go-ip-fraud-check has a feature to detect fraud from ip addresss. it provides both of cli binary and golang API.
- AbuseIPDB
- Big Data Cloud
- dbip
- IP2Proxy
- ip-api.com
- ipdata
- ipgeolocation
- ipify.org
- ipinfo.io
- IPQualityScore
- Ipregistry
- ipstack
- MaxMind minFraud
- Shodan
- Spur
Download binary from release page, or build from source:
$ git clone --depth 1 https://github.com/evalphobia/go-ip-fraud-check.git
$ cd ./go-ip-fraud-check/cmd
$ go build -o ./go-ip-fraud-check .
$ go-ip-fraud-check
Commands:
help show help
single Exec api call of ip address fraud check providers for single ip
list Exec api call of ip address fraud check providers from csv list file
providers Show supported provider types
single
command is used to check single ip address.
./go-ip-fraud-check single -h
Exec api call of ip address fraud check providers for single ip
Options:
-h, --help display help information
-p, --provider *set types of api provider (space separated) --provider='ipdata ipinfo minfraud'
-i, --ip input ip address --ip='8.8.8.8'
--route set if you need route data from IRR --route
--debug set if you need verbose logs --debug
For example, you can check ip address like below
# set auth data
$ export FRAUD_CHECK_IPDATACO_APIKEY=xxx
$ export FRAUD_CHECK_IPINFOIO_TOKEN=yyy
# check ip address
$ ./go-ip-fraud-check single -p 'ipdata ipinfo' -i 8.8.8.8
2021/10/25 00:54:26 [INFO] Use ipdata.co
2021/10/25 00:54:26 [INFO] Use ipinfo.io
{"list":[{"service_name":"ipdata.co","ip":"8.8.8.8","hostname":"","isp":"Google LLC","organization":"","asn":15169,"risk_score":0,"is_vpn":false,"is_hosting":false,"is_proxy":false,"is_tor":false,"is_bot":false,"is_bogon":false,"has_other_threat":false,"threat_comment":"","country":"US","city":"","region":"","latitude":0,"longitude":0,"error":""},{"service_name":"ipinfo.io","ip":"8.8.8.8","hostname":"dns.google","isp":"","organization":"Google LLC","asn":15169,"risk_score":0,"is_vpn":false,"is_hosting":false,"is_proxy":false,"is_tor":false,"is_bot":false,"is_bogon":false,"has_other_threat":false,"threat_comment":"","country":"US","city":"Mountain View","region":"California","latitude":37.4056,"longitude":-122.0775,"error":""}],"as_prefix":null}
list
command is used to check multiple ip address from list and save results to output file.
./go-ip-fraud-check list -h
Exec api call of ip address fraud check providers from csv list file
Options:
-h, --help display help information
-p, --provider *set types of api provider (space separated) --provider='ipdata ipinfo minfraud'
-i, --input *input csv/tsv file path --input='./input.csv'
-o, --output *output tsv file path --output='./output.tsv'
--route set if you need route data from IRR (this might be slow) --route
--interval time interval after a API call to handle rate limit (ms=msec s=sec, m=min) --interval=1.5s
-m, --parallel[=2] parallel number (multiple API calls) --parallel=2
-v, --verbose set if you need detail logs --verbose
--debug set if you use HTTP debug feature --debug
For example, you can check ip address from csv list like below
# set auth data
$ export FRAUD_CHECK_IPDATACO_APIKEY=xxx
$ export FRAUD_CHECK_IPINFOIO_TOKEN=yyy
# prepare CSV file
$ cat input.csv
ip_address
8.8.8.8
8.8.4.4
1.1.1.1
# check risk from the CSV file
$ ./go-ip-fraud-check list -p 'ipdata ipinfo' -i ./input.csv -o ./output.tsv
2021/10/25 00:58:29 [INFO] Use ipdata.co
2021/10/25 00:58:29 [INFO] Use ipinfo.io
2021/10/25 00:58:30 [INFO] exec #: [2]
2021/10/25 00:58:29 [INFO] exec #: [0]
2021/10/25 00:58:31 [INFO] exec #: [1]
$ cat output.tsv
service ip_address hostname risk_score isp organization asn country city region latitude longitude is_vpn is_hosting is_proxy is_tor is_bot is_bogon has_other_threat threat_comment error
ipdata.co 8.8.8.8 0.00000 Google LLC 15169 US 0.00000 0.00000 false false false false false false false
ipinfo.io 8.8.8.8 dns.google 0.00000 Google LLC 15169 US Mountain View California 37.40560 -122.07750 false false false false false false false
ipdata.co 8.8.4.4 0.00000 Google LLC 15169 US 0.00000 0.00000 false false false false false false false
ipinfo.io 8.8.4.4 dns.google 0.00000 Google LLC 15169 US Mountain View California 37.40560 -122.07750 false false false false false false false
ipdata.co 1.1.1.1 0.00000 Cloudflare, Inc. 13335 AU 0.00000 0.00000 false false false false false false false
ipinfo.io 1.1.1.1 one.one.one.one 0.00000 Cloudflare, Inc. 13335 US San Francisco California37.76210 -122.39710 false true false false false false false
# if provider has a rate limit, then use --interval and --parallel option.
$ ./go-ip-fraud-check list -p 'shodan' -i ./input.csv -o ./output.tsv --interval=1.2s --parallel=1
providers
command is used to see supported providers.
$ ./go-ip-fraud-check providers
[bigdatacloud ip2proxy ipdata ipgeolocation ipinfo ipqualityscore ipregistry minfraud shodan]
package main
import (
"fmt"
"github.com/evalphobia/go-ip-fraud-check/ipfraudcheck"
"github.com/evalphobia/go-ip-fraud-check/provider"
"github.com/evalphobia/go-ip-fraud-check/provider/ipdataco"
"github.com/evalphobia/go-ip-fraud-check/provider/ipinfoio"
)
func main() {
conf := ipfraudcheck.Config{
// you can set auth values to config directly, otherwise used from environment variables.
IPdatacoAPIKey: "<your ipdata.co API key>",
IPinfoioToken: "<your ipinfo.io API token>",
UseRoute: true,
Debug: false,
}
svc, err := ipfraudcheck.New(conf, []provider.Provider{
&ipdataco.IPdatacoProvider{},
&ipinfo.IPinfoioProvider{},
})
if err != nil {
panic(err)
}
// execute score API
resp, err := svc.CheckIP("8.8.8.8")
if err != nil {
panic(err)
}
for _, r := range resp.List {
// just print response in json format
b, _ := json.Marshal(r)
fmt.Printf("%s", string(b))
}
}
see example dir for more examples.
Name | Description |
---|---|
FRAUD_CHECK_ABUSEIPDB_APIKEY |
AbuseIPDB API Key. |
BIGDATACLOUD_APIKEY |
Big Data Cloud API Key. |
FRAUD_CHECK_DBIP_APIKEY |
dbip API key. |
FRAUD_CHECK_IP2PROXY_APIKEY |
ip2proxy API key. |
FRAUD_CHECK_IP2PROXY_PACKAGE |
ip2proxy package parameter. |
FRAUD_CHECK_IPDATACO_APIKEY |
ipdata.co API key. |
FRAUD_CHECK_IPGEOLOCATION_APIKEY |
ipgeolocation API key. |
FRAUD_CHECK_IPIFY_APIKEY |
ipify API key. |
FRAUD_CHECK_IPINFOIO_TOKEN |
ipinfo.io API token. |
IPQS_APIKEY |
IPQualityScore API Key. |
FRAUD_CHECK_IPSTACK_APIKEY |
ipstack API key. |
IPREGISTRY_APIKEY |
Ipregistry API Key. |
MINFRAUD_ACCOUNT_ID |
MaxMind Account ID. |
MINFRAUD_LICENSE_KEY |
MaxMind License Key. |
FRAUD_CHECK_SHODAN_APIKEY |
Shodan API Key. |
FRAUD_CHECK_SPUR_TOKEN |
spur API token. |