engine #apivoid.blacklists.engines.63.reference #apivoid.blacklists.engines.64.detected #apivoid.blacklists.engines.64.elapsed #apivoid.blacklists.engines.64.engine #apivoid.blacklists.engines.64.reference #apivoid.blacklists.engines.65.detected #apivoid.blacklists.engines.65.elapsed #apivoid.blacklists.engines.65.engine #apivoid.blacklists.engines.65.reference #apivoid.blacklists.engines.66.detected #apivoid.blacklists.engines.66.elapsed #apivoid.blacklists.engines.66.engine #apivoid.blacklists.engines.66.reference #apivoid.blacklists.engines.67.detected #apivoid.blacklists.engines.67.elapsed #apivoid.blacklists.engines.67.engine #apivoid.blacklists.engines.67.reference #apivoid.blacklists.engines.68.detected #apivoid.blacklists.engines.68.elapsed #apivoid.blacklists.engines.68.engine #apivoid.blacklists.engines.68.reference #apivoid.blacklists.engines.69.detected #apivoid.blacklists.engines.69.elapsed #apivoid.blacklists.engines.69.engine #apivoid.blacklists.engines.69.reference #apivoid.blacklists.engines.70.detected #apivoid.blacklists.engines.70.elapsed #apivoid.blacklists.engines.70.engine #apivoid.blacklists.engines.70.reference #apivoid.blacklists.engines.71.detected #apivoid.blacklists.engines.71.elapsed #apivoid.blacklists.engines.71.engine #apivoid.blacklists.engines.71.reference #apivoid.blacklists.engines.72.detected #apivoid.blacklists.engines.72.elapsed #apivoid.blacklists.engines.72.engine #apivoid.blacklists.engines.72.reference #apivoid.blacklists.engines.73.detected #apivoid.blacklists.engines.73.elapsed #apivoid.blacklists.engines.73.engine #apivoid.blacklists.engines.73.reference #apivoid.blacklists.engines.74.detected #apivoid.blacklists.engines.74.elapsed #apivoid.blacklists.engines.74.engine #apivoid.blacklists.engines.74.reference #apivoid.blacklists.engines.75.detected #apivoid.blacklists.engines.75.elapsed #apivoid.blacklists.engines.75.engine #apivoid.blacklists.engines.75.reference #apivoid.blacklists.engines.76.detected #apivoid.blacklists.engines.76.elapsed #apivoid.blacklists.engines.76.engine #apivoid.blacklists.engines.76.reference #apivoid.blacklists.engines.77.detected #apivoid.blacklists.engines.77.elapsed #apivoid.blacklists.engines.77.engine #apivoid.blacklists.engines.77.reference #apivoid.blacklists.engines.78.detected #apivoid.blacklists.engines.78.elapsed #apivoid.blacklists.engines.78.engine #apivoid.blacklists.engines.78.reference #apivoid.blacklists.engines.79.detected #apivoid.blacklists.engines.79.elapsed #apivoid.blacklists.engines.79.engine #apivoid.blacklists.engines.79.reference #apivoid.blacklists.engines.80.detected #apivoid.blacklists.engines.80.elapsed #apivoid.blacklists.engines.80.engine #apivoid.blacklists.engines.80.reference #apivoid.blacklists.engines.81.detected #apivoid.blacklists.engines.81.elapsed #apivoid.blacklists.engines.81.engine #apivoid.blacklists.engines.81.reference #apivoid.blacklists.engines.82.detected #apivoid.blacklists.engines.82.elapsed #apivoid.blacklists.engines.82.engine #apivoid.blacklists.engines.82.reference #apivoid.blacklists.engines.83.detected #apivoid.blacklists.engines.83.elapsed #apivoid.blacklists.engines.83.engine #apivoid.blacklists.engines.83.reference #apivoid.blacklists.engines.84.detected #apivoid.blacklists.engines.84.elapsed #apivoid.blacklists.engines.84.engine #apivoid.blacklists.engines.84.reference #apivoid.blacklists.engines.85.detected #apivoid.blacklists.engines.85.elapsed #apivoid.blacklists.engines.85.engine #apivoid.blacklists.engines.85.reference #apivoid.blacklists.engines.86.detected #apivoid.blacklists.engines.86.elapsed #apivoid.blacklists.engines.86.engine #apivoid.blacklists.engines.86.reference #apivoid.blacklists.engines.87.detected #apivoid.blacklists.engines.87.elapsed #apivoid.blacklists.engines.87.engine #apivoid.blacklists.engines.87.reference apivoid.blacklists.engines_count apivoid.blacklists.scantime apivoid.information.city_name apivoid.information.continent_code apivoid.information.continent_name apivoid.information.country_calling_code apivoid.information.country_code apivoid.information.country_currency apivoid.information.country_name apivoid.information.isp apivoid.information.latitude apivoid.information.longitude apivoid.information.region_name apivoid.information.reverse_dns # censys # All columns list :- https://censys.io/ipv4/help #censys.autonomous_system.asn #censys.protocols #censys.location.timezone #censys.location.country #censys.location.postal_code # shodan #shodan.area_code #shodan.ip_str #shodan.last_update #shodan.region_code #shodan.postal_code #shodan.hostnames shodan.asn shodan.isp #shodan.country_name shodan.vulns shodan.os #shodan.longitude #shodan.ip #shodan.city #shodan.country_code #shodan.org #shodan.data #shodan.dma_code #shodan.latitude #shodan.country_code3 shodan.ports # virustotal #virustotal.undetected_downloaded_samples #virustotal.country #virustotal.response_code #virustotal.as_owner #virustotal.verbose_msg #virustotal.resolutions #virustotal.detected_urls #virustotal.detected_communicating_samples #virustotal.undetected_communicating_samples #virustotal.asn
Using KYIP¶
From the command line¶
usage: know_your_ip [-h] [-f FILE] [-c CONFIG] [-o OUTPUT] [-n MAX_CONN]
[--from FROM_ROW] [--to TO] [-v] [--no-header]
[ip [ip ...]]
Know Your IP
positional arguments:
ip IP Address(es)
optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE List of IP addresses file
-c CONFIG, --config CONFIG
Configuration file
-o OUTPUT, --output OUTPUT
Output CSV file name
-n MAX_CONN, --max-conn MAX_CONN
Max concurrent connections
--from FROM_ROW From row number
--to TO To row number
-v, --verbose Verbose mode
--no-header Output without header at the first row
know_your_ip --file input.csv
As an External Library¶
Please look at example.py or the jupyter notebook
example.ipynb.
As an External Library with Pandas DataFrame¶
import pandas as pd
from know_your_ip import load_config, query_ip
df = pd.read_csv('know_your_ip/examples/input.csv', header=None)
args = load_config('know_your_ip/know_your_ip.cfg')
odf = df[0].apply(lambda c: pd.Series(query_ip(args, c)))
odf.to_csv('output.csv', index=False)
Authors¶
Suriyan Laohaprapanon and Gaurav Sood
The Contributor Code of Conduct¶
The project welcomes contributions from everyone! In fact, it depends on it. To maintain this welcoming atmosphere, and to collaborate in a fun and productive way, we expect contributors to the project to abide by the Contributor Code of Conduct.
License¶
The package is released under the MIT License.