Created
November 19, 2020 00:32
-
-
Save Noirth/77c744a68313570dafd8503e26cd85e4 to your computer and use it in GitHub Desktop.
PowerShell IPv4 Threat Intel APIs AbuseIPDB Auth0 ipinfo.io
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Just replace all of "GET-YOUR-OWN" with relevant API keys | |
#Credit goes to various Internet sources, also register @ https://ciphers.pw | |
###This is for running jobs in-process [[[START11 ; look for END11]]] | |
$code = @' | |
using System; | |
using System.Collections.Generic; | |
using System.Text; | |
using System.Management.Automation; | |
using System.Management.Automation.Runspaces; | |
namespace InProcess | |
{ | |
public class InMemoryJob : System.Management.Automation.Job | |
{ | |
public InMemoryJob(PowerShell PowerShell, string name) | |
{ | |
_PowerShell = PowerShell; | |
SetUpStreams(name); | |
} | |
private void SetUpStreams(string name) | |
{ | |
_PowerShell.Streams.Verbose = this.Verbose; | |
_PowerShell.Streams.Error = this.Error; | |
_PowerShell.Streams.Debug = this.Debug; | |
_PowerShell.Streams.Warning = this.Warning; | |
_PowerShell.Streams.Information = this.Information; | |
_PowerShell.Runspace.AvailabilityChanged += new EventHandler<RunspaceAvailabilityEventArgs>(Runspace_AvailabilityChanged); | |
int id = System.Threading.Interlocked.Add(ref InMemoryJobNumber, 1); | |
if (!string.IsNullOrEmpty(name)) | |
{ | |
this.Name = name; | |
} | |
else | |
{ | |
this.Name = "InProcessJob" + id; | |
} | |
} | |
void Runspace_AvailabilityChanged(object sender, RunspaceAvailabilityEventArgs e) | |
{ | |
if (e.RunspaceAvailability == RunspaceAvailability.Available) | |
{ | |
this.SetJobState(JobState.Completed); | |
} | |
} | |
PowerShell _PowerShell; | |
static int InMemoryJobNumber = 0; | |
public override bool HasMoreData | |
{ | |
get { | |
return (Output.Count > 0); | |
} | |
} | |
public override string Location | |
{ | |
get { return "In Process"; } | |
} | |
public override string StatusMessage | |
{ | |
get { return "A new status message"; } | |
} | |
protected override void Dispose(bool disposing) | |
{ | |
if (disposing) | |
{ | |
if (!isDisposed) | |
{ | |
isDisposed = true; | |
try | |
{ | |
if (!IsFinishedState(JobStateInfo.State)) | |
{ | |
StopJob(); | |
} | |
foreach (Job job in ChildJobs) | |
{ | |
job.Dispose(); | |
} | |
} | |
finally | |
{ | |
base.Dispose(disposing); | |
} | |
} | |
} | |
} | |
private bool isDisposed = false; | |
internal bool IsFinishedState(JobState state) | |
{ | |
return (state == JobState.Completed || state == JobState.Failed || state == JobState.Stopped); | |
} | |
public override void StopJob() | |
{ | |
_PowerShell.Stop(); | |
_PowerShell.EndInvoke(_asyncResult); | |
SetJobState(JobState.Stopped); | |
} | |
public void Start() | |
{ | |
_asyncResult = _PowerShell.BeginInvoke<PSObject, PSObject>(null, Output); | |
SetJobState(JobState.Running); | |
} | |
IAsyncResult _asyncResult; | |
public void WaitJob() | |
{ | |
_asyncResult.AsyncWaitHandle.WaitOne(); | |
} | |
public void WaitJob(TimeSpan timeout) | |
{ | |
_asyncResult.AsyncWaitHandle.WaitOne(timeout); | |
} | |
} | |
} | |
'@ | |
Add-Type -TypeDefinition $code | |
function Start-JobInProcess | |
{ | |
[CmdletBinding()] | |
param | |
( | |
[scriptblock] $ScriptBlock, | |
$ArgumentList, | |
[string] $Name | |
) | |
function Get-JobRepository | |
{ | |
[cmdletbinding()] | |
param() | |
$pscmdlet.JobRepository | |
} | |
function Add-Job | |
{ | |
[cmdletbinding()] | |
param | |
( | |
$job | |
) | |
$pscmdlet.JobRepository.Add($job) | |
} | |
$PowerShell = [PowerShell]::Create().AddScript($ScriptBlock) | |
if ($ArgumentList) | |
{ | |
$ArgumentList | ForEach-Object { | |
$PowerShell.AddArgument($_) | |
} | |
} | |
$MemoryJob = New-Object InProcess.InMemoryJob $PowerShell, $Name | |
$MemoryJob.Start() | |
Add-Job $MemoryJob | |
$MemoryJob | |
} | |
###This is for running jobs in-process [[[END11 ; look for START11]]] | |
#This is going to remove any completed jobs just because | |
Remove-Job -State Completed | Out-Null | |
#Was checking jobs for debugging | |
#Get-Job | |
#Clean console | |
Clear-Host | |
#Ask for IPv4 address e.g. 8.8.8.8 | |
Write-Host -NoNewline "IPv4 address: " | |
#Read input, IP address | |
$global:remoteIp = Read-Host | |
#Take the progress-bar out of invoked webreqs | |
$ProgressPreference = 'SilentlyContinue' | |
Start-JobInProcess -Name ($global:remoteIp + "ipinfo") -ArgumentList $global:remoteIp {(Invoke-WebRequest -Uri ("https://ipinfo.io/" + $args[0] + "?token=GET-YOUR-OWN")).content} | |
#This goes in -Body | |
#$json = @"{"alert_policy":[{"enabled":"true"}]"@ | |
############################# | |
############################# | |
#AbuseIPDB as a source below | |
############################# | |
############################# | |
$ProgressPreference = 'SilentlyContinue' | |
Start-JobInProcess -Name ($global:remoteIp + "abuse") -ArgumentList $global:remoteIp {(Invoke-RestMethod -Uri "https://api.abuseipdb.com/api/v2/check" -Body @{"ipAddress" = $args[0]} -ContentType "application/json" -Headers @{"Key" = "GET-YOUR-OWN"; "Accept" = "application/json"} -Method Get -UseBasicParsing)} | |
############################# | |
############################# | |
#Auth0 as a source below | |
############################# | |
############################# | |
$ProgressPreference = 'SilentlyContinue' | |
Start-JobInProcess -Name ($global:remoteIp + "auth") -ArgumentList $global:remoteIp {(Invoke-RestMethod -Uri ("https://signals.api.auth0.com/v2.0/ip/" + $args[0]) -ContentType "application/json" -Headers @{"x-auth-token" = "GET-YOUR-OWN"; "accept" = "application/json"} -Method Get -UseBasicParsing)} | |
Get-Job -Name ($global:remoteIp + "auth") | Wait-Job | |
Get-Job -Name ($global:remoteIp + "abuse") | Wait-Job | |
Get-Job -Name ($global:remoteIp + "ipinfo") | Wait-Job | |
$authData = Get-Job -Name ($global:remoteIp + "auth") | Select Id | |
$abuseData = Get-Job -Name ($global:remoteIp + "abuse") | Select Id | |
$ipData = Get-Job -Name ($global:remoteIp + "ipinfo") | Select Id | |
$authParse = Receive-Job -Id $authData.Id | |
$abuseParse = Receive-Job -Id $abuseData.Id | |
$ipParse = Receive-Job -Id $ipData.Id | |
Write-Host "Auth0 score - low bad: "$authParse.fullip.score | |
Write-Host "AbuseIPDB score - high bad: "$abuseParse.data.abuseConfidenceScore | |
#Figure out willing risk IP, do what you want |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment