Use this tool when you need to parse data from multiple botnet report feeds or scan phishing site lists for 'alive-worthy' responses. It will output IPs grouped in lists by ASN, appending available contacts to the top.
- Install python if you do not already have it in your system. Tested with versions: 3.8.1, ...
- Install by cloning this repo; (
git clone) - Install dependencies from /requirements.txt; (
pip install -r requirements.txt)
- Put all of the .csv report files into a folder
/source/IO. Names and extentions don't matter for .csv type, but for .txt must be called 'input.txt'. Other txts will be ignored; - Run a main script:
- for botnet parsing run /BotSourceFilter.py
- for phishing activity checkup run /IsPhishingAlive.py
- Select file type by typing "-csv" into terminal input if the files are csv. If input left empty, type to read will be .txt by default.
- Your output will be stored as .txt files inside the
/source/IOfolder, each named by ASN name. - Output is grouped into folders by ASN abuse emails and log chunk size.
- IO folder is scanned for ALL .csv, if you pick csv format. So delete the unused one before new scans. Otherwise new lists will include all of the logs.
- Approximate maximum per single scan would theoretically be around 100k log lines. But not tested yet. If higher than that amount, might get IP banned from the whois service.
- parallelize whois rdap requests using asyncio