This is an application package library that gathers network connection information and checks the unique public IPs against a threat intelligence platform (AbuseIPDB) to identify potentially malicious IPs.
- Retrieves active network connections using
psutil - Retrieves past network connections from the systemd journal (Linux only)
- Extracts unique public IPs from the collected network connections
- Checks the unique public IPs against the AbuseIPDB threat intelligence platform
- Provides a summary of the results, including the number of potentially malicious IPs found
- Python 3.x
psutillibraryrequestslibrary
- Clone the repo
git clone https://github.com/spazbg/network-threat-intel-checker.git- Install the required dependencies
pip install -r requirements.txtTo run the application, execute the following command:
python -m network_intel.appThe application will gather network connection information, check the unique public IPs against AbuseIPDB, and provide a summary of the results.
- The application uses the AbuseIPDB API for threat intelligence. Make sure to replace the
API_KEYvariable in thethreat_intel.pyfile with your own AbuseIPDB API key. - To run this application properly, user must have read access to the systemd journal logs. If you encounter
permission issues, add your user to the systemd-journal group using
sudo usermod -aG systemd-journal $USER, then log out and log back in for the changes to take effect, or usenewgrp systemd-journalto switch to the group in the current shell session.