https://github.com/betagouv/hat

CLI tool to retrieve WHOIS information and Fraud Scores from IPs, including anonymized ones.
https://github.com/betagouv/hat

cli fraud-detection ip ipv4 whois

Last synced: 2 months ago
JSON representation

CLI tool to retrieve WHOIS information and Fraud Scores from IPs, including anonymized ones.

• Host: GitHub
• URL: https://github.com/betagouv/hat
• Owner: betagouv
• License: mit
• Created: 2022-12-29T14:25:22.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2023-05-01T20:59:48.000Z (over 1 year ago)
• Last Synced: 2024-06-22T11:41:59.165Z (5 months ago)
• Topics: cli, fraud-detection, ip, ipv4, whois
• Language: JavaScript
• Homepage:
• Size: 83 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Hat

> CLI tool to retrieve WHOIS information and Fraud Scores from IPs, including anonymized ones (ending with `.XX`).

- [Example](#example)

  - [Outputs](#outputs)

- [Usage](#usage)

  - [Multiple IPs](#multiple-ips)

  - [Anonymized IPs](#anonymized-ips)

## Example

```sh

$ npm start 35.87.2.149 36.112.45.3                                               

> [email protected] start

> node ./src/index.js 35.87.2.149 36.112.45.3

――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――

✔ CHECK: [35.87.2.149] Fraud Score: 100 / 100 (https://scamalytics.com/ip/35.87.2.149).

✔ LOOKUP: [35.87.2.149] Country: US, Name: AT-88-Z AMAZON-ZPDX (Amazon Technologies Inc. (AT-88-Z) Amazon.com, Inc. (AMAZO-47)).

――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――

✔ CHECK: [36.112.45.3] Fraud Score: 30 / 100 (https://scamalytics.com/ip/36.112.45.3).

✔ LOOKUP: [36.112.45.3] Country: CN ZZ CN, Name: CHINANET-BJ (CHINANET Beijing province network).

――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――

✔ Results written in `/home/ivan/Workspace/betagouv/hat/results.csv` and `/home/ivan/Workspace/betagouv/hat/results.json`.

```

### Outputs

**results.csv**

```csv

"ip","score","risk","checkUrl","netrange","cidr",...

"35.87.2.149","100","very high","https://scamalytics.com/ip/35.87.2.149","35.71.64.0 - 35.127.255.255 35.80.0.0 - 35.95.255.255","35.71.64.0/18, 35.72.0.0/13, 35.96.0.0/11, 35.80.0.0/12, 35.71.128.0/17 35.80.0.0/12",...

"36.112.45.3","30","medium","https://scamalytics.com/ip/36.112.45.3","","",...

```

**results.json**

```json

[

  {

    "check": {

      "ip": "35.87.2.149",

      "score": "100",

      "risk": "very high",

      "checkUrl": "https://scamalytics.com/ip/35.87.2.149"

    },

    "lookup": {

      "netrange": "35.71.64.0 - 35.127.255.255 35.80.0.0 - 35.95.255.255",

      "cidr": "35.71.64.0/18, 35.72.0.0/13, 35.96.0.0/11, 35.80.0.0/12, 35.71.128.0/17 35.80.0.0/12",

      "netname": "AT-88-Z AMAZON-ZPDX",

      // ...

    }

  },

  {

    "check": {

      "ip": "36.112.45.3",

      "score": "30",

      "risk": "medium",

      "checkUrl": "https://scamalytics.com/ip/36.112.45.3"

    },

    "lookup": {

      "inetnum": "36.112.0.0 - 36.112.255.255",

      "netname": "CHINANET-BJ",

      "country": "CN ZZ CN",

      //...

    }

  }

]

```

## Usage

You need [Node.js v16+](https://nodejs.org) to run this program.

```sh

git clone https://github.com/betagouv/hat.git

cd hat

npm i

npm start IP # i.e.: `npm start 103.21.244.0`

```

Once it's done, the results will be automatically written in both local `results.csv` and `results.json` files.

### Multiple IPs

You can analyze multiple IPs:

```sh

npm start IP_1 IP_2 IP_3

```

### Anonymized IPs

If your IP is missing its last part because it was anonymized (i.e.: `103.21.244.XX`),

you can also parse it like that (and you can also add multiple anonymized IPs):

```sh

npm start 103.21.244

```

The analysis will automatically check all the IPs ranging from `103.21.244.0` to `103.21.244.255`.