Press "Enter" to skip to content

Bulk IP Reputation Check using Security Websites and Open Source Scripts


Last updated on April 25, 2020

This topic has been haunted in my mind for quite a while. As an information security guy, we got tons of reports about end point activities. One of them is the website ip or urls they were accessing. A typical network abnormal behaviour for an infected or compromised end point is huge amount of accessing malicious ip or bad reputation websites.

For many investigations, I can generate an ip list but how to quickly find out the ip reputation is a challenge for me.

That is why I am writing this post today. I am still checking those websites or scripts, hopefully I can get a good understanding then comes out my own script to do this job.

Here are some good online resources: – Simple IP and Domain Reputation Tracking System – Mostly focus on email reputation. It will use following online services to do a search;

  • SpamCop
  • Barracuda
  • SenderSscore
  • SenderBase

[root@linux-centos-client1 ~]# yum install git
[root@linux-centos-client1 ~]# rm -r -d -f TekDefense-Automater/
[root@linux-centos-client1 ~]# git clone
Cloning into ‘TekDefense-Automater’…
remote: Enumerating objects: 260, done.
remote: Total 260 (delta 0), reused 0 (delta 0), pack-reused 260
Receiving objects: 100% (260/260), 136.82 KiB | 0 bytes/s, done.
Resolving deltas: 100% (143/143), done.
[root@linux-centos-client1 ~]# ls
[root@linux-centos-client1 ~]# cd TekDefense-Automater/
[root@linux-centos-client1 TekDefense-Automater]# ls  tekdefense.xml
docs          LICENSE   sites.xml

[root@linux-centos-client1 TekDefense-Automater]# python -h

[root@linux-centos-client1 TekDefense-Automater]# python test.txt -o test.out -c test.csv -w test.html -d 10

YouTube Video:

Leave a Reply

%d bloggers like this: