search

TheresAFewConors / Sooty

The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
GNU General Public License v3.0
1.31k stars 205 forks source link

Ip blacklists #46

Closed naveci closed 4 years ago

naveci commented 4 years ago

Description

Provide a brief description of what changes you have made / what issue this fixes.

Includes a way to check an IP against blacklists. The blacklists are defined in the config/iplists.json file. This can easily be extended by adding new sites to the json code in this file. Make sure to add fill in the additional properties as these are presented to the user.

Does this fix a known existing bug under Issues?

If this fixes or provides some coverage over an existing issue, please make that clear here. N/A

Type of Change

Please delete any options that do not apply here:

Any further info related to the addition

Provide any additional details that seem relevant here if necessary, otherwise either delete or leave this section blank.

Through this function, it would be possible to also do the TOR check as lists exist for this. A good repo to check for up to date lists is firehol.

TheresAFewConors commented 4 years ago

Example image of output: image

I think it would make more sense to add the TOR node check to the existing TOR node report to keep these together. These can be differentiated with which lists are checked; This is not a high priority though.