# IP WHOIS Analyzer Pro

IP WHOIS Analyzer Pro is a small Flask-based web application for bulk IP analysis.  
It queries WHOIS/ASN data, lets you filter results, and generates ready-to-use firewall rules.

## Features

- Paste a free-form list of IPv4 addresses (mixed separators).
- Bulk lookup via Team Cymru WHOIS, with classic WHOIS as a fallback.
- Per-IP details: ASN, owner, country, network/prefix.
- Interactive filters by:
  - Country
  - ASN
  - Owner
- Export of selected/filtered IPs to:
  - IPSet (with timeout)
  - iptables
  - Nginx `deny`
  - Apache access rules
  - Firewalld rich rules
  - MikroTik RouterOS address-list + firewall filter
  - CIDR network list
  - CSV

## Requirements

- Python 3.9+  
- System packages:
  - `whois` (Debian/Ubuntu: `sudo apt install whois`)  
- Python packages:
  - `flask`
  - `requests`

You can install Python dependencies with:

```bash
pip install -r requirements.txt
```

(Or, if you do not use the file, install manually:)

```bash
pip install flask requests
```

## Running the Application

```bash
python ip_analyzer.py
```

By default the app listens on:

- Web UI: <http://localhost:8799>  
- API docs: <http://localhost:8799/api>

You can change host/port in `ip_analyzer.py` if needed.

## Usage (Web UI)

1. Open <http://localhost:8799> in your browser.
2. Paste IP addresses into the textarea.  
   - Lines, spaces, commas, semicolons and tabs are all accepted.
3. Click **"Analyze IP Addresses"**.
4. Use the filters (countries, ASNs, owners) to narrow down results.
5. Select/deselect IPs in the table if you only want a subset.
6. Choose an export format (IPSet, iptables, Nginx, etc.) and copy or download the output.

## Usage (API)

### Analyze IPs

```bash
curl -X POST http://localhost:8799/api/analyze \
  -H "Content-Type: application/json" \
  -d '{"ips": "1.1.1.1, 8.8.8.8, 9.9.9.9"}'
```

Example in Python:

```python
import requests

resp = requests.post(
    "http://localhost:8799/api/analyze",
    json={"ips": "1.1.1.1, 8.8.8.8, 9.9.9.9"},
)
data = resp.json()
print("Total IPs:", data["stats"]["total"])
for row in data["results"]:
    print(row["ip"], "->", row["country"], row["asn"])
```

### Export IPSet Rules

```bash
curl -X POST http://localhost:8799/api/export/ipset \
  -H "Content-Type: application/json" \
  -d '{"ips": ["1.1.1.1", "8.8.8.8"], "timeout": 86400}'
```

Other export endpoints follow the same pattern:

- `/api/export/iptables`
- `/api/export/nginx`
- `/api/export/apache`
- `/api/export/firewalld`
- `/api/export/mikrotik`
- `/api/export/cidr`
- `/api/export/csv`

Refer to the web API documentation at `/api` for full examples.

## Project Structure

```
ip-whois-analyzer/
├── ip_analyzer.py              # Main Flask application
├── requirements.txt            # Python dependencies
├── README.md                   # This file
├── templates/
│   ├── base.html              # Base template
│   ├── index.html             # Main web interface
│   └── api.html               # API documentation
└── static/
    ├── css/
    │   └── style.css          # Custom styles
    └── js/
        ├── main.js            # Main app logic
        └── api.js             # API docs logic
```

## Security Notes

- The application is designed for local/admin use.
- If you expose it externally, put it behind proper authentication and TLS.
- Generated rules should be reviewed before applying to production firewalls.

## License

This project is provided as-is, without any warranty.  
Use at your own risk.