patrickkrebs / ip_reporting Goto Github PK

# requirements.txt
# [pip install -r requirements.txt]

requests==2.31.0
ipwhois==1.2.0
dnspython==2.3.0

# ip_list.dat
# Each line should contain a single full IP address

xxx.xxx.xxx.xxx
xx.xx.xx.xx
xxx.xxx.xxx.xxx

# local_config.py
IP_GEOLOCATION_API_KEY = 'YOUR_API_KEY'

How to get the API key:

1.	Visit ipgeolocation.io.
2.	Sign up for a free account.
3.	Once logged in, navigate to the dashboard.
4.	You will find your API key in the dashboard.

How to get the API key:

1.	Visit MaxMind.
2.	Sign up for an account.
3.	Purchase a subscription for the GeoIP2 services (they offer a free trial for limited usage).
4.	Once subscribed, you will receive an API key.

How to get the API key:

1.	Visit ipstack.com.
2.	Sign up for a free account.
3.	Once logged in, go to the API Access section in your dashboard.
4.	You will find your API key there.

How to get the API key:

1.	Visit ipinfo.io.
2.	Sign up for a free account.
3.	Once logged in, navigate to the API Access section in your dashboard.
4.	You will find your API key there.

# output/discovery.md

File containing all of the pulled data about the IP addresses. 
Generated in simple to read Markdown language

# output/discovery.JSON

File containing all of the pulled data about the IP addresses.
Generated in JSON for the more code friendly users.

# parse_and_format.py

This file creates a simplified version of the report the ip_scanback.py script generates.
It reads the output/discovery.JSON file and generates
# output/parsed_discovery.json and
# output/parsed_discovery.md

parsed_discovery.md is extremely user friendly.

The other files generated are for your records if you need a copious amount of data.

# generate_letters.py

This file reads the output/parsed_discovery.md output
--- So be sure to run parse_andformat.py first ---

The script will generate a letter per malicious IP Address
The letters will be placed in a folder called 'letters_output' and will be named
with the abuse reporting email they provided to DNS authorities.

[Users Name]
[Users Email]
[Today's Date]

To Whom It May Concern,

I am writing to formally lodge a complaint regarding malicious activities originating 
from the IP address {info['IP Address']}.

This IP address, managed by {info['Whois']['ASN Description']} 
and located in {info['Whois']['Country']}, has been attacking my network 
at daily intervals over several years. 

The attacks have been persistent and disruptive, 
affecting the security and stability of my online environment.

According to the information gathered, this IP address has an abuse confidence score 
of {info['Reputation']['Abuse Confidence Score']} and 
has been reported {info['Reputation']['Total Reports']} times 
for malicious activities by others. 

The last reported attack was on {info['Reputation']['Last Reported At']}, 
as recorded by {info['Geolocation']['Organization']}.

The following contacts are associated with this IP address:

  **Name**: [Contact Name]
  **Address**: [contact_address]
  **Phone**: [Contact Phone]
  **Abuse Email**: [Abuse Email]

I kindly demand that immediate action be taken to identify and 
remove the user associated with this IP address, and to implement measures 
to restrict and monitor this IP address to prevent further malicious activities. 
Continued attacks will be logged and filed, and will serve as evidence 
in legal action should this behavior persist.

Please confirm receipt of this letter and inform me 
of the steps you will take to address this issue. 

I expect a prompt response outlining the actions you will implement to resolve this matter.

Thank you for your time and attention to this critical issue. 
I look forward to your response and to the resolution of this matter.

Sincerely,

[User Name]