Release Date: 2026-01-13
IP Digger v1.2.0 is a major feature release that adds comprehensive WHOIS enrichment, intelligent login detection, threat intelligence via AbuseIPDB, and powerful filtering options. This release significantly enhances IP analysis capabilities for security professionals and system administrators.
Native WHOIS lookups with automatic referral following across all regional registries. Extract network ownership information, abuse contacts, CIDR ranges, and administrative details directly from authoritative sources.
Intelligent authentication event tracking that automatically identifies failed and successful login attempts across various log formats using 35+ keyword patterns.
Integrate real-time threat intelligence to identify malicious IPs with confidence scores, usage types, report counts, and ISP information.
New filtering options to exclude private networks (--no-private) and focus on top attackers (--top-10/20/50/100).
ipdigger --enrich-whois /var/log/auth.logFeatures:
- ✅ Automatic referral following (IANA → RIRs)
- ✅ Queries 6 regional registries (IANA, ARIN, RIPE, APNIC, LACNIC, AFRINIC)
- ✅ Extracts: netname, abuse email, CIDR range, admin contact
- ✅ 1-second rate limiting for respectful querying
- ✅ Progress bar with elapsed time
Example Output:
| IP Address | netname | abuse | cidr |
|-------------|------------|--------------------------|---------------------|
| 8.8.8.8 | GOGL | network-abuse@google.com | 8.8.8.0 - 8.8.8.255 |
ipdigger --detect-login /var/log/auth.logFeatures:
- ✅ Detects 35+ failure keywords (failed, denied, blocked, wrong password, etc.)
- ✅ Aggregates success/failure counts per IP
- ✅ Works with SSH, FTP, web auth, and other log formats
- ✅ Compact display format:
OK:2 F:5(2 successes, 5 failures)
Example Output:
| IP Address | Count | Login |
|----------------|-------|-------------|
| 203.0.113.45 | 8 | OK:0 F:8 |
| 192.0.2.100 | 3 | OK:3 F:0 |
ipdigger --enrich-abuseipdb /var/log/auth.logFeatures:
- ✅ Abuse confidence score (0-100 risk rating)
- ✅ Usage type (Data Center, ISP, Hosting, etc.)
- ✅ Total community reports count
- ✅ ISP information
- ✅ 100ms rate limiting for API compliance
- ✅ Progress tracking
Example Output:
| IP Address | abuseScore | usageType | totalReports | isp |
|-------------|-----------|-------------|-------------|--------------|
| 45.67.89.12 | 95 | Data Center | 247 | Hostile ISP |
ipdigger --no-private /var/log/nginx/access.logFilters out:
- RFC 1918 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
- Loopback (127.0.0.0/8)
- Link-local (169.254.0.0/16)
- IPv6 private ranges (fc00::/7, fe80::/10)
ipdigger --top-10 /var/log/auth.log
ipdigger --top-20 --enrich-whois /var/log/nginx/access.logOptions:
--top-10: Show top 10 IPs by count--top-20: Show top 20 IPs by count--top-50: Show top 50 IPs by count--top-100: Show top 100 IPs by count
All enrichment operations now show real-time progress:
Enriching [============================> ] 142/250 (56%) 18s
Format: [progress bar] completed/total (percentage) elapsed_seconds
- Old: Single license key
- New: Account ID + License Key (HTTP Basic Auth)
- Config:
[maxmind] account_id = YOUR_ACCOUNT_ID license_key = YOUR_LICENSE_KEY
New fields in JSON output:
{
"login_success_count": 2,
"login_failed_count": 8
}- Renamed
country_code→ccfor better table formatting
- Removed generic
--enrichflag - Each provider now has dedicated flag:
--enrich-geo,--enrich-rdns,--enrich-abuseipdb,--enrich-whois - Can combine multiple:
--enrich-geo --enrich-whois --enrich-abuseipdb
Find top attackers with full intelligence:
ipdigger --detect-login --enrich-whois --enrich-abuseipdb \
--top-20 --no-private /var/log/auth.logIdentify external IPs with geographic and network data:
ipdigger --enrich-geo --enrich-whois --no-private \
--output-json /var/log/nginx/access.log > results.jsonGet abuse contacts for suspicious IPs:
ipdigger --enrich-whois --detect-login \
--top-10 /var/log/auth.logCombine all enrichment sources for comprehensive analysis:
ipdigger --enrich-geo --enrich-rdns --enrich-whois --enrich-abuseipdb \
--detect-login --top-50 /var/log/auth.logwget https://github.com/kawaiipantsu/ipdigger/releases/download/v1.2.0/ipdigger_1.2.0_amd64.deb
sudo dpkg -i ipdigger_1.2.0_amd64.debgit clone https://github.com/kawaiipantsu/ipdigger.git
cd ipdigger
git checkout v1.2.0
make
sudo make installThis release maintains all security hardening features:
- Stack protection (canaries, clash protection)
- Position Independent Executable (PIE) with ASLR
- Full RELRO (read-only relocations)
- Non-executable stack
- Control flow protection
- Format string protection
- Fortified source functions
- GCC 7+ or Clang 5+ with C++17 support
- libcurl4-openssl-dev
- libssl-dev
- libmaxminddb-dev
- zlib1g-dev
- GNU Make
Report issues at: https://github.com/kawaiipantsu/ipdigger/issues
See CHANGELOG.md for detailed changes.
87b1011ebf4cd1903a74b2fa972e2d8c96e579238712bd3ee4912973ebefaa51 ipdigger_1.2.0_amd64.deb
d73c85207165e8427e2c0f9b4e8c86a4c6074a335fa63b98fba59ec72c528a67 ipdigger (binary)
Verify:
sha256sum -c ipdigger_1.2.0_checksums.txtThanks to all users who provided feedback and feature requests. Special thanks to the open-source community for the excellent libraries we depend on: libcurl, OpenSSL, MaxMindDB, and nlohmann/json.
IP Digger is released under the MIT License. See LICENSE file for details.