When to use
Use this tool when you need to parse data from multiple botnet report feeds or scan phishing site lists for 'alive-worthy' responses. It will output IPs grouped in lists by ASN, appending available contacts to the top.
Setup
- Install python if you do not already have it in your system. Tested with versions: 3.8.1, ...
- Install by cloning this repo; (
git clone) - Install dependencies from /requirements.txt; (
pip install -r requirements.txt)
How to use
- Put all of the .csv report files into a folder
/source/IO. Names and extentions don't matter for .csv type, but for .txt must be called 'input.txt'. Other txts will be ignored; - Run a main script:
- for botnet parsing run /BotSourceFilter.py
- for phishing activity checkup run /IsPhishingAlive.py
- Select file type by typing "-csv" into terminal input if the files are csv. If input left empty, type to read will be .txt by default.
- Your output will be stored as .txt files inside the
/source/IOfolder, each named by ASN name. - Output is grouped into folders by ASN abuse emails and log chunk size.
What not to do
- IO folder is scanned for ALL .csv, if you pick csv format. So delete the unused one before new scans. Otherwise new lists will include all of the logs.
- Approximate maximum per single scan would theoretically be around 100k log lines. But not tested yet. If higher than that amount, might get IP banned from the whois service.
To Do
- parallelize whois rdap requests using asyncio