{"id":25883090,"url":"https://github.com/o-x-l/risk-db","last_synced_at":"2025-03-02T16:31:14.356Z","repository":{"id":240102007,"uuid":"801568531","full_name":"O-X-L/risk-db","owner":"O-X-L","description":"Abuse Reporting System \u0026 IP/Network/ASN Risk-Databases","archived":false,"fork":false,"pushed_at":"2025-02-10T18:51:07.000Z","size":418,"stargazers_count":8,"open_issues_count":3,"forks_count":1,"subscribers_count":1,"default_branch":"latest","last_synced_at":"2025-02-10T19:41:26.351Z","etag":null,"topics":["abuse","abuse-detection","abuseipdb","abuseipdb-api","bot","bot-detection","bots","defensive-security","risk-analysis","risk-assessment","risk-management","security"],"latest_commit_sha":null,"homepage":"https://risk.oxl.app","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/O-X-L.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-16T13:37:39.000Z","updated_at":"2025-02-10T18:51:10.000Z","dependencies_parsed_at":"2024-05-16T18:57:49.033Z","dependency_job_id":"7f00497b-3a18-4cfc-a5f9-c191601d5851","html_url":"https://github.com/O-X-L/risk-db","commit_stats":null,"previous_names":["o-x-l/risky-ip","o-x-l/risk-db"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/O-X-L%2Frisk-db","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/O-X-L%2Frisk-db/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/O-X-L%2Frisk-db/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/O-X-L%2Frisk-db/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/O-X-L","download_url":"https://codeload.github.com/O-X-L/risk-db/tar.gz/refs/heads/latest","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241537061,"owners_count":19978456,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abuse","abuse-detection","abuseipdb","abuseipdb-api","bot","bot-detection","bots","defensive-security","risk-analysis","risk-assessment","risk-management","security"],"created_at":"2025-03-02T16:31:13.636Z","updated_at":"2025-03-02T16:31:14.351Z","avatar_url":"https://github.com/O-X-L.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Open IP, Network \u0026 ASN Risk-Databases\n\n[![Lint](https://github.com/O-X-L/risk-db/actions/workflows/lint.yml/badge.svg)](https://github.com/O-X-L/risk-db/actions/workflows/lint.yml)\n\nThis project wants to help admins/systems flag large quantities of bad traffic.\n\nMost generic attacks and bots originate from **cloud-providers, datacenters or other providers with lax security**.\n\nBy flagging clients originating from these sources you can achieve a nice security improvement.\n\nThe databases created from the gathered data will be and stay open-source!\n\nIf you (*just*) want to keep track of abusers internally - you could also host your dedicated instance of [this app](https://github.com/O-X-L/risk-db/blob/latest/src).\n\nYou can find basic visualization examples for the latest data here: [www.risk.oxl.app](https://www.risk.oxl.app)\n\n\u003ca href=\"https://github.com/O-X-L/risk-db/blob/latest/visualization\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/O-X-L/risk-db/refs/heads/latest/visualization/world_map_example.webp\" alt=\"World Map Example\" width=\"800\"/\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/O-X-L/risk-db/refs/heads/latest/visualization/asn_chart_example.webp\" alt=\"ASN Chart Example\" width=\"800\"/\u003e\n\u003c/a\u003e\n\n----\n\n## Contribute\n\nContributions like [reporting issues](https://github.com/O-X-L/risk-db/issues/new), [engaging in discussions](https://github.com/O-X-L/risk-db/discussions) or [PRs](https://github.com/O-X-L/risk-db/pulls) are welcome!\n\n----\n\n## Usage\n\nYou **SHOULD NOT** just drop any requests from these sources.\n\nThere might be legit users using a VPN that would match as false-positive.\n\nYou might want to **flag** traffic from those sources and restrict their access like:\n\n* Lower the rate-limits\n* Show (more) captcha's on forms\n* Lower lifetime of session cookies\n* Add that flag to your logs so you can use it to analyze the traffic\n* Deny access to administrative locations\n\n----\n\n## Alternative Solutions\n\nThis project is still in an early stage.\n\nYou may also want to check out these projects: (*not open/free data*)\n\n* [CrowdSec](https://www.crowdsec.net/)\n* [AbuseIP-DB](https://www.abuseipdb.com/)\n* [IPInfo Privacy-DB](https://ipinfo.io/products/proxy-vpn-detection-api)\n* [nitefood/asn CLI-Tools](https://github.com/nitefood/asn)\n\n----\n\n## Download Databases\n\n[![Database Updated At](https://risk.oxl.app/file/updated_at.svg)](https://risk.oxl.app/file/updated_at.svg)\n\nDatabases marked with the key `all` include all reports.\n\nThe ones marked with `med` (*default*) and `high` only include reports from reporters that have a certain level of reputation.\n\nWe recommend the use of our [GeoIP-ASN Database](https://github.com/O-X-L/geoip-asn) and [IPInfo ASN/Country Databases](https://ipinfo.io/products/free-ip-database) to get more IP-metadata\n\n### ASN\n\n* [Reports of ASN in JSON-format](https://risk.oxl.app/file/risk_asn_med.json.zip) / [All](https://risk.oxl.app/file/risk_asn_all.json.zip)  / [High](https://risk.oxl.app/file/risk_asn_high.json.zip)\n\n* [Reports of filtered ASN in JSON-format](https://risk.oxl.app/file/risk_asn_kind.json.zip) (*only the ones tagged as hosting-, proxy- or vpn-providers*)\n\n### Networks\n\n* [Reports of IPv4-Networks in JSON-format](https://risk.oxl.app/file/risk_net4_med.json.zip) / [All](https://risk.oxl.app/file/risk_net4_all.json.zip) / [High](https://risk.oxl.app/file/risk_net4_high.json.zip)\n\n* [Reports of IPv6-Networks in JSON-format](https://risk.oxl.app/file/risk_net6_med.json.zip) / [All](https://risk.oxl.app/file/risk_net6_all.json.zip) / [High](https://risk.oxl.app/file/risk_net6_high.json.zip)\n\n### IPs\n\n* [Reports of IPv4 in JSON-format](https://risk.oxl.app/file/risk_ip4_med.json.zip) / [All](https://risk.oxl.app/file/risk_ip4_all.json.zip) / [High](https://risk.oxl.app/file/risk_ip4_high.json.zip)\n\n* [Reports of IPv4 in MMDB-format](https://risk.oxl.app/file/risk_ip4_med.mmdb.zip) / [All](https://risk.oxl.app/file/risk_ip4_all.mmdb.zip) / [High](https://risk.oxl.app/file/risk_ip4_high.mmdb.zip)\n\n* [Reports of IPv6 in JSON-format](https://risk.oxl.app/file/risk_ip6_med.json.zip) / [All](https://risk.oxl.app/file/risk_ip6_all.json.zip) / [High](https://risk.oxl.app/file/risk_ip6_high.json.zip)\n\n* [Reports of IPv6 in MMDB-format](https://risk.oxl.app/file/risk_ip6_med.mmdb.zip) / [All](https://risk.oxl.app/file/risk_ip6_all.mmdb.zip) / [High](https://risk.oxl.app/file/risk_ip6_high.mmdb.zip)\n\n**Limits**:\n\n* Without token: 2 Downloads per IP \u0026 day\n* With token: 5 Downloads per IP \u0026 day\n\n**Tip**:\n\nYou can use `jq` to easily filter the JSON data:\n\n```bash\n# Get flat list of ASN's\ncat risk_asn_kind.json | jq 'keys[]'\n\n# Get all networks with bad reputation\ncat risk_net4_med.json | jq 'map_values(select(.reputation == \"bad\")) | keys[]'\n\n# Only get ASN's that are flagged a certain kind\ncat risk_asn_kind.json | jq -r 'map_values(select(.kind.scanner == true)) | keys[]' | sort\n# or\ncat risk_ip4_med.json | jq -r 'keys[] | map_values(select(.kind.hosting == true)) | keys[]' | sort\n```\n\n----\n\n## API\n\n[![API Uptime](https://status.oxl.at/api/v1/endpoints/2--oxl-apis_risk-db/uptimes/7d/badge.svg)](https://status.oxl.at/endpoints/2--oxl-apis_risk-db)\n\n* [IP Lookup](https://risk.oxl.app/api/ip/69.164.207.190)\n* [Network Lookup](https://risk.oxl.app/api/net/205.210.31.48)\n* [ASN Lookup](https://risk.oxl.app/api/asn/16509)\n\n```bash\n# check IP\ncurl https://risk.oxl.app/api/ip/\u003cIP\u003e\ncurl https://risk.oxl.app/api/ip/69.164.207.190\n\n# check network\ncurl https://risk.oxl.app/api/net/\u003cIP\u003e\ncurl https://risk.oxl.app/api/net/205.210.31.48\n\n# check ASN/ISP\ncurl https://risk.oxl.app/api/asn/\u003cASN\u003e\ncurl https://risk.oxl.app/api/asn/16509\n```\n\n**Limits**:\n\n* Without token:\n  * 500 Requests per IP \u0026 10 min\n  * 5000 Requests per IP \u0026 day\n  * Anti-DOS\n\n* With token:\n  * 5000 Requests per IP \u0026 10 min\n  * Anti-DOS\n\n----\n\n## Report\n\n[![API Uptime](https://status.oxl.at/api/v1/endpoints/2--oxl-apis_risk-db/uptimes/7d/badge.svg)](https://status.oxl.at/endpoints/2--oxl-apis_risk-db)\n\nYou can use our reporting API to report IPs!\n\n```bash\n# data: \"ip\": \"\u003cIP\u003e\", \"cat\": \"\u003cCATEGORY\u003e\", \"cmt\": \"\u003cOPTIONAL COMMENT\u003e\"\n\n# minimal example\ncurl -XPOST https://risk.oxl.app/api/report --data '{\"ip\": \"1.1.1.1\", \"cat\": \"bot\"}' -H 'Content-Type: application/json'\n\n# your reporter-reputation will be better if you add a comment (should not exceed 100 characters)\ncurl -XPOST https://risk.oxl.app/api/report --data '{\"ip\": \"1.1.1.1\", \"cat\": \"attack\", \"cmt\": \"Form abuse\"}' -H 'Content-Type: application/json'\n```\n\nAvailable categories are: `bot, probe, rate, attack, crawler, hosting, vpn, proxy`\n\n**Limits**:\n\n* Without token:\n  * 500 Requests per IP \u0026 10 min\n  * 5000 Requests per IP \u0026 day\n  * Anti-DOS\n\n* With token:\n  * 5000 Requests per IP \u0026 10 min\n  * Anti-DOS\n\nIf you want to get a (free) token for your systems - feel free to contact us at: [risk-db@oxl.at](mailto:risk-db@oxl.at)\n\n----\n\n### Integrations\n\n#### Report Script\n\nA simple script that follows the content of a specific log-file and parses abuser information from it.\n\nSee: [Report Script](https://github.com/O-X-L/risk-db/blob/latest/reporting/README.md)\n\n#### Graylog\n\nSee: [Graylog Alert Reporting](https://github.com/O-X-L/risk-db/blob/latest/reporting/Graylog.md)\n\n#### Fail2Ban\n\nTBD\n\n----\n\n## License\n\n### Databases\n\n**[BSD-3-Clause](https://opensource.org/license/bsd-3-clause)**\n\nFree to use.\n\nIf you are nice, you can **optionally** mention that you use this IP data: \n\n```html\n\u003cp\u003eIP address data powered by \u003ca href=\"https://risk.oxl.app\"\u003eOXL\u003c/a\u003e\u003c/p\u003e\n```\n\n----\n\n### Scripts (this repository)\n\n**[GPLv3](https://www.gnu.org/licenses/gpl-3.0.en.html)**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fo-x-l%2Frisk-db","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fo-x-l%2Frisk-db","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fo-x-l%2Frisk-db/lists"}