first commit

2026-02-05 12:11:00 +01:00
commit a547894adc
13 changed files with 2335 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,142 @@
+# IP WHOIS Analyzer Pro
+
+IP WHOIS Analyzer Pro is a small Flask-based web application for bulk IP analysis.  
+It queries WHOIS/ASN data, lets you filter results, and generates ready-to-use firewall rules.
+
+## Features
+
+- Paste a free-form list of IPv4 addresses (mixed separators).
+- Bulk lookup via Team Cymru WHOIS, with classic WHOIS as a fallback.
+- Per-IP details: ASN, owner, country, network/prefix.
+- Interactive filters by:
+  - Country
+  - ASN
+  - Owner
+- Export of selected/filtered IPs to:
+  - IPSet (with timeout)
+  - iptables
+  - Nginx `deny`
+  - Apache access rules
+  - Firewalld rich rules
+  - MikroTik RouterOS address-list + firewall filter
+  - CIDR network list
+  - CSV
+
+## Requirements
+
+- Python 3.9+  
+- System packages:
+  - `whois` (Debian/Ubuntu: `sudo apt install whois`)  
+- Python packages:
+  - `flask`
+  - `requests`
+
+You can install Python dependencies with:
+
+```bash
+pip install -r requirements.txt
+```
+
+(Or, if you do not use the file, install manually:)
+
+```bash
+pip install flask requests
+```
+
+## Running the Application
+
+```bash
+python ip_analyzer.py
+```
+
+By default the app listens on:
+
+- Web UI: <http://localhost:5000>  
+- API docs: <http://localhost:5000/api>
+
+You can change host/port in `ip_analyzer.py` if needed.
+
+## Usage (Web UI)
+
+1. Open <http://localhost:5000> in your browser.
+2. Paste IP addresses into the textarea.  
+   - Lines, spaces, commas, semicolons and tabs are all accepted.
+3. Click **"Analyze IP Addresses"**.
+4. Use the filters (countries, ASNs, owners) to narrow down results.
+5. Select/deselect IPs in the table if you only want a subset.
+6. Choose an export format (IPSet, iptables, Nginx, etc.) and copy or download the output.
+
+## Usage (API)
+
+### Analyze IPs
+
+```bash
+curl -X POST http://localhost:5000/api/analyze \
+  -H "Content-Type: application/json" \
+  -d '{"ips": "1.1.1.1, 8.8.8.8, 9.9.9.9"}'
+```
+
+Example in Python:
+
+```python
+import requests
+
+resp = requests.post(
+    "http://localhost:5000/api/analyze",
+    json={"ips": "1.1.1.1, 8.8.8.8, 9.9.9.9"},
+)
+data = resp.json()
+print("Total IPs:", data["stats"]["total"])
+for row in data["results"]:
+    print(row["ip"], "->", row["country"], row["asn"])
+```
+
+### Export IPSet Rules
+
+```bash
+curl -X POST http://localhost:5000/api/export/ipset \
+  -H "Content-Type: application/json" \
+  -d '{"ips": ["1.1.1.1", "8.8.8.8"], "timeout": 86400}'
+```
+
+Other export endpoints follow the same pattern:
+
+- `/api/export/iptables`
+- `/api/export/nginx`
+- `/api/export/apache`
+- `/api/export/firewalld`
+- `/api/export/mikrotik`
+- `/api/export/cidr`
+- `/api/export/csv`
+
+Refer to the web API documentation at `/api` for full examples.
+
+## Project Structure
+
+```
+ip-whois-analyzer/
+├── ip_analyzer.py              # Main Flask application
+├── requirements.txt            # Python dependencies
+├── README.md                   # This file
+├── templates/
+│   ├── base.html              # Base template
+│   ├── index.html             # Main web interface
+│   └── api.html               # API documentation
+└── static/
+    ├── css/
+    │   └── style.css          # Custom styles
+    └── js/
+        ├── main.js            # Main app logic
+        └── api.js             # API docs logic
+```
+
+## Security Notes
+
+- The application is designed for local/admin use.
+- If you expose it externally, put it behind proper authentication and TLS.
+- Generated rules should be reviewed before applying to production firewalls.
+
+## License
+
+This project is provided as-is, without any warranty.  
+Use at your own risk.