Feature request: add option to always query IPQualityScore and pass settings

[Vanav]

IPQualityScore provides a lot of useful information on abuse IP. Please, add option to always query it. Also add an option to pass settings string, like strictness=1&allow_public_access_points=false

For example, abuser IP 77.83.36.16 currently displays REP ✓ NONE, but with enabled IPQualityScore it will display REP ❌ BAD (Threat Score 87%) RECENT ABUSER PROXY. Passing strictness=1 will give even better results: REP ❌ BAD (Threat Score 100%) RECENT ABUSER BOT PROXY.

[nitefood]

Hey @Vanav,

good suggestion, I like it. Also quick to implement.

I will keep the default behavior as-is (only query IQS when SFS triggers a bad rep result), but I definitely like the idea, especially since there are multiple cases when SFS is a miss and IQS is a hit.

I will add this as an .asnrc setting (IQS_ALWAYS_QUERY=true) to accomodate both those who want to spare their IQS credits, and those like you who want to have the tool query IQS for every target. I'll also factor in a custom settings string (e.g. IQS_CUSTOM_SETTINGS="strictness=1&allow_public_access_points=false") in the settings file to accomodate for user's preferred strictness and such. Never thought anyone would want to deviate from the defaults, but again, sounds good so why not.

Thanks for your input!

[Vanav]

Thank you! I've noticed that default strictness=0 doesn't detect BOT in my test, seems because it accounts only 24-48 hours reputation, and strictness 1-3 have longer period.

[nitefood]

Thank you! I've noticed that default strictness=0 doesn't detect BOT in my test, seems because it accounts only 24-48 hours reputation, and strictness 1-3 have longer period.

Very interesting. I had never digged in-depth into IQS settings, but that sounds like something you'd want as a default. Will consider doing so in the future. Thanks!