gru/ip-whois

Fork 0

Go to file

Mateusz Gruszczyński b3db12ba41 validurl in api

2026-02-05 12:49:35 +01:00

static

first commit

2026-02-05 12:11:00 +01:00

templates

validurl in api

2026-02-05 12:49:35 +01:00

.dockerignore

first commit

2026-02-05 12:11:00 +01:00

.gitignore

first commit

2026-02-05 12:11:00 +01:00

docker-compose.yml

fix docker

2026-02-05 12:13:02 +01:00

Dockerfile

fix docker

2026-02-05 12:13:02 +01:00

ip_analyzer.py

validurl in api

2026-02-05 12:49:35 +01:00

README.md

first commit

2026-02-05 12:11:32 +01:00

requirements.txt

first commit

2026-02-05 12:11:00 +01:00

README.md

IP WHOIS Analyzer Pro

IP WHOIS Analyzer Pro is a small Flask-based web application for bulk IP analysis.
It queries WHOIS/ASN data, lets you filter results, and generates ready-to-use firewall rules.

Features

Paste a free-form list of IPv4 addresses (mixed separators).
Bulk lookup via Team Cymru WHOIS, with classic WHOIS as a fallback.
Per-IP details: ASN, owner, country, network/prefix.
Interactive filters by:
- Country
- ASN
- Owner
Export of selected/filtered IPs to:
- IPSet (with timeout)
- iptables
- Nginx deny
- Apache access rules
- Firewalld rich rules
- MikroTik RouterOS address-list + firewall filter
- CIDR network list
- CSV

Requirements

Python 3.9+
System packages:
- whois (Debian/Ubuntu: sudo apt install whois)
Python packages:
- flask
- requests

You can install Python dependencies with:

pip install -r requirements.txt

(Or, if you do not use the file, install manually:)

pip install flask requests

Running the Application

python ip_analyzer.py

By default the app listens on:

Web UI: http://localhost:8799
API docs: http://localhost:8799/api

You can change host/port in ip_analyzer.py if needed.

Usage (Web UI)

Open http://localhost:8799 in your browser.
Paste IP addresses into the textarea.
- Lines, spaces, commas, semicolons and tabs are all accepted.
Click "Analyze IP Addresses".
Use the filters (countries, ASNs, owners) to narrow down results.
Select/deselect IPs in the table if you only want a subset.
Choose an export format (IPSet, iptables, Nginx, etc.) and copy or download the output.

Usage (API)

Analyze IPs

curl -X POST http://localhost:8799/api/analyze \
  -H "Content-Type: application/json" \
  -d '{"ips": "1.1.1.1, 8.8.8.8, 9.9.9.9"}'

Example in Python:

import requests

resp = requests.post(
    "http://localhost:8799/api/analyze",
    json={"ips": "1.1.1.1, 8.8.8.8, 9.9.9.9"},
)
data = resp.json()
print("Total IPs:", data["stats"]["total"])
for row in data["results"]:
    print(row["ip"], "->", row["country"], row["asn"])

Export IPSet Rules

curl -X POST http://localhost:8799/api/export/ipset \
  -H "Content-Type: application/json" \
  -d '{"ips": ["1.1.1.1", "8.8.8.8"], "timeout": 86400}'

Other export endpoints follow the same pattern:

/api/export/iptables
/api/export/nginx
/api/export/apache
/api/export/firewalld
/api/export/mikrotik
/api/export/cidr
/api/export/csv

Refer to the web API documentation at /api for full examples.

Project Structure

ip-whois-analyzer/
├── ip_analyzer.py              # Main Flask application
├── requirements.txt            # Python dependencies
├── README.md                   # This file
├── templates/
│   ├── base.html              # Base template
│   ├── index.html             # Main web interface
│   └── api.html               # API documentation
└── static/
    ├── css/
    │   └── style.css          # Custom styles
    └── js/
        ├── main.js            # Main app logic
        └── api.js             # API docs logic

Security Notes

The application is designed for local/admin use.
If you expose it externally, put it behind proper authentication and TLS.
Generated rules should be reviewed before applying to production firewalls.

License

This project is provided as-is, without any warranty.
Use at your own risk.

Languages

HTML 35.2%

Python 29.1%

JavaScript 26.7%

CSS 8.7%

Dockerfile 0.3%