error while query for IP intel

[totoroha]

This is the error that i have on my machine:

python tih.py -ip x.x.x.x Traceback (most recent call last): File "tih.py", line 4, in from lib.parse import * File "C:\Users\jason\Downloads\Threat-Intelligence-Hunter-master\Threat-Intelligence-Hunter-master\lib\parse.py", line 8, in import requests ImportError: No module named requests

How do i fix this?

[abhinavbom]

please do a 'pip install requests'. The module seems to be missing in your environment.

[totoroha]

Let me google first. Thanks Abhinavbom

[totoroha]

I'm able to fix the problem. and added the API key from urlvoid to the script as below:

---

API Key . Key can be obtained from api.urlvoid.com

api_key = 'xxxx'+'/' if api_key == '/': print "Please add your Urlvoid API key" sys.exit()

and do the python tih.py -update, and got the following error:

---

TOR Exit node IP TOR Exit node IP_20190130-110738.txt Building database Traceback (most recent call last): File "tih.py", line 62, in main() File "tih.py", line 59, in main gather() File "C:\Users\jason\Downloads\Threat-Intelligence-Hunter-master\Threat-Intelligence-Hunter-master\lib\updatefeed.py", line 32, in gather proxies={'http': HTTP_PROXY, 'https': HTTPS_PROXY}) File "C:\Python27\lib\site-packages\requests\api.py", line 75, in get return request('get', url, params=params, kwargs) File "C:\Python27\lib\site-packages\requests\api.py", line 60, in request return session.request(method=method, url=url, kwargs) File "C:\Python27\lib\site-packages\requests\sessions.py", line 533, in request resp = self.send(prep, send_kwargs) File "C:\Python27\lib\site-packages\requests\sessions.py", line 646, in send r = adapter.send(request, kwargs) File "C:\Python27\lib\site-packages\requests\adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='check.torproject.org', port=443): Max retries exceeded with url: /exit-addresses (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)'),))

[abhinavbom]

It seems like you are not able to connect to https connections. Can you go the line number 47 of lib/feeds.py and remove the below two lines:

TOR exit nodes

tor_exit_nodes = "https://check.torproject.org/exit-addresses"

If you get SSL error for any other URL in feed, then repeat the same step.

[totoroha]

Thanks. Sorry to bother you, but another error for me ^^

Total scanned indicators 46325 Connecting to Virustotal looking for IP xxxx Traceback (most recent call last): File "tih.py", line 62, in main() File "tih.py", line 42, in main vt_ip(args.ip) File "C:\Users\jason\Downloads\Threat-Intelligence-Hunter-master\Threat-Intelligence-Hunter-master\api\vt.py", line 53, in vt_ip print ip + "---Not found in VT" TypeError: can only concatenate list (not "str") to list

[abhinavbom]

It seems like the IP you searched for isn't available on Virustotal. What commandline arguement did you pass?

[totoroha]

python tih.py -ip x.x.x.x. I checked the IP address,you're correct. The IP is not available on VT database. Tested new ip with your script, and this is result from VT. https://www.virustotal.com/#/ip-address/183.90.245.34 result from your script: Connecting with http://www.ciarmy.com/list/ci-badguys.txt Total scanned indicators 46434 Connecting to Virustotal looking for IP 183.90.245.34

IP is not found in VT, but here is some info

Owner: SAKURA Internet Inc. Country: JP

[abhinavbom]

So you mean that the IP was present in VT, but the script said that there are no details about the IP in VT. Is that correct?

[totoroha]

take the IP above as an example, and you will see what i mean ^_^