{"id":22690084,"url":"https://github.com/seokbeomkim/abuseipscanner","last_synced_at":"2026-05-01T09:32:43.266Z","repository":{"id":71447425,"uuid":"184864223","full_name":"seokbeomKim/AbuseIPscanner","owner":"seokbeomKim","description":"httpd log file watcher using report sites(abuseipscanner.com, ....)","archived":false,"fork":false,"pushed_at":"2019-05-06T09:55:27.000Z","size":124,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"dev","last_synced_at":"2025-10-10T10:30:42.008Z","etag":null,"topics":["ipscanner","logger","nodejs","typescript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/seokbeomKim.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-05-04T07:17:35.000Z","updated_at":"2019-05-06T09:55:28.000Z","dependencies_parsed_at":"2023-03-17T22:15:34.041Z","dependency_job_id":null,"html_url":"https://github.com/seokbeomKim/AbuseIPscanner","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/seokbeomKim/AbuseIPscanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seokbeomKim%2FAbuseIPscanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seokbeomKim%2FAbuseIPscanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seokbeomKim%2FAbuseIPscanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seokbeomKim%2FAbuseIPscanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/seokbeomKim","download_url":"https://codeload.github.com/seokbeomKim/AbuseIPscanner/tar.gz/refs/heads/dev","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seokbeomKim%2FAbuseIPscanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32492203,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ipscanner","logger","nodejs","typescript"],"created_at":"2024-12-10T00:25:40.286Z","updated_at":"2026-05-01T09:32:43.261Z","avatar_url":"https://github.com/seokbeomKim.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AbuseIPScanner\nA simple log file watcher.\n\n## Usage\n\n### Requirements\n\nThe application requires Node.js runtime environment. \nIn development environment, the version of Node.js is `v11.10.0`. \n\n### Installation\n\nYou can download the code with:\n\n```bash\n$ git clone https://github.com/seokbeomKim/AbuseIPscanner\n```\n\nThen, install dependencies with `npm` or `yarn`.\n\nNow we can compile typescript codes with \n\n```bash\n$ node_modules/typescript/bin/tsc\n```\n\n### Run\n\n```bash\n# Copy a configuration file\n$ cp .config.json.example ~/.abuseipscanners\n\n# Run the application\n$ node main\n```\n\n#### Arguments\nThere are few arguments available. You can check with `node main -h`.\n\n### Configuration\nThe example of configuration: `.config.json.example`\n\n```json\n{\n  \"files\": [\n    {\n      \"filepath\": \"./logs\",\n      \"rules\": [\n        \"apache_log\",\n        \"test_log\"\n      ]\n    }\n  ],\n  \"dbSite\": [\n    {\n      \"name\": \"abuseipdb\",\n      \"url\": \"https://www.abuseipdb.com/check/\",\n      \"cheerio\": \"#report-wrapper \u003e div:nth-child(1) \u003e div:nth-child(1) \u003e div:nth-child(1) \u003e h3:nth-child(1)\",\n      \"suspicious\": \"was found\",\n      \"method\": \"get\"\n    },\n    {\n      \"name\": \"ipvoid.com\",\n      \"url\": \"https://www.ipvoid.com/ip-blacklist-check/\",\n      \"cheerio\": \".table-striped .label-success\",\n      \"suspicious\": \"blacklisted\",\n      \"method\": \"post\",\n      \"payload\": \"ip\"\n    }\n  ],\n  \"rules\": [\n    {\n      \"name\": \"Apache access log\",\n      \"id\": \"apache_log\",\n      \"token\": \" \",\n      \"index\": \"0\",\n      \"regex_match\": \"log_1\",\n      \"commands\": [\n        \"./test/echo.sh\",\n        \"./test/logger.sh\"\n      ]\n    },\n    {\n      \"name\": \"Test access log\",\n      \"id\": \"test_log\",\n      \"token\": \"-\",\n      \"index\": \"2\",\n      \"regex_match\": \"_2\",\n      \"commands\": []\n    }\n  ]\n}\n```\n#### Files\nSet a file (directory or regular file) path to watch.\n```json\n{\n    \"files\": [\n        {\n          \"filepath\": \"./logs\",\n          \"rules\": [\n            \"apache_log\",\n            \"test_log\"\n          ]\n        }\n      ],\n}\n```\n\n#### Rules\nSet a rule to parse log file. \n\n```json\n{\n    \"rules\": [\n        {\n          \"name\": \"Apache access log\",\n          \"id\": \"apache_log\",\n          \"token\": \" \",\n          \"index\": \"0\",\n          \"regex_match\": \"log_1\",\n          \"commands\": [\n            \"./test/echo.sh\",\n            \"./test/logger.sh\"\n          ]\n        },\n        {\n          \"name\": \"Test access log\",\n          \"id\": \"test_log\",\n          \"token\": \"-\",\n          \"index\": \"2\",\n          \"regex_match\": \"_2\",\n          \"commands\": []\n        }\n      ]\n}\n```\nFor example, if the log file has a form as following -\n\n```text\n200.206.200.179 - - [05/May/2019:00:58:11 +0900] \"GET / HTTP/1.1\" 302 -\n200.206.200.179 - - [05/May/2019:00:58:11 +0900] \"GET / HTTP/1.1\" 302 -\n103.73.157.162 - - [05/May/2019:01:28:20 +0900] \"GET /xmlrpc.php HTTP/1.1\" 404 1015\n103.73.157.162 - - [05/May/2019:01:28:21 +0900] \"HEAD /xmlrpc.php HTTP/1.1\" 404 -\n```\nthe line can be splitted with token `(empty space)`.\nIn the case, we can find the ip address from splited items with index `0(zero)`.\n\n##### Options for `rules`\n* id: unique rule id\n* token: token for line splitting\n* index: index of ip address from splitted line\n* regex_match: a regular expression to match filename. If you have a `files` rule as following:\n    ```json\n    \"files\": [\n        {\n          \"filepath\": \"./logs\",\n          \"rules\": [\n            \"apache_log\",\n            \"test_log\"\n          ]\n        }\n      ],\n    ```\n    there might be multiple files like `./logs/log_file_type_1`, `./logs/log-file_type_2`, ... and so on. \n    In that case, you can set a rule with regular expression of filename as:\n    ```json\n    {\n        \"name\": \"Test access log\",\n        \"id\": \"test_log\",\n        \"token\": \"-\",\n        \"index\": \"2\",\n        \"regex_match\": \"_type_2\",\n        \"commands\": []\n    }\n    ```\n    \n* commands: run to commands \n    \n  When the application finds that the IP address has been reported to database sites, \nit executes the commands what you configured.       \n\n#### DbSite\nThere are many sites to share suspicious IP address such as abuseipdb.com, ipvoid.com, ... and so on. \nThe application mainly use `crawling method(with cheerio)` to determine if the IP address is suspicious.\nIt is not easy to figure out the exact rule for that, but if you want to add some sites, you can add it to configuration file.\n\n\n```json\n\"dbSite\": [\n    {\n      \"name\": \"abuseipdb\",\n      \"url\": \"https://www.abuseipdb.com/check/\",\n      \"cheerio\": \"#report-wrapper \u003e div:nth-child(1) \u003e div:nth-child(1) \u003e div:nth-child(1) \u003e h3:nth-child(1)\",\n      \"suspicious\": \"was found\",\n      \"method\": \"get\"\n    },\n    {\n      \"name\": \"ipvoid.com\",\n      \"url\": \"https://www.ipvoid.com/ip-blacklist-check/\",\n      \"cheerio\": \".table-striped .label-success\",\n      \"suspicious\": \"blacklisted\",\n      \"method\": \"post\",\n      \"payload\": \"ip\"\n    }\n  ],\n``` \n\n## Author\n김석범(Sukbeom Kim), sukbeom.kim@gmail.com\n\n## License\nLicensed to Apache 2.0 License\nCopyright 2019 Sukbeom Kim\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseokbeomkim%2Fabuseipscanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fseokbeomkim%2Fabuseipscanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseokbeomkim%2Fabuseipscanner/lists"}