Last active
April 12, 2023 16:52
-
-
Save superducktoes/139b6658b7cf2e8f66972bf7f94f5ec7 to your computer and use it in GitHub Desktop.
Lookup IP's in a given file against GreyNoise
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import fileinput | |
| import re | |
| from greynoise import GreyNoise | |
| # command usage: cat <file_ips>.txt| python3 file_ips_lookup.py | |
| # parses a file line by line to extract IP's | |
| def parse_results(greynoise_results): | |
| for i in greynoise_results: | |
| print("IP: {} - Noise Status: {} - RIOT Status: {}".format(i["ip"], i["noise"], i["riot"])) | |
| if(i["code"] == "0x01"): | |
| count["noise"] = count["noise"] + 1 | |
| if(i["code"] == "0x09"): | |
| count["riot"] = count["riot"] + 1 | |
| if(i["code"] == "0x00"): | |
| count["none"] = count["none"] + 1 | |
| api_client = GreyNoise(api_key="<api_key>") | |
| ip_list = [] | |
| count = {"noise": 0, "riot": 0, "none": 0} | |
| # Parse lines of file into array | |
| for line in fileinput.input(): | |
| ip = re.findall( r'[0-9]+(?:\.[0-9]+){3}', line ) | |
| if ip: | |
| for i in ip: | |
| ip_list.append(i) | |
| if(len(ip_list) < 1000): | |
| # post the results to GreyNoise | |
| greynoise_results = api_client.quick(ip_list) | |
| parse_results(greynoise_results) | |
| print("\nTotals: {}".format(count)) | |
| else: | |
| # break the list into chunks of 1000 to post to greynoise | |
| start = 0 | |
| end = len(ip_list) | |
| step = 1000 | |
| for i in range(start, end, step): | |
| x = i | |
| greynoise_results = api_client.quick(ip_list[x:x+step]) | |
| parse_results(greynoise_results) | |
| print("\nTotals: {}".format(count)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment