-
-
Save lichnak/c0623f9e16b45f07d71595198726909e to your computer and use it in GitHub Desktop.
Report infected hosts by count from Greynoise.io data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # !/usr/bin/env python | |
| # gnMonthlyInfected.py | |
| # | |
| # Report statistics on monthly infections | |
| # in a specified Autonomous System as seen | |
| # by Greynoise.io | |
| # | |
| # Requires: Greynoise API key | |
| # | |
| # Example: python3 gnMonthlyInfected.py AS12345 | |
| # | |
| import sys | |
| import json | |
| import requests | |
| from collections import Counter, defaultdict | |
| from pprint import pprint | |
| headers = {'key': 'GREYNOISE API KEY GOES HERE'} | |
| asn = sys.argv[1] | |
| print("Looking up "+ str(asn)) | |
| asrankraw = requests.get('http://as-rank.caida.org/api/v1/asns/' + asn.split('AS')[1]) | |
| asrank = asrankraw.json() | |
| print("Finding infection stats for " + asrank['data']['org']['name']) | |
| asnraw = requests.get('https://research.api.greynoise.io/v2/infections/asn/' + asn, headers = headers) #V2 IP API lookup | |
| asndata = asnraw.json() | |
| tagstats = defaultdict(int) | |
| for i in asndata: | |
| tagstats[str(i['tag_name'])] += 1 | |
| sorted_tags = [x for x in tagstats.items()] | |
| sorted_tags.sort(key=lambda x: x[1]) | |
| sorted_tags.reverse() | |
| pprint(sorted_tags) | |
| print("Total infected hosts in " + str(asn) + ": " + str(sum(n for _, n in sorted_tags))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment