https://github.com/wirzka/netfier

Python script to check for malicious IP connections.
https://github.com/wirzka/netfier

abuseipdb blueteam cybersecurity infosec network-analysis networking python

Last synced: 5 months ago
JSON representation

Python script to check for malicious IP connections.

• Host: GitHub
• URL: https://github.com/wirzka/netfier
• Owner: wirzka
• License: mit
• Created: 2020-05-19T21:54:27.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2022-01-18T07:38:46.000Z (over 4 years ago)
• Last Synced: 2025-02-11T20:50:25.337Z (over 1 year ago)
• Topics: abuseipdb, blueteam, cybersecurity, infosec, network-analysis, networking, python
• Language: Python
• Homepage: https://github.com/wirzka/netfier
• Size: 25.4 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# NetFier

Simple python tool that checks for malicious/suspicious IP connection on local machine using AbuseIPDB.

### How it works

This is how the script gears run:

1. The script starts by running as from command line the ipconfig command

2. It saves the result to a txt file

3. It parses the file looking for IP connections

4. It retrieves the IPs, port used and connection status

5. Checks IPs against AbuseIPDB using the API

6. Shows the results giving advice based on the confidence score

Colored scheme works as the following table:

| Advice        | Score range   | Color  |

| ------------- |:-------------:| ------:|

| Good          | 0-30  | green |

| Maybe check it | 30-50  |   cyan  |

| Check it | 50-60  | yellow

| Absolutely  check it | 60-100      |   red |

### Prerequisites

* Windows OS

* Python version: `3.7`

* [AbuseIPDB](https://www.abuseipdb.com) profile for the [API KEY](https://www.abuseipdb.com/api)

* [AbuseIpDb](https://github.com/vsecades/AbuseIpDb) by [Vsecades](https://github.com/vsecades)

* [Art](https://github.com/sepandhaghighi/art) for the ASCII art

### How to use it

Once you satisfy all the prerequisites, just launch it and let him do the magic.

## Purpose of this tool

Checking any suspicious connection.

By the way, I've created this tool just for educational purpose.

Feel free to show me better way to do it.

## Authors

* **Andrea Grigoletto** - [Wirzka](https://github.com/wirzka)

## Acknowledgments

* Thanks to [AbuseIPDB](https://www.abuseipdb.com) for the service offered

* Thanks to [Vsecades](https://github.com/vsecades) for the API module, it rocks.