Skip to content

Commit 9638b8a

Browse files
smilebastismilebasti
authored
Merge pull request #39 from maxdd/main
feat(Getipinfo): Added support for AbuseIPDB closes #38
2 parents fd054d5 + 5ee6b23 commit 9638b8a

File tree

1 file changed

+33
-4
lines changed

1 file changed

+33
-4
lines changed

Getipinfo.py

Lines changed: 33 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,29 @@
3636
Asn = response.autonomous_system_organization
3737
reader.close()
3838

39+
## get env vars and use
40+
import os
41+
import requests
42+
import json
43+
44+
abuseip_key = os.getenv('ABUSEIP_KEY')
45+
if abuseip_key is not None:
46+
url = 'https://api.abuseipdb.com/api/v2/check'
47+
querystring = {
48+
'ipAddress': str(sys.argv[1]),
49+
'maxAgeInDays': '90'
50+
}
51+
headers = {
52+
'Accept': 'application/json',
53+
'Key': abuseip_key
54+
}
55+
56+
response = requests.request(method='GET', url=url, headers=headers, params=querystring)
57+
abuseip_response = json.loads(response.text)
58+
abuseConfidenceScore = str(abuseip_response["data"]["abuseConfidenceScore"])
59+
totalReports = str(abuseip_response["data"]["totalReports"])
60+
#print(json.dumps(abuseip_response, sort_keys=True, indent=4))
61+
3962
# print to log
4063
print (Country)
4164
print (State)
@@ -49,14 +72,14 @@
4972
print ('Outside IP: ', IP)
5073
print ('Target IP: ', Target)
5174
print ('Domain: ', Domain)
75+
if abuseip_key is not None:
76+
print("abuseConfidenceScore: " + abuseConfidenceScore)
77+
print("totalReports: " + totalReports)
5278

5379
import influxdb_client
5480
from influxdb_client.client.write_api import SYNCHRONOUS
5581

56-
## get env vars and use
57-
import os
5882
# influx configuration - edit these
59-
6083
npmhome = "/root/.config/NPMGRAF"
6184
ifhost = os.getenv('INFLUX_HOST')
6285
ifbucket = os.getenv('INFLUX_BUCKET')
@@ -117,6 +140,9 @@
117140
point.tag("Target", Target)
118141
if asn =='true':
119142
point.tag("Asn", Asn)
143+
if abuseip_key is not None:
144+
point.tag("abuseConfidenceScore", abuseConfidenceScore)
145+
point.tag("totalReports", totalReports)
120146

121147
point.field("Domain", Domain)
122148
point.field("latitude", Lat)
@@ -131,11 +157,14 @@
131157
point.field("Name", Country)
132158
point.field("duration", duration)
133159
point.field("metric", 1)
160+
if abuseip_key is not None:
161+
point.field("abuseConfidenceScore", abuseConfidenceScore)
162+
point.field("totalReports", totalReports)
134163

135164
point.time(time)
136165

137166
write_api.write(bucket=ifbucket, org=iforg, record=point)
138167

139168
ifclient.close()
140169

141-
print ('*************** data send ******************')
170+
print ('*************** data send ******************')

0 commit comments

Comments
 (0)