143 lines
3.5 KiB
Markdown
143 lines
3.5 KiB
Markdown
# IP WHOIS Analyzer Pro
|
|
|
|
IP WHOIS Analyzer Pro is a small Flask-based web application for bulk IP analysis.
|
|
It queries WHOIS/ASN data, lets you filter results, and generates ready-to-use firewall rules.
|
|
|
|
## Features
|
|
|
|
- Paste a free-form list of IPv4 addresses (mixed separators).
|
|
- Bulk lookup via Team Cymru WHOIS, with classic WHOIS as a fallback.
|
|
- Per-IP details: ASN, owner, country, network/prefix.
|
|
- Interactive filters by:
|
|
- Country
|
|
- ASN
|
|
- Owner
|
|
- Export of selected/filtered IPs to:
|
|
- IPSet (with timeout)
|
|
- iptables
|
|
- Nginx `deny`
|
|
- Apache access rules
|
|
- Firewalld rich rules
|
|
- MikroTik RouterOS address-list + firewall filter
|
|
- CIDR network list
|
|
- CSV
|
|
|
|
## Requirements
|
|
|
|
- Python 3.9+
|
|
- System packages:
|
|
- `whois` (Debian/Ubuntu: `sudo apt install whois`)
|
|
- Python packages:
|
|
- `flask`
|
|
- `requests`
|
|
|
|
You can install Python dependencies with:
|
|
|
|
```bash
|
|
pip install -r requirements.txt
|
|
```
|
|
|
|
(Or, if you do not use the file, install manually:)
|
|
|
|
```bash
|
|
pip install flask requests
|
|
```
|
|
|
|
## Running the Application
|
|
|
|
```bash
|
|
python ip_analyzer.py
|
|
```
|
|
|
|
By default the app listens on:
|
|
|
|
- Web UI: <http://localhost:5000>
|
|
- API docs: <http://localhost:5000/api>
|
|
|
|
You can change host/port in `ip_analyzer.py` if needed.
|
|
|
|
## Usage (Web UI)
|
|
|
|
1. Open <http://localhost:5000> in your browser.
|
|
2. Paste IP addresses into the textarea.
|
|
- Lines, spaces, commas, semicolons and tabs are all accepted.
|
|
3. Click **"Analyze IP Addresses"**.
|
|
4. Use the filters (countries, ASNs, owners) to narrow down results.
|
|
5. Select/deselect IPs in the table if you only want a subset.
|
|
6. Choose an export format (IPSet, iptables, Nginx, etc.) and copy or download the output.
|
|
|
|
## Usage (API)
|
|
|
|
### Analyze IPs
|
|
|
|
```bash
|
|
curl -X POST http://localhost:5000/api/analyze \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"ips": "1.1.1.1, 8.8.8.8, 9.9.9.9"}'
|
|
```
|
|
|
|
Example in Python:
|
|
|
|
```python
|
|
import requests
|
|
|
|
resp = requests.post(
|
|
"http://localhost:5000/api/analyze",
|
|
json={"ips": "1.1.1.1, 8.8.8.8, 9.9.9.9"},
|
|
)
|
|
data = resp.json()
|
|
print("Total IPs:", data["stats"]["total"])
|
|
for row in data["results"]:
|
|
print(row["ip"], "->", row["country"], row["asn"])
|
|
```
|
|
|
|
### Export IPSet Rules
|
|
|
|
```bash
|
|
curl -X POST http://localhost:5000/api/export/ipset \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"ips": ["1.1.1.1", "8.8.8.8"], "timeout": 86400}'
|
|
```
|
|
|
|
Other export endpoints follow the same pattern:
|
|
|
|
- `/api/export/iptables`
|
|
- `/api/export/nginx`
|
|
- `/api/export/apache`
|
|
- `/api/export/firewalld`
|
|
- `/api/export/mikrotik`
|
|
- `/api/export/cidr`
|
|
- `/api/export/csv`
|
|
|
|
Refer to the web API documentation at `/api` for full examples.
|
|
|
|
## Project Structure
|
|
|
|
```
|
|
ip-whois-analyzer/
|
|
├── ip_analyzer.py # Main Flask application
|
|
├── requirements.txt # Python dependencies
|
|
├── README.md # This file
|
|
├── templates/
|
|
│ ├── base.html # Base template
|
|
│ ├── index.html # Main web interface
|
|
│ └── api.html # API documentation
|
|
└── static/
|
|
├── css/
|
|
│ └── style.css # Custom styles
|
|
└── js/
|
|
├── main.js # Main app logic
|
|
└── api.js # API docs logic
|
|
```
|
|
|
|
## Security Notes
|
|
|
|
- The application is designed for local/admin use.
|
|
- If you expose it externally, put it behind proper authentication and TLS.
|
|
- Generated rules should be reviewed before applying to production firewalls.
|
|
|
|
## License
|
|
|
|
This project is provided as-is, without any warranty.
|
|
Use at your own risk.
|