Skip to content

Instantly share code, notes, and snippets.

@Noirth

Noirth/ip.ps1

Created November 19, 2020 00:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Noirth/77c744a68313570dafd8503e26cd85e4 to your computer and use it in GitHub Desktop.
Save Noirth/77c744a68313570dafd8503e26cd85e4 to your computer and use it in GitHub Desktop.
Download ZIP
PowerShell IPv4 Threat Intel APIs AbuseIPDB Auth0 ipinfo.io
Raw
ip.ps1
#Just replace all of "GET-YOUR-OWN" with relevant API keys
#Credit goes to various Internet sources, also register @ https://ciphers.pw
###This is for running jobs in-process [[[START11 ; look for END11]]]
$code = @'
using System;
using System.Collections.Generic;
using System.Text;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
namespace InProcess
{
public class InMemoryJob : System.Management.Automation.Job
{
public InMemoryJob(PowerShell PowerShell, string name)
{
_PowerShell = PowerShell;
SetUpStreams(name);
}
private void SetUpStreams(string name)
{
_PowerShell.Streams.Verbose = this.Verbose;
_PowerShell.Streams.Error = this.Error;
_PowerShell.Streams.Debug = this.Debug;
_PowerShell.Streams.Warning = this.Warning;
_PowerShell.Streams.Information = this.Information;
_PowerShell.Runspace.AvailabilityChanged += new EventHandler<RunspaceAvailabilityEventArgs>(Runspace_AvailabilityChanged);
int id = System.Threading.Interlocked.Add(ref InMemoryJobNumber, 1);
if (!string.IsNullOrEmpty(name))
{
this.Name = name;
}
else
{
this.Name = "InProcessJob" + id;
}
}
void Runspace_AvailabilityChanged(object sender, RunspaceAvailabilityEventArgs e)
{
if (e.RunspaceAvailability == RunspaceAvailability.Available)
{
this.SetJobState(JobState.Completed);
}
}
PowerShell _PowerShell;
static int InMemoryJobNumber = 0;
public override bool HasMoreData
{
get {
return (Output.Count > 0);
}
}
public override string Location
{
get { return "In Process"; }
}
public override string StatusMessage
{
get { return "A new status message"; }
}
protected override void Dispose(bool disposing)
{
if (disposing)
{
if (!isDisposed)
{
isDisposed = true;
try
{
if (!IsFinishedState(JobStateInfo.State))
{
StopJob();
}
foreach (Job job in ChildJobs)
{
job.Dispose();
}
}
finally
{
base.Dispose(disposing);
}
}
}
}
private bool isDisposed = false;
internal bool IsFinishedState(JobState state)
{
return (state == JobState.Completed || state == JobState.Failed || state == JobState.Stopped);
}
public override void StopJob()
{
_PowerShell.Stop();
_PowerShell.EndInvoke(_asyncResult);
SetJobState(JobState.Stopped);
}
public void Start()
{
_asyncResult = _PowerShell.BeginInvoke<PSObject, PSObject>(null, Output);
SetJobState(JobState.Running);
}
IAsyncResult _asyncResult;
public void WaitJob()
{
_asyncResult.AsyncWaitHandle.WaitOne();
}
public void WaitJob(TimeSpan timeout)
{
_asyncResult.AsyncWaitHandle.WaitOne(timeout);
}
}
}
'@
Add-Type -TypeDefinition $code
function Start-JobInProcess
{
[CmdletBinding()]
param
(
[scriptblock] $ScriptBlock,
$ArgumentList,
[string] $Name
)
function Get-JobRepository
{
[cmdletbinding()]
param()
$pscmdlet.JobRepository
}
function Add-Job
{
[cmdletbinding()]
param
(
$job
)
$pscmdlet.JobRepository.Add($job)
}
$PowerShell = [PowerShell]::Create().AddScript($ScriptBlock)
if ($ArgumentList)
{
$ArgumentList | ForEach-Object {
$PowerShell.AddArgument($_)
}
}
$MemoryJob = New-Object InProcess.InMemoryJob $PowerShell, $Name
$MemoryJob.Start()
Add-Job $MemoryJob
$MemoryJob
}
###This is for running jobs in-process [[[END11 ; look for START11]]]
#This is going to remove any completed jobs just because
Remove-Job -State Completed | Out-Null
#Was checking jobs for debugging
#Get-Job
#Clean console
Clear-Host
#Ask for IPv4 address e.g. 8.8.8.8
Write-Host -NoNewline "IPv4 address: "
#Read input, IP address
$global:remoteIp = Read-Host
#Take the progress-bar out of invoked webreqs
$ProgressPreference = 'SilentlyContinue'
Start-JobInProcess -Name ($global:remoteIp + "ipinfo") -ArgumentList $global:remoteIp {(Invoke-WebRequest -Uri ("https://ipinfo.io/" + $args[0] + "?token=GET-YOUR-OWN")).content}
#This goes in -Body
#$json = @"{"alert_policy":[{"enabled":"true"}]"@
#############################
#############################
#AbuseIPDB as a source below
#############################
#############################
$ProgressPreference = 'SilentlyContinue'
Start-JobInProcess -Name ($global:remoteIp + "abuse") -ArgumentList $global:remoteIp {(Invoke-RestMethod -Uri "https://api.abuseipdb.com/api/v2/check" -Body @{"ipAddress" = $args[0]} -ContentType "application/json" -Headers @{"Key" = "GET-YOUR-OWN"; "Accept" = "application/json"} -Method Get -UseBasicParsing)}
#############################
#############################
#Auth0 as a source below
#############################
#############################
$ProgressPreference = 'SilentlyContinue'
Start-JobInProcess -Name ($global:remoteIp + "auth") -ArgumentList $global:remoteIp {(Invoke-RestMethod -Uri ("https://signals.api.auth0.com/v2.0/ip/" + $args[0]) -ContentType "application/json" -Headers @{"x-auth-token" = "GET-YOUR-OWN"; "accept" = "application/json"} -Method Get -UseBasicParsing)}
Get-Job -Name ($global:remoteIp + "auth") | Wait-Job
Get-Job -Name ($global:remoteIp + "abuse") | Wait-Job
Get-Job -Name ($global:remoteIp + "ipinfo") | Wait-Job
$authData = Get-Job -Name ($global:remoteIp + "auth") | Select Id
$abuseData = Get-Job -Name ($global:remoteIp + "abuse") | Select Id
$ipData = Get-Job -Name ($global:remoteIp + "ipinfo") | Select Id
$authParse = Receive-Job -Id $authData.Id
$abuseParse = Receive-Job -Id $abuseData.Id
$ipParse = Receive-Job -Id $ipData.Id
Write-Host "Auth0 score - low bad: "$authParse.fullip.score
Write-Host "AbuseIPDB score - high bad: "$abuseParse.data.abuseConfidenceScore
#Figure out willing risk IP, do what you want
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment