{"id":28801146,"url":"https://github.com/crowdsecurity/ipdex","last_synced_at":"2025-10-24T23:52:17.095Z","repository":{"id":291119227,"uuid":"971982640","full_name":"crowdsecurity/ipdex","owner":"crowdsecurity","description":null,"archived":false,"fork":false,"pushed_at":"2025-07-16T16:53:05.000Z","size":87,"stargazers_count":38,"open_issues_count":4,"forks_count":5,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-07-18T11:59:05.984Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.crowdsec.net/cyber-threat-intelligence","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crowdsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-24T11:04:13.000Z","updated_at":"2025-07-16T16:52:54.000Z","dependencies_parsed_at":"2025-07-17T02:08:51.243Z","dependency_job_id":"9cbe9fb1-a710-4356-bb49-b80317e7b75d","html_url":"https://github.com/crowdsecurity/ipdex","commit_stats":null,"previous_names":["crowdsecurity/ipdex"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/crowdsecurity/ipdex","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crowdsecurity%2Fipdex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crowdsecurity%2Fipdex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crowdsecurity%2Fipdex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crowdsecurity%2Fipdex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crowdsecurity","download_url":"https://codeload.github.com/crowdsecurity/ipdex/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crowdsecurity%2Fipdex/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265793684,"owners_count":23829180,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-18T07:07:08.294Z","updated_at":"2025-10-24T23:52:12.053Z","avatar_url":"https://github.com/crowdsecurity.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ipdex\n\nYour ultimate IP dex!\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"img/logo.svg\" width=\"300\" height=\"300\" /\u003e\n\u003c/p\u003e\n\n\n**ipdex** is a simple CLI tool to gather insight about a list of IPs or an IP using the [CrowdSec CTI](https://www.crowdsec.net/cyber-threat-intelligence) (Cyber Threat Intelligence) API.\n\n---\n\n## Table of Contents\n\n- [Introduction](#introduction)\n- [Prerequisites](#prerequisites)\n- [Quickstart](#quickstart)\n - [Install](#1-install)\n - [Make sure the binary is in your PATH](#2-make-sure-the-binary-is-in-your-path)\n - [Initialize the tool](#3-initialize-the-tool)\n - [Query an IP](#4-query-an-ip)\n - [Scan a file](#5-scan-a-file)\n- [Configuration](#configuration)\n- [User Guide](#user-guide)\n - [Scan an IP](#scan-an-ip)\n - [Refresh an IP](#refresh-an-ip)\n - [Scan a file](#scan-a-file-1)\n - [Refresh a file](#refresh-a-file)\n - [Display all reports](#display-all-reports)\n - [Showing a specific report](#showing-a-specific-report)\n- [Commands](#commands)\n - [`init`](#init)\n - [`report`](#report)\n - [List reports](#list-reports)\n - [View a report](#view-a-report)\n - [Delete a report](#delete-a-report)\n - [`search`](#search)\n - [Search IPs reported for a specific CVE](#search-ips-reported-for-a-specific-cve)\n - [Search IPs reported for HTTP scan since 30 minutes](#search-ips-reported-for-http-scan-since-30-minutes)\n - [Search malicious VPN or Proxy IPs since 1h and show all IPs](#search-malicious-vpn-or-proxy-ips-since-1h-and-show-all-ips)\n - [`config`](#config)\n - [Show config](#show-config)\n - [Set a new API Key](#set-a-new-api-key)\n- [License](#license)\n\n---\n\n## Introduction\n\n**ipdex** helps analysts and security engineers collect and understand information about IP addresses from CrowdSec CTI.\n\nWith this tool you can:\n- Check an IP's reputation using CTI\n- Scan IP or log files and display detailed reports\n- Run [CrowdSec Search Queries](https://docs.crowdsec.net/u/cti_api/search_queries)\n- Keep a local history of reports for later inspection\n\n\nšŸ““ All scanned IPs are cached for 48 hours.\n\n---\n\n## Prerequisites\n\nTo use ipdex, you **must** create a CrowdSec Console account in order to create an **API key**.\n\n1. Create an account (free or paid): \n šŸ‘‰ [https://app.crowdsec.net/](https://app.crowdsec.net/)\n\n2. Go to: \n šŸ‘‰ `Settings \u003e CTI API Keys` \n and generate a new API key.\n\nYou will use this key during the configuration initialisation.\n\n---\n\n## Quickstart\n\n\n### 1. Install\n\n#### Install with Go\n\nIf you already have [Go](https://go.dev/dl/) installed, you can install **ipdex** directly from the command line.\n\n\u003e āš ļø You need to have Go **1.24+** installed and your `GOPATH/bin` or `GOBIN` must be in your system's `PATH` environment variable to run the binary from anywhere.\n\n\n```bash\ngo install github.com/crowdsecurity/ipdex/cmd/ipdex@latest\n```\n\nThis will download, build, and place the `ipdex` binary into your `$GOBIN` directory (usually `$HOME/go/bin`).\n\n#### macOS / Linux\n\nDownload the binary for your system from the [Releases](https://github.com/crowdsecurity/ipdex/releases) page.\n\nPrint your current `PATH` environment variable to see the folders already in it:\n\n```bash\necho $PATH\n```\n\nMove the `ipdex` binary to one of the folders listed. For example, if `/usr/local/bin` is in your `PATH`, you can move the binary like this:\n\n##### Linux\n\n```bash\nsudo mv ~/Downloads/ipdex_linux_amd64 /usr/local/bin/ipdex\nchmod +x /usr/local/bin/ipdex\n```\n\n##### macOS\n\n```bash\nsudo mv ~/Downloads/ipdex_darwin_arm64 /usr/local/bin/ipdex\nchmod +x /usr/local/bin/ipdex\n```\n\n\n#### Windows\n\nDownload the binary for your system from the [Releases](https://github.com/crowdsecurity/ipdex/releases) page.\n\n\nIf you're using Windows (or WSL), make sure the folder containing the `ipdex.exe` binary is added to your system `PATH`.\n\n---\n\n\n### 2. Make sure the binary is in your PATH\n\nTo run `ipdex` from anywhere in your terminal, the binary must be in a folder that's part of your `PATH`.\n\n### 3. Initialize the tool\n\n```bash\nipdex init\n```\n\nEnter your API key and set your preferences.\n\n### 4. Query an IP\n\n```bash\nipdex 1.2.3.4\n```\n\n### 5. Scan a file\n\n```bash\nipdex file ips.txt\nipdex file /var/log/nginx.log\n```\n\n---\n\n## Configuration\n\nUse the `init` command to:\n- Enter your **API key**\n- Get tips about ipdex\n\n---\n\n## User Guide\n\nAll scanned IPs are cached for 48 hours.\n\n### Scan an IP\n\n```\nipdex \u003cIP\u003e\n```\n\n### Refresh an IP\n\n```\nipdex \u003cIP\u003e -r\n```\n\n### Scan a file\n\n```\nipdex \u003cfilepath\u003e\n```\n\n### Refresh a file\n\nWhen running ipdex on a file that has been previously scanned, it will update the existing report. Refreshing the file is particularly useful if some IPs are still cached and you wish to refresh the entire report.\n\n```\nipdex \u003cfilepath\u003e -r\n```\n\n### Display all reports\n\n```\nipdex report list\n```\n\n#### Showing a specific report\n\n```\nipdex report show \u003creport ID\u003e # -d to see all IPs\n```\n\n## Commands\n\n### `init`\n\nSetup your configuration for the first time:\n\n```bash\nipdex init\n```\n\nInteractive prompts will help you enter:\n- API key (required)\n\n---\n\n### `report`\n\nManage your local reports.\n\n#### List reports\n\n```bash\nipdex report list\n```\n\n#### View a report\n\n```bash\nipdex report show 2\n```\n\n#### Delete a report\n\n```bash\nipdex report delete 2\n```\n\n---\n\n### `search`\n\nYou can find the documentation for search queries [here](https://docs.crowdsec.net/u/cti_api/search_queries).\n\nBy default, the `since` parameter is set to `30d`.\n\n- For the free plan, the page size is limited to `10`.\n- For premium plans, the page size increases to `1000`.\n\nāš ļø Each queried page counts as 1 quota.\n\n\n#### Search IPs reported for a specific CVE\n\n```bash\nipdex search \"cves:CVE-2025-2748\"\n```\n\n#### Search IPs reported for HTTP scan since 30 minutes \n\n```bash\nipdex search 'behaviors.label:\"HTTP Scan\"' --since 30m\n```\n\n#### Search malicious VPN or Proxy IPs since 1h and show all IPs\n\n```bash\nipdex search 'classifications.classifications.label:\"VPN or Proxy\" AND reputation:malicious' --since 1h -d\n```\n\n---\n\n### `config`\n\nManually view or change your saved config:\n\n```bash\nipdex config\n```\n\n#### Show config\n\n```bash\nipdex config show\n```\n\n#### Set a new API Key\n\n```bash\nipdex config set --api-key \u003cAPI-KEY\u003e\n```\n\n---\n\n## License\n\nMIT License ā€” see the [LICENSE](LICENSE) file.\n\n---\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrowdsecurity%2Fipdex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrowdsecurity%2Fipdex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrowdsecurity%2Fipdex/lists"}